Lock ScanLens behind Face ID, Touch ID, or a passcode. Encrypt PDFs with AES-256. Keep every scan on-device. A practical, layered approach to protecting the documents that matter most on your iPhone.
The documents you scan with your phone are rarely throwaway. Tax returns, medical records, leases, passports, ID cards, business contracts, insurance claims — these contain the kind of personal data that fuels identity theft, fraud, and targeted phishing if it falls into the wrong hands.
A document scanner has to take that responsibility seriously. ScanLens is built around three layers of protection: an App Lock that gates access to the entire library, optional AES-256 encryption for individual PDFs, and an architecture that keeps your data on your device by default. None of these layers is magic on its own. Together they raise the bar substantially compared to scans living loose in your camera roll.
This page walks through how each layer works, what it does well, and where its honest limits are. You can read more about our overall approach on the about page and the full privacy policy.
App Lock is the first wall between a borrowed phone — or a stolen one — and your scanned documents. When enabled, ScanLens requires authentication every time the app launches or returns from the background. Even if your iPhone is unlocked, the app stays sealed until you prove who you are.
Biometric authentication uses Apple's LocalAuthentication framework, which talks directly to the Secure Enclave. ScanLens never sees your face geometry or fingerprint data — it only receives a yes-or-no answer from iOS. This is the same mechanism Apple Pay and your banking apps use.
If biometrics fail or aren't available, ScanLens falls back to an app-specific passcode you choose. The passcode is never stored in plain text. It's hashed with PBKDF2-SHA256, a deliberately slow key-derivation function designed to make brute-force guessing computationally expensive even if someone gets a copy of the hash.
Failed-attempt counters live in the iOS Keychain, which is itself protected by hardware encryption. After repeated wrong passcodes, ScanLens enforces a lockout window that grows with each round of failures. The result: even an attacker with all day to guess can only try a tiny number of combinations.
App Lock also covers the moment you switch apps. When ScanLens moves to the background, the app blurs its preview in the iOS app switcher so document thumbnails aren't visible to anyone glancing over your shoulder.
App Lock protects documents while they live inside ScanLens. PDF encryption protects them after they leave. Once you share a scan by email, AirDrop, or messaging, the file is on its own — anyone who has it can open it unless it's encrypted.
ScanLens uses AES-256, the highest standard in the AES family, for password-protecting PDFs. AES-256 is approved for top-secret data by the U.S. government and is the same algorithm behind FileVault, BitLocker, and most enterprise VPNs. With a strong password, no known practical attack can recover the contents.
Encrypted PDFs created in ScanLens follow the standard PDF security model, so they open in any compliant reader: Apple Preview, Adobe Acrobat, Chrome, Edge, and the major mobile PDF apps. Recipients are prompted for the password automatically — no extra software required. For a deeper walkthrough, see the dedicated password protect PDF on iPhone guide.
AES-256 only matters if your password does. A six-character common word can be cracked in minutes regardless of the algorithm. Use a long, unique passphrase generated by a password manager, and share it through a different channel than the file itself. Encryption is only as strong as the secret guarding it.
PDF encryption is a paid feature in ScanLens. The honest reason: encrypting and decrypting documents reliably across readers takes ongoing engineering work, and we'd rather charge for that than monetize your data.
The single most effective privacy decision a scanner app can make is to keep your data on your device. Cloud processing is convenient for vendors — it centralizes telemetry, makes machine-learning pipelines easier, and creates business reasons to retain content. It's also the source of most large-scale document leaks.
Edge detection, perspective correction, color enhancement, and image cleanup all run on your iPhone. The camera frames feeding the scanner never touch our servers. If you're scanning in airplane mode, ScanLens still works — that's the litmus test for true on-device processing.
Text recognition uses Apple's Vision framework directly on your phone. Whether you're scanning an ID card, a passport, or a multi-page contract, the extracted text is generated locally and stored locally. Nothing is sent to a server to be transcribed.
If you choose to back up scans to iCloud or another provider you control, that's your call. When ScanLens does need to talk to a server — for example, fetching an update or syncing through a service you've enabled — those connections are encrypted in transit using TLS 1.3, the current modern standard.
It's easy to list features. It's more useful to list the things we deliberately don't do, because absent collection is the strongest privacy guarantee.
You don't have to create an account, hand over an email, or sign in with a social provider. Open the app, scan, done. No credential database means no credential database to leak.
ScanLens doesn't embed Facebook SDK, Google Analytics, Mixpanel, Amplitude, or any other behavioral tracking library. The most common way apps quietly leak data is through analytics SDKs phoning home with device IDs and event streams. We chose not to ship them.
We don't transmit your scans, OCR text, file names, or document metadata back to our infrastructure. The content of your library stays in your library.
There are no ads in ScanLens, and no advertising SDKs collecting identifiers in the background. The app is supported by an optional paid upgrade, not by selling attention.
No security model is perfect, and any app that claims otherwise is selling something. A few honest caveats worth understanding before you trust any scanner — including ours — with sensitive documents:
App Lock can't protect against a compromised phone. If your iPhone itself is jailbroken, infected, or unlocked while attended by an attacker, App Lock is one barrier among many but it's not magic. iOS device-level security (a strong device passcode, current iOS version, Find My enabled) is the foundation.
Encryption strength depends on the password you choose. AES-256 is unbroken in practice, but a weak password makes the algorithm irrelevant. Use a password manager.
On-device processing doesn't prevent screenshots. If you take a screenshot of a sensitive scan, that screenshot lives in Photos with no special protection. Be intentional about which images leave the app.
Cloud sync trades convenience for surface area. The moment you sync to any cloud — ours, Apple's, anyone's — you're trusting another system. We minimize that surface area by keeping sync optional and encrypting transfers, but you should understand the tradeoff.
Security is a layered practice, not a feature you check off. ScanLens is designed to be one strong layer in a stack that also includes good password hygiene, current device software, and thoughtful sharing decisions.
Enable App Lock in Settings and ScanLens will require Face ID, Touch ID, or your passcode every time the app is opened or returns from the background. Biometric checks use Apple's LocalAuthentication framework, so your face or fingerprint data never leaves the Secure Enclave — ScanLens only receives a pass-or-fail result from iOS.
ScanLens uses AES-256 encryption for password-protected PDFs. AES-256 is the same standard used by financial institutions, government agencies, and tools like FileVault and BitLocker. With a strong password it's considered secure against current brute-force attacks. Encrypted PDFs are compatible with any standard PDF reader.
No. Scanning, edge detection, perspective correction, and OCR