Privacy Policy

Last updated: April 6, 2026

Techcon Solution Limited

This Privacy Policy describes how Techcon Solution Limited (“we”, “us”, or “our”) collects, uses, stores, and protects information when you use the OCKey mobile application and keyboard extension, our website, and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials (or tokens from third-party sign-in providers such as Apple or Google). If you subscribe to a paid plan, payment is processed by Apple App Store, Google Play Store, or Stripe; we receive a transaction identifier and entitlement status but do not store full payment card details.

1.2 Template Data

Templates you create (field definitions, extraction rules, names, and descriptions) are stored on our servers to enable cloud synchronisation across your devices. Template data does not include captured images or extracted text.

1.3 Captured Images and Extracted Text

On-device processing (Pattern & Region strategies): When you use templates that rely on on-device OCR, captured images are processed entirely on your device using Apple Vision (iOS) or Google ML Kit (Android). These images are never transmitted to our servers or any third party.

Vision AI processing (LLM strategy): When you use templates that rely on cloud-based Vision AI, the captured image is transmitted to our server-side proxy, which forwards it to a third-party AI provider (OpenAI, Anthropic, or Google, depending on configuration). The image is streamed through in real time and is not stored on our servers. Third-party AI providers process the image under their own data-processing agreements; where available, we enable zero-data-retention (ZDR) settings.

Bring Your Own Key (BYOK): If you provide your own API key for a third-party AI provider, image data is sent directly from your device to that provider. We do not see or handle the image in this scenario. Your API key is stored encrypted at rest on our servers solely for synchronisation purposes.

1.4 Usage Data

We collect anonymised, aggregate usage metrics such as the number of captures performed, template types used, and error rates. These metrics do not contain the content of captured images or extracted text. We use this data to improve the Service and to enforce usage quotas on subscription plans.

1.5 Device and Log Data

We automatically collect device type, operating system version, app version, IP address, and crash reports. This data is used for diagnostics and to ensure compatibility.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To authenticate your identity and manage your account
  • To synchronise your templates across devices
  • To process subscription payments and enforce entitlements
  • To route Vision AI requests to third-party providers on your behalf
  • To display relevant advertisements to Free-tier users (via Google AdMob, in the host app only)
  • To send transactional emails (account verification, password reset, billing receipts)
  • To monitor for abuse, fraud, and security threats
  • To comply with applicable legal obligations

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal data are:

  • Contract performance: Processing necessary to provide the Service you requested (account management, template sync, AI processing).
  • Legitimate interests: Analytics, fraud prevention, and Service improvement, balanced against your rights and freedoms.
  • Consent: Where required, such as for marketing communications or optional data sharing. You may withdraw consent at any time.
  • Legal obligation: Processing required to comply with applicable law.

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only in these circumstances:

  • AI providers (OpenAI, Anthropic, Google): Only when you use Vision AI templates. Subject to their privacy policies and our ZDR agreements.
  • Payment processors (Apple, Google, Stripe): To process subscription and lifetime license payments.
  • Advertising partners (Google AdMob): For Free-tier users only. AdMob may collect device identifiers for ad personalisation subject to your device’s ad-tracking preferences.
  • Cloud infrastructure (Vercel, Neon/PostgreSQL): To host and operate the Service. Data is encrypted in transit (TLS) and at rest.
  • Legal authorities: If required by law, court order, or governmental regulation.
  • Corporate transactions: In the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity.

5. International Data Transfers

Techcon Solution Limited may transfer and process your personal data outside your country of residence, including to jurisdictions that may not provide the same level of data protection. Where we transfer data from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent safeguards to ensure adequate protection.

6. Data Retention

  • Account data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
  • Template data: Retained while your account is active. Deleted with your account.
  • Captured images: Never stored on our servers (on-device or streamed through).
  • Usage metrics: Retained in anonymised, aggregate form for up to 24 months.
  • Server logs: Retained for up to 90 days for security and diagnostics.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: Where processing is based on consent, withdraw at any time without affecting prior processing.
  • Non-discrimination (CCPA/CPRA): We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us using the details in Section 12. We will respond within 30 days (or the period required by applicable law).

8. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act. We do not “sell” or “share” personal information as defined by CCPA/CPRA. You may request disclosure of the categories and specific pieces of personal information collected, the purposes for collection, and the categories of third parties with whom data is shared.

9. Children’s Privacy

The Service is not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

10. Security

We implement industry-standard security measures including TLS encryption for data in transit, AES-256 encryption for data at rest, role-based access controls, regular vulnerability assessments, and secure key management for BYOK credentials. No system is 100% secure; we cannot guarantee absolute security but are committed to protecting your data using commercially reasonable safeguards.

11. Cookies and Tracking

Our website uses essential cookies for authentication and session management. We may use analytics cookies (e.g., privacy-respecting analytics) to understand how visitors use our site. You can control cookie preferences through your browser settings. The mobile app does not use cookies; Free-tier ad personalisation is governed by your device’s advertising identifier settings.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

  • Company: Techcon Solution Limited
  • Email: (coming soon)
  • Address: (coming soon)

If you are in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date, and where required by law, by sending you an email notification. Your continued use of the Service after such changes constitutes acceptance of the revised policy.