ARBUC — Privacy Policy

Effective Date: April 1, 2026 | Last Updated: March 27, 2026

1. Introduction

Welcome to ARBUC. This Privacy Policy explains how ARBUC ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our mobile application (the "App"). We are committed to safeguarding your privacy and being transparent about our data practices.

By downloading, installing, or using ARBUC, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use the App.

This Privacy Policy applies to all users of the ARBUC mobile application, regardless of location. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for California residents, and other applicable privacy regulations.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: When you create an account, we collect your email address and password. Your password is securely hashed by Firebase Authentication and is never stored in plain text. If you sign in using Google or Apple, we receive your name and email address (or an Apple relay email address if you choose "Hide My Email") from the respective provider. We do not receive or store your Google or Apple password.
Scan Content: When you use the App to scan an item, we process the photograph you capture or upload from your gallery. We also collect any optional notes you add to provide context for the scan (e.g., "2018 model, 85k miles").
User Preferences: Settings and preferences you configure within the App.

2.2 Information Collected Automatically

Device Location: With your explicit permission, we collect your approximate location (city/region level) to provide location-relevant pricing information. You can deny or revoke location access at any time through your device settings. The App remains functional without location data.
Usage Data: We collect information about how you use the App, including the number of scans performed, scan categories (e.g., electronics, vehicles, apparel), response times, and general usage patterns. This data is used to improve App performance and is not linked to your identity for advertising purposes.
Device Information: We may collect basic device information such as device type, operating system version, and app version for compatibility and troubleshooting purposes.

2.3 Information We Do Not Collect

We do not collect your name, phone number, physical address, or government-issued identification.
We do not access your contacts, calendar, microphone, or any other device sensors beyond the camera and location services described above.
We do not collect health, fitness, financial account, or biometric data.
We do not track you across other apps or websites.

3. How We Use Your Information

We use the information we collect for the following purposes:

Core App Functionality: To identify items you scan, estimate their market value, provide price references and links, and deliver AI-powered analysis.
Account Management: To authenticate your identity, manage your subscription status, and enforce scan limits.
Scan History: To store your past scans so you can view them later.
Caching: To cache scan results on our server for up to 72 hours so that repeated scans of similar items return faster results and reduce processing costs.
Service Improvement: To analyze aggregated, anonymized usage patterns to improve accuracy, speed, and overall App experience.
Advertising: To display ads to free-tier users through Google AdMob (see Section 5 for details).
Customer Support: To respond to inquiries or troubleshoot issues you report.

We do not use your personal information for automated decision-making that produces legal effects or similarly significant effects on you. Our AI-powered valuations are informational estimates only and do not constitute financial advice, appraisals, or purchase recommendations.

4. How We Process Your Scans

When you scan an item, the following process occurs:

Image Transmission: Your photograph is sent securely over HTTPS to our backend server hosted on Google Cloud (Firebase Cloud Functions).
AI Processing: Our server sends the image to Anthropic's Claude API for item identification and valuation. Claude uses web search to find current market pricing from publicly available sources.
Result Delivery: The analysis results are returned to your device and, if applicable, saved to your scan history in Firebase Firestore.
Image Retention: Scanned images are processed in transit and are not permanently stored on our servers. Cached results contain text data only (item identification and pricing), not the original photograph.

Anthropic, the provider of the Claude AI service, processes image data in accordance with their own privacy policy and data handling practices. Anthropic does not use data submitted through their API to train their AI models. You can review Anthropic's privacy policy at anthropic.com/privacy.

5. Advertising

ARBUC displays advertisements to users on the free tier. We use Google AdMob, Google's mobile advertising platform, to serve these ads.

5.1 What AdMob Collects

When ads are displayed, Google AdMob may collect the following information:

Device advertising identifier (IDFA on iOS, which requires your explicit consent via Apple's App Tracking Transparency prompt)
IP address (used for approximate location-based ad targeting)
Device information (model, OS version, screen size)
Ad interaction data (impressions, clicks)

Google AdMob uses this information to serve relevant advertisements. Google's use of this data is governed by Google's Privacy Policy.

5.2 Your Choices About Ads

Opt Out of Personalized Ads: You can opt out of personalized advertising through your device settings (Settings → Privacy & Security → Tracking on iOS).
Upgrade to Premium: Premium subscribers see zero advertisements. Upgrading removes all ad-related data collection by AdMob within the App.

5.3 Ad Formats

The App uses three ad formats for free-tier users: interstitial ads displayed during the scan loading screen, small banner ads at the bottom of the results screen and scan history screen, and optional rewarded video ads that users can choose to watch in exchange for bonus scans. Premium users are never shown ads of any kind.

6. Subscriptions and Payments

6.1 ARBUC Premium

ARBUC offers two auto-renewable subscription plans:

Monthly: $7.99 per month. You will be charged immediately upon subscribing. No free trial.
Yearly: $49.99 per year. Includes a 7-day free trial. After the trial ends, you will be automatically charged $49.99/year.

6.2 Auto-Renewal

All subscriptions auto-renew unless cancelled at least 24 hours before the end of the current billing period. Payment will be charged to your Apple ID account at confirmation of purchase. Your account will be charged for renewal within 24 hours prior to the end of the current period at the same price.

6.3 Managing and Cancelling Subscriptions

You can manage or cancel your subscription at any time through your Apple ID account settings. Go to Settings → [Your Name] → Subscriptions on your iPhone or iPad. Cancellation takes effect at the end of the current billing period — you will retain access to premium features until then.

