Privacy Policy — Docera
Last updated: May 22, 2026
This policy explains what Docera does with your data in plain English.
Who we are
Docera is an iOS app for scanning, organizing, and sharing documents. It's built and operated by Ibrahim Abu Dbay (referred to as "we" or "Docera" below).
What data Docera handles
On your device (stored locally, never sent to our servers):
- Scanned documents (the PDF or image you create from your camera, plus thumbnails and edit state)
- Photos shared into Docera from other apps (via the iOS share sheet)
- Your filename preferences, theme, and other app settings
- A cached copy of your account info so the app launches fast
On our servers (PostgreSQL on Railway, EU West):
- An auto-generated account record for your device: a unique ID, an auto-generated username, your display name, and your trial/subscription state
- The session that keeps you signed in
- That's it. We do not store your scanned documents, your Gmail messages, your photos, or your contacts on our servers.
On your device in Safari/WebKit storage:
- Gmail OAuth tokens (so you don't need to sign in every time)
- Display-name overrides for your contacts
- Your guest device ID
What we do with it
We use this data to:
- Show you your Gmail inbox inside the app
- Send documents to your contacts on your behalf, via your Gmail account
- Save and organize your scanned documents on your device
- Track your free trial and subscription status
That's the full list. We don't profile you, build advertising audiences, or sell your data.
Third-party services we use
Docera relies on three services. Here's what each one sees:
Google (Gmail API)
- What it sees: your Gmail messages (read), the emails you send through the app (write)
- Scopes:
gmail.readonly and gmail.send
- Docera's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- We do not use Gmail data to train AI or machine learning models.
- We do not sell or transfer Gmail data to any third party.
- We only use Gmail data to show your inbox and send emails on your behalf.
RevenueCat
- What it sees: an anonymous identifier their SDK generates, your device platform, your app version, and Apple's purchase receipts when you subscribe or restore purchases
- Why: to verify and manage your subscription
- What's NOT sent: your name, email, or any personally identifying info from our side
Apple
- What it sees: your subscription state, since billing is handled by Apple
- You can view and cancel subscriptions in your Apple ID settings at any time
That's the complete list. There's no analytics service, no crash reporter, no advertising network, no email delivery provider, no AI service.
How authentication works
Docera does not have a username/password sign-up. There's no "create account" screen.
When you first open the app, we automatically create a guest account tied to your device. This account exists on our server only so we can track your trial and subscription state. It has no email, no password, and no personally identifying information.
If you connect your Gmail account, you grant Docera limited access through Google's standard OAuth flow. You can disconnect at any time from inside the app, and the tokens are deleted from your device.
We never see or store your Google password.
Sharing your data
We do not sell your data. We do not rent it. We do not share it with anyone except the three services listed above, and only to the extent needed to provide the features you use.
We may disclose data if legally required (court order, lawful request) or to protect against fraud or abuse — but this has not happened and we have no agreements requiring it.
Deleting your account and data
You can delete your Docera account and all associated data directly inside the app:
Profile → Delete Account → type DELETE → confirm
When you do this:
- All your documents, folders, clients, and history on our server are permanently deleted (cascade delete in a single transaction)
- All local data on your device is cleared (documents, settings, tokens)
- Your Gmail OAuth grant is revoked via Google's token revocation endpoint, so Docera disappears from your Google account's connected apps list
- Your session is destroyed
This is immediate and cannot be undone.
Active subscriptions are handled separately. Apple manages your subscription. Deleting your Docera account does not cancel your Apple subscription. To cancel, go to Settings → [your name] → Subscriptions on your iPhone.
If you can't access the app and want your data deleted, email ibraheemabodbay7@gmail.com and we'll process the request manually.
Data we briefly handle (but don't store)
Some Gmail data passes through our server in memory only, never written to a database or log:
- Email body text when you open a thread (proxied from Gmail to your device)
- Attachment binaries when you tap one (proxied from Gmail to your device)
- Recipient address and PDF binary when you send a document via Gmail
These are processed in RAM during a single request and discarded.
Where your data lives geographically
- Our server is hosted on Railway in the EU West region (Netherlands).
- Google processes Gmail data according to Google's own policies and infrastructure.
- RevenueCat processes purchase data on their infrastructure (US-based).
Security
- All connections use HTTPS.
- Gmail authentication uses OAuth 2.0.
- We never see or store your Google account password.
- Session cookies are httpOnly and Secure in production.
- Gmail OAuth tokens are stored in your device's local app storage, not on our servers.
We're a small operation, so we keep our attack surface minimal — fewer third parties, less data retained, less to go wrong.
Children
Docera is not intended for users under 13 (or under 16 in the European Union). We do not knowingly collect personal information from minors. If you believe a minor has used Docera, email us and we'll delete their data.
Changes to this policy
We may update this policy when we add features or change how we handle data. The "Last updated" date at the top will change, and significant changes will be announced inside the app.
Contact
For questions, requests, or anything privacy-related:
ibraheemabodbay7@gmail.com
This policy applies only to the Docera iOS app. The Docera website is not currently functional for end users.