Version: 1.1 | Effective Date: April 20, 2026
Data Controller: Adorján Williger (yokicode.com)
The "Barcode" application is designed with Privacy-by-Design principles. It operates primarily as an offline-first tool, minimizing data collection and maximizing user agency over their information.
| Data Category | Data Type | Storage Location | Processing Type | Retention |
|---|---|---|---|---|
| Scanned Content | Text, URLs, WiFi SSIDs/Pass, VCards | Local Room DB (Encrypted at rest by OS) | On-device (ML Kit) | Until user deletes |
| Biometric Metadata | Fingerprint/Face ID result | Android Keystore / TEE | OS-Level (App never sees raw data) | Not stored by app |
| Network Data | IP Address (transient) | Volatile Memory | URL Title Fetching | Not persisted |
| Exported Data | CSV files | User-defined storage | User-initiated export | User-managed |
The application utilizes Google ML Kit for barcode recognition. Processing occurs entirely on-device. No image data is transmitted to remote servers for scanning purposes.
The "Privacy Mode" allows users to scan and generate barcodes without persisting data to the database, fulfilling the "Data Minimization" principle (GDPR Art. 5).
Sensitive history is gated behind the BiometricPrompt API. The app leverages the Android Trusted Execution Environment (TEE) and never accesses raw biometric templates.
When scanning a URL, the app fetches the <title> tag. This involves a standard HTTP GET request to the target domain with a generic User-Agent.
We confirm compliance with GDPR (no non-consensual tracking), CCPA/CPRA (no sale or sharing of personal information), and COPPA (no data collection from children under 13).