Privacy Policy

Last updated: April 27, 2026

Backpack: AI Document Vault

The short version

Backpack is a privacy-first document vault. Your documents are stored on your device and never uploaded to any server. There is no account. There is no cloud storage. We never see your documents. Backpack does not send any data to any third-party AI service — all AI processing runs entirely on your device using Apple's built-in frameworks.

When you choose to connect your email, Backpack accesses your inbox with read-only permission to find documents. Attachments you select are downloaded directly to your device. Your email credentials are never seen or stored by Backpack — authentication is handled entirely by Google or Microsoft.

What data Backpack processes

Backpack processes the following data entirely on your device:

Documents you add — photos, PDFs, and files you import via the camera, photo library, file picker, or share sheet. These are stored in your device's local storage and never leave your phone.

Email inbox (optional) — if you choose to connect your Gmail or Outlook account during onboarding or later in Settings, Backpack requests read-only access to your inbox via OAuth authentication provided by Google or Microsoft. Backpack uses this access to scan your emails for document attachments such as boarding passes, insurance policies, receipts, and similar files. Only attachments you explicitly select are downloaded and stored locally on your device. Backpack does not read, store, or process the body of your emails. Your email credentials (username and password) are never seen by Backpack — authentication is handled entirely by Google or Microsoft through their secure OAuth flows. The OAuth access token is stored securely on your device and is never transmitted to any server. You can disconnect your email account at any time in Settings, which revokes Backpack's access and deletes the stored token.

Document text — Backpack uses Apple's on-device OCR (Vision framework) and Apple's on-device AI (Foundation Models) to read, classify, and extract information from your documents. All text recognition and AI processing happens on your iPhone using Apple's built-in frameworks. No document content is ever sent to any server, cloud service, or third party. Backpack does not use any third-party AI services, APIs, or models — all intelligence is provided by Apple's on-device frameworks.

Location — if you grant permission, Backpack checks your approximate location when you open the app to surface relevant documents (for example, showing your passport when you're near an airport). Your location is processed once, in memory, and immediately discarded. It is never stored, logged, or transmitted.

Calendar events — if you grant permission, Backpack reads your upcoming calendar events to surface relevant documents (for example, showing your boarding pass before a flight). Calendar data is read on-device and never stored or transmitted.

Search queries and questions — anything you type into Search or Ask Backpack is processed entirely on your device using local database queries and Apple's on-device AI. Your questions are never sent anywhere.

What data Backpack does NOT collect

Backpack does not collect:

  • Personal information (name, email address, phone number)
  • Email content or message bodies
  • Usage analytics or telemetry
  • Crash reports
  • Advertising identifiers
  • Location history
  • Document contents or metadata (processed on-device only, never transmitted or stored externally)
  • Search history
  • Any data whatsoever

There are no tracking pixels and no third-party data collection of any kind.

Data storage

All data is stored locally on your device in an encrypted application container protected by iOS. When you enable biometric lock (Face ID or Touch ID), the app requires authentication before displaying any content.

Your documents are included in your iCloud device backup if you have iCloud Backup enabled in iOS Settings. This is handled by Apple's backup system, not by Backpack. Backpack does not use iCloud Drive, CloudKit, or any cloud storage service.

Google user data

This section describes how Backpack handles data obtained from Google APIs (Gmail). Backpack's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google scopes Backpack requests. When you choose to connect your Gmail account, Backpack requests the following OAuth scope:

  • https://www.googleapis.com/auth/gmail.readonly — read-only access to your Gmail messages and attachments. Backpack cannot send, modify, delete, or compose email with this scope.

How Backpack uses Google user data. Backpack uses Gmail data only to find and import document attachments (such as boarding passes, insurance policies, receipts, tickets, and similar files) into your on-device document vault. Specifically:

  • Backpack queries the Gmail API on your device to list messages that may contain document attachments.
  • For each candidate message, Backpack reads metadata (sender, subject, date) and the attachment list to present a list of importable documents to you.
  • Only when you explicitly tap to import an attachment does Backpack download that attachment from Gmail directly to your device's local storage.
  • Backpack does not read, store, or process the body of your emails beyond what is needed to identify and present document attachments to you for import.
  • Google user data is never used for advertising, never sold, never used to train AI or machine learning models, and never used for any purpose other than providing the document-import feature you have enabled.
  • No human at Backpack ever reads your Google user data. There are no servers operated by Backpack that receive, log, or store Google user data.

