Runar Ovesen Hjerpbakk

Leadership, product and technology

Privacy Policy for Book Scanner

This Privacy Policy applies to the Book Scanner mobile app. The app does not require account creation, and I do not ask you to submit personal information directly inside the app.

1. Controller

This app is provided by Runar Ovesen Hjerpbakk (runar@hjerpbakk.com).

2. Data Processed

Advertising (Google AdMob)

This app uses Google AdMob to display advertisements for non-premium users. Premium users have ads disabled. When ads are requested, loaded, or shown, Google and its partners may process personal data such as:

  • device and app information
  • advertising identifiers and similar identifiers, where available
  • IP address
  • approximate location derived from IP address
  • diagnostics, performance, fraud-prevention, and ad interaction data
  • consent choices related to advertising

Analytics

The app uses my own first-party analytics (Umami) to understand how the app is used, such as which screens are opened and how often core actions happen. For each screen view or action, the app sends:

  • a visitor id that is a random value kept only in memory and changed at least once a day. It is never stored on your device and cannot be traced back to you.
  • the fixed name of the screen or action (for example scanner or book_added)
  • the app version and build number
  • the operating system name and version
  • the device model and screen size
  • your preferred language
  • an approximate location that the analytics server derives from your IP address

The app never sends the content of your library or your activity. No titles, authors, ISBNs, ratings, notes, shelf names, or search terms are sent, and no counts or selected values. Only the fixed screen and action names are sent.

Camera

The app uses your device camera to scan the barcode on a book. The camera image is read on your device to find the ISBN and is never saved or sent anywhere.

Your library

The books you scan, along with your shelves, reading status, star ratings, notes, and reading goal, are stored only on your device. I never receive them, and they are not sent to any server.

3. Purposes of Processing

Personal data is processed for the following purposes:

  • displaying ads and funding the app
  • measuring ad performance
  • preventing fraud, abuse, and invalid traffic
  • understanding how the app is used, so I can improve it (first-party analytics)
  • complying with legal obligations

If you are in the EU/EEA, the legal basis for processing is:

  • consent, where required, for personalized advertising and the use of advertising-related identifiers or local storage
  • legitimate interests and/or legal obligations, where applicable, for security, fraud prevention, and compliance
  • legitimate interests for the first-party analytics. Because the analytics stores or reads nothing on your device and uses no persistent identifier, it runs without a separate consent request.

You can refuse or withdraw consent at any time through the app’s privacy choices or your device settings, where applicable. If you do not consent, ads may be non-personalized or limited.

5. Recipients

I use Google AdMob as an advertising provider for non-premium users. Google and its advertising partners may receive and process the data described above. Google may act as an independent controller for some ad-related processing. I do not set the retention period for data processed by Google AdMob; Google retains data according to its own policies. More information is available here:

For the first-party analytics I use my own Umami instance hosted on Fly.io, with the data stored in a PostgreSQL database at Supabase. These providers process the data on my behalf as processors. I keep the analytics data only as long as it is useful for understanding how the app is used. Because it contains no identifier that points to you, it cannot be tied to a specific person. The analytics data is not shared with advertisers, is not sold, and is not used for cross-app tracking or advertising.

6. International Transfers

Because Google operates globally, personal data may be processed outside the EU/EEA. Google states that it applies safeguards for international data transfers in accordance with applicable law. Please see Google’s privacy documentation for more information.

7. Your Rights

If you are in the EU/EEA, you may have the right to:

  • access your personal data
  • request rectification of inaccurate data
  • request deletion of your data
  • request restriction of processing
  • object to certain processing
  • request data portability where applicable
  • withdraw consent at any time
  • lodge a complaint with your local data protection authority

For the advertising data that Google processes as the controller, you exercise these rights through Google using the links above. The first-party analytics data I hold contains no identifier that points to you, so I cannot link it to an individual to access, correct, or delete it. If you have a concern, contact me and I will help where I can.

8. Children

This app is intended for a general audience. If you are a parent or guardian and have a privacy concern about a child’s use of the app, please contact me.

9. Contact

For privacy questions or to exercise your rights, contact: Runar Ovesen Hjerpbakk (runar@hjerpbakk.com).

10. Changes

I may update this Privacy Policy from time to time. The updated version will be made available at the same location and will show the new “Last updated” date.

Last updated: 16 July 2026