Privacy policy

Privacy policy

Last updated 2026-05-19

AI Wallet Pass is operated by TLM Software Design, Inc. (Michigan, USA). This policy explains what we collect, why, and what choices you have. We've kept it short on purpose.

The short version

• The barcode or QR code on your card stays on your phone. There is one exception: when you add a pass to Apple Wallet we send the code to our signing service for a few seconds to build the signed pass file, then discard it.
• Before any photo of your card leaves your phone, the barcode area is masked with a black rectangle on your device.
• The masked photo passes through our backend only long enough to extract the printed fields. It is not stored and is not used to train AI.
• You can delete your account and everything we hold about you from Settings → Delete account.
• We don't sell your data, run ads, or use third-party trackers.

What we collect

Account

Your email and a user ID. We use these to sign you in, keep your wallet attached to your account, and track your free allowance and any pass packs you purchase.

Photos of your cards

When you scan a card, your phone finds the barcode and masks it locally. The masked photo is sent to our backend for AI field extraction and discarded as soon as the response comes back. We don't keep the photo, share it, or use it to train models. The original (unmasked) photo never leaves your device.

Barcode contents

The code itself (the loyalty number, ticket code, or coupon code that the bars encode) is decoded on your phone and stored in your phone's secure storage. Our extraction service does not accept it as input. The only time it reaches us is when you add a pass to Apple Wallet — then it's sent once to our signing service, used in memory to build the signed pass file, and discarded. We don't write it to disk, log it, or share it.

Purchases and allowance

We keep a small record per user of how many free scans you've used this month and how many paid pass-pack credits remain. When you buy a pack we receive a confirmation message from our payments processor so we can credit your account.

Diagnostics

We collect crash reports and a small set of product events (sign-in, pass saved, account deleted) so we can fix bugs and understand how the app is used. These events do not include your card contents, photos, or barcode codes.

This website

This page uses Google Analytics to measure aggregate visits (pages viewed, session count, referral source). Analytics cookies are only set after you accept via the cookie banner. No marketing cookies, ad cookies, or tracking pixels.

Who we share with

We rely on a small number of service providers, each used for one specific job:

• A cloud platform for sign-in, backend, diagnostics, and the AI extraction model.
• A payments processor for in-app purchases.
• The Apple App Store and Google Play for billing. We don't see your full payment information.
• A web-hosting provider for this marketing site.

These providers act on our instructions under their own privacy commitments. None of them are given the contents of your barcodes (except for the one-time signing flow described above) and none are allowed to use your data to train AI.

How long we keep things

• Photos: only during extraction. Discarded when the response is returned.
• Barcode codes: on your phone until you delete the pass.
• Account and allowance: until you delete your account.
• Crash and product events: up to 14 months, per our diagnostics provider's defaults.

Your rights and choices

You can delete your account and everything we hold about you from Settings → Delete account in the app. This is final and removes your sign-in, your allowance and purchase records, and your saved wallet.

If you live in the EU, UK, California, or another region with comparable privacy laws, you have the right to access, correct, port, or delete the personal data we hold, and to object to or restrict processing. The in-app delete flow covers most of these in one tap. For anything else, email us.

Children

AI Wallet Pass is not directed to children under 13 (under 16 in the EU) and we don't knowingly collect data from them. If you believe a child has signed up, contact us and we'll remove the account.

International transfers

Our backend runs in the United States. If you use the app from outside the US, your account data and the photos you submit for extraction are processed in the US.

Changes

We'll post material changes here and update the "Last updated" date. If a change broadens what we collect or how we use it, we'll show a notice in the app on next launch.

Contact

Privacy questions, requests, or complaints: privacy@swtlm.com.