Privacy Policy
Last updated: 23 April 2026
This Privacy Policy explains how the OdooDrop Android application ("OdooDrop", "the app") handles your data. OdooDrop is published by Jeroen, a sole trader based in Belgium ("we", "us"). You can contact us about privacy at privacy@odoodrop.app.
OdooDrop is a tool that uploads documents from your phone to an Odoo server that you control. We do not operate any server that receives your documents or personal data. This policy applies to the Android app published on Google Play under the package name com.jeroene.odoodrop.
1. Summary
OdooDrop is designed to be privacy-first:
All document scanning and OCR (text recognition) happens on your device. Your documents are not sent to us or to any third-party OCR service.
Your documents are uploaded only to the Odoo server you configure in the app. That server is operated by you or your organisation, not by us.
We do not collect analytics, crash reports, advertising identifiers, or device identifiers from the app. OdooDrop contains no Firebase, Google Analytics, Crashlytics, Sentry, or advertising SDKs.
Your Odoo password is encrypted on your device using the Android Keystore and never leaves your device except to authenticate with the Odoo server you chose.
2. Data Processed by the App
OdooDrop processes the following categories of data, all stored locally on your device unless stated otherwise:
Odoo connection details. The server URL, database name, username (or email) and password or API key that you enter in Settings. The password is encrypted with AES-256-GCM using a key stored in the Android Keystore. These credentials are sent to the Odoo server you configured, over HTTPS (or HTTP if you explicitly configure an insecure server), for the sole purpose of logging you in and performing uploads.
Documents and scans. Files you choose to upload, photos taken with the in-app document scanner, and PDFs generated from those scans. These files are stored temporarily on your device and uploaded to your Odoo server when you request a sync.
OCR text. Text extracted from your documents by on-device OCR. This text is stored in the local upload history database on your device and, if you enable the OCR option, sent to your Odoo server together with the document so that Odoo can index it for full-text search.
Upload history. Metadata about files you have uploaded: file name, size, last-modified date, upload timestamp, a SHA-1 checksum used for duplicate detection, and the resulting Odoo attachment identifier. Stored locally in a Room database on your device.
App settings. Your preferences, such as the watch folder path, feature toggles, and a cached count of active internal users on your Odoo instance (used to determine whether you need a Pro subscription). Stored locally.
Subscription data. If you purchase OdooDrop Pro, Google Play processes the payment. OdooDrop stores the purchase token and product identifier locally on your device to acknowledge the purchase and unlock Pro features. We do not receive, see, or store your payment card or billing address — that information stays with Google.
Biometric data. If you enable App Lock, authentication is performed by Android's biometric framework. No biometric data is ever accessible to OdooDrop.
OdooDrop does not access your location, contacts, microphone, call logs, SMS messages, advertising ID, or device identifiers, and does not request the permissions needed to do so.
3. How We Use This Data
The data listed above is used only to provide the app's functionality:
To authenticate you to the Odoo server you chose and upload your documents to it.
To let you scan, view, and manage your own document uploads on your device.
To determine which pricing tier applies to your Odoo instance (by counting internal users on your own server) and to unlock OdooDrop Pro after a successful Google Play purchase.
To show local notifications about the progress and result of background uploads.
We do not use your data for profiling, advertising, or any form of automated decision-making. We do not sell or share your data.
4. Who Receives Your Data
OdooDrop is designed so that your data stays either on your device or on servers you control. The only parties that may receive data are:
Your Odoo server. The Odoo instance whose URL you entered in Settings. It receives your credentials, the documents you upload, file metadata, and (if enabled) OCR text. This server is operated by you or your organisation. We have no access to it. You, or your organisation, act as the data controller for the content stored there.
Google, as operator of Google Play and Google Play Services. If you install OdooDrop from Google Play or purchase OdooDrop Pro, Google processes installation, billing, and subscription management data in accordance with Google's privacy policy. The in-app document scanner also uses the Google ML Kit Document Scanner, which runs inside Google Play Services on your device; camera frames are processed locally by Google Play Services and are not sent to us.
We do not share your data with any other third party. We do not transfer your data outside the European Economic Area ourselves; any cross-border transfer that may occur via Google Play is governed by Google's own terms.
5. Storage, Security and Retention
All data that OdooDrop keeps lives on your device, in the app's private storage. In particular, your Odoo password is encrypted with AES-256-GCM using a key stored in the Android Keystore; if your device does not support Keystore, the app will warn you and fall back to a less secure local storage.
OdooDrop participates in Android's standard automatic backup mechanism. If you have Android auto-backup enabled for your device, some app data may be backed up to your personal Google account. You can disable this in Android's system settings.
We do not retain your data on our own servers, because we do not operate any such server. Data you upload to your Odoo server is retained according to your organisation's retention policy.
You can remove local data at any time by using "Clear Upload History" in Settings, by signing out, or by uninstalling the app, which deletes all local data and credentials. Documents that were already uploaded to your Odoo server must be deleted in Odoo itself.
6. Your Rights
Because we do not hold your personal data on our own infrastructure, most data-protection rights (access, rectification, erasure, portability, restriction, objection) are exercised directly against the data you control:
For data stored locally in OdooDrop, you can view, edit, or delete it from within the app or by uninstalling the app.
For data stored in your Odoo instance, please contact the administrator of that Odoo instance — that is normally you or your employer.
If you believe we are nonetheless processing personal data about you, or if you have questions about this policy, you can contact us at privacy@odoodrop.app. If you are located in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority.
7. Children
OdooDrop is a business tool for uploading documents to Odoo ERP systems. It is not directed at children under 16, and we do not knowingly process personal data of children.
8. About This Website
This policy covers the OdooDrop Android app. The website odoodrop.app, on which this policy is hosted, uses Google Analytics 4 (GA4) to understand aggregate visitor traffic. GA4 cookies are only set after you give explicit consent via the cookie banner and can be withdrawn at any time by clearing your browser cookies or using the banner again. The website itself does not require an account and does not receive any of the app data described above.
9. Changes to This Policy
We may update this policy from time to time, for example to reflect new features or legal requirements. When we do, we will update the "Last updated" date above. Material changes will also be announced in the app or on odoodrop.app.
10. Contact
If you have any questions about this policy or about how OdooDrop handles your data, please contact:
Jeroen (sole trader, Belgium) Email: privacy@odoodrop.app