With whom Backpack shares, transfers, or discloses Google user data. Backpack does not share, transfer, or disclose your Google user data to any third party. Specifically:

  • Google user data is not transmitted to any Backpack-operated server (Backpack does not operate any servers that process user data).
  • Google user data is not shared with any third-party service, SDK, analytics provider, advertising network, or AI/ML provider.
  • Google user data is not shared with RevenueCat, Apple, or any other vendor mentioned elsewhere in this policy.
  • Google user data never leaves your device, except in the form of API requests made directly from your device to Google's servers using the OAuth access token you authorised.
  • The only "transfer" of Google user data that occurs is the direct, encrypted communication between your device and Google's own APIs, which is required to deliver the feature you requested.

How Backpack protects Google user data. Backpack applies the following data protection mechanisms to Google user data and other sensitive data:

  • Encryption in transit. All communication with Google APIs uses HTTPS/TLS, as required by Google.
  • Encryption at rest. The OAuth access token and refresh token issued by Google are stored in the iOS Keychain, which is hardware-encrypted by the iOS Secure Enclave and protected by your device passcode/biometrics.
  • Imported attachments are stored in Backpack's iOS application container, which is sandboxed by iOS and encrypted at rest by iOS Data Protection (Complete File Protection class) whenever your device is locked.
  • Biometric lock. When you enable Face ID or Touch ID inside Backpack, the app requires biometric authentication before any document content (including content imported from Gmail) can be displayed.
  • On-device processing only. All parsing, OCR, classification, and AI analysis of imported documents happens on your iPhone using Apple's on-device frameworks (Vision, Foundation Models). Google user data is never sent to any third-party AI service or cloud.
  • Least privilege. Backpack requests only the read-only Gmail scope and never requests broader Google account access.
  • Revocation and deletion. You can disconnect your Gmail account at any time from Backpack's Settings, which deletes the stored OAuth tokens from the iOS Keychain and revokes Backpack's access via Google's revocation endpoint. You can also revoke Backpack's access at any time from your Google Account security page at myaccount.google.com/permissions.
  • Data minimisation. Backpack does not retain copies of Gmail messages, message bodies, or attachments other than the specific attachments you choose to import.

Limited Use compliance. Backpack's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Backpack does not use Google user data for serving advertisements; does not allow humans to read Google user data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Backpack's internal operations and even then only when the data have been aggregated and anonymised; and does not transfer or sell Google user data to third parties for advertising, marketing, or any other purpose.

Third-party services

Google and Microsoft (email access) — if you connect your Gmail or Outlook account, authentication is handled by Google or Microsoft through their OAuth services. Backpack requests read-only access to your inbox. Your credentials are handled entirely by Google or Microsoft and are never seen by Backpack. You can revoke access at any time through Backpack's Settings or through your Google/Microsoft account security settings. See the "Google user data" section above for full details on how data obtained from Google APIs is used, shared, and protected.

Apple App Store and StoreKit — if you purchase Backpack Pro, the transaction is processed by Apple through the App Store. Apple handles all payment information. Backpack never sees your payment details, Apple ID, or purchase receipt contents.

RevenueCat — Backpack uses RevenueCat to manage in-app purchase entitlements. RevenueCat receives anonymised transaction data from Apple (not from Backpack) to verify your purchase status. RevenueCat may collect anonymous, non-personal diagnostic data such as device type and OS version to ensure purchase functionality works correctly. RevenueCat does not receive any of your document data, email content, location, calendar events, or personal information. RevenueCat's privacy practices provide equal or greater protection for any data they process. You can review RevenueCat's privacy policy at revenuecat.com/privacy.

No other third-party services, SDKs, or APIs are used.

Notifications

Backpack schedules local notifications on your device for document expiry reminders and proactive insights. These notifications are created and triggered entirely by iOS on your device. They do not use push notification servers — there is no server to push from.

Children's privacy

Backpack does not knowingly collect any data from anyone, including children under the age of 13. Since the app collects no data, no special provisions are necessary.

Data deletion

Since all data is stored locally on your device, you have complete control:

  • Delete individual documents within the app
  • Delete all data by using the "Delete all documents" option in Settings
  • Disconnect your email account in Settings to revoke access and delete the stored OAuth token
  • Delete all data by uninstalling the app

There is no account to delete and no server-side data to request removal of.

Changes to this policy

If this privacy policy changes, the updated version will be posted here with a new "Last updated" date.

Contact

If you have questions about this privacy policy, contact:

Email: [email protected]
Developer: Usman Khan