6.4 Terms of Use

Use of ARBUC is subject to Apple's Standard End User License Agreement (EULA): https://www.apple.com/legal/internet-services/itunes/dev/stdeula/

7. Third-Party Services

We use the following third-party services to operate the App. Each service processes data as described below and in accordance with their own privacy policies:

Firebase (Google): Provides user authentication (including email/password, Google Sign-In, and Apple Sign-In), cloud database (Firestore), and cloud server hosting (Cloud Functions). Data is stored on Google's servers in the United States. Firebase's privacy practices are governed by Google's Privacy Policy.
Google Sign-In: If you choose to sign in with Google, Google provides us with your name and email address to create or access your account. Google's use of your data is governed by Google's Privacy Policy.
Apple Sign-In: If you choose to sign in with Apple, Apple provides us with your name and email address (or a private relay email if you choose "Hide My Email") to create or access your account. Apple's use of your data is governed by Apple's Privacy Policy.
Anthropic (Claude API): Provides AI-powered item identification and valuation. Anthropic processes scan images and text to generate results. Anthropic does not use API-submitted data to train its models.
Google AdMob: Provides advertising services for free-tier users, as described in Section 5.
RevenueCat: Manages in-app subscription purchases. RevenueCat processes transaction data provided by Apple's App Store to verify and manage your subscription status. RevenueCat does not receive your payment card details.
Apple App Store: Processes all payments for Premium subscriptions. Payment information (credit card, Apple Pay) is handled entirely by Apple and is never shared with us.

We require that all third-party service providers handle your data with protections consistent with this Privacy Policy and applicable law. We do not sell your personal information to any third party, and we do not share your data with data brokers.

8. Data Storage and Security

7.1 Where Your Data Is Stored

Your data is stored on Firebase (Google Cloud) servers located in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. For users in the European Economic Area, this transfer is conducted under appropriate safeguards as required by the GDPR, including Google's standard contractual clauses.

7.2 How We Protect Your Data

All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
Your password is securely hashed by Firebase Authentication and is never stored in plain text.
Our backend API key is stored as an encrypted secret on our server and is never exposed to client devices.
Firebase Firestore security rules ensure that each user can only access their own data.
Server-side rate limiting prevents abuse of our services.

While we implement reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7.3 Data Retention

Account Data: Retained for as long as your account is active. You may request deletion at any time (see Section 10).
Scan History: Retained for as long as your account is active, unless you manually delete individual scans or request full account deletion.
Cached Results: Automatically deleted after 72 hours.
Server Analytics: Aggregated usage statistics (scan counts, categories, response times) are retained for up to 12 months for service improvement. These records do not contain photographs or personally identifiable information beyond a hashed user identifier.

9. Children's Privacy

ARBUC is not directed at children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages. If we learn that we have inadvertently collected data from a child under the applicable age, we will promptly delete that information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at the email address listed in Section 14.

10. Your Rights and Choices

9.1 All Users

Regardless of your location, you have the following rights:

Access: You can view your scan history and account information within the App at any time.
Deletion: You can delete individual scans from your history within the App. You can also request complete deletion of your account and all associated data by contacting us.
Location: You can enable or disable location services for ARBUC at any time through your device settings.
Ads: You can control ad personalization through your device settings or by upgrading to Premium.

9.2 European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the GDPR, including:

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate personal data.
Right to Erasure: Request deletion of your personal data.
Right to Restrict Processing: Request that we limit how we use your data.
Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
Right to Object: Object to processing based on legitimate interests, including profiling.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

Our legal basis for processing your data under GDPR is: performance of a contract (providing App services), legitimate interests (service improvement and security), and consent (location data, personalized ads). You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

9.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
Right to Delete: Request deletion of your personal information, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out of sale or sharing.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us using the information in Section 14. We will respond to verifiable requests within 45 days, as required by law.

9.4 Categories of Personal Information (CCPA Disclosure)

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

Identifiers: Email address, unique user ID, device identifiers (for advertising, with consent).
Internet or Network Activity: App usage data, scan history, interaction with advertisements.
Geolocation Data: Approximate location (city/region level, with consent).
Sensory Data: Photographs submitted for scanning (processed in transit, not permanently stored on servers).

We have not sold any personal information in the preceding 12 months. We share data with service providers (Firebase, Anthropic, AdMob, RevenueCat) solely for the purposes of providing and improving the App, as described in Section 6.

11. Do Not Track and Global Privacy Control

Some web browsers and devices transmit "Do Not Track" (DNT) or Global Privacy Control (GPC) signals. ARBUC honors GPC signals as a valid opt-out of the sharing of personal information for cross-context behavioral advertising, consistent with applicable law. Because we do not sell or share personal information for behavioral advertising, GPC signals do not require additional changes to our data practices, but we respect and acknowledge them.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App features. When we make material changes, we will notify you by posting the updated policy within the App and updating the "Last Updated" date at the top of this document. We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

13. International Data Transfers

ARBUC is operated from the United States. If you access the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the App, you consent to the transfer of your information to the United States. For users in the EEA, we rely on standard contractual clauses and other approved transfer mechanisms to ensure adequate protection of your data.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your data is handled, please contact us at:

ARBUC
Email: arbucapp@gmail.com

We aim to respond to all inquiries within 30 days. For GDPR-related requests, we will respond within one month as required by law. For CCPA-related requests, we will respond within 45 days as required by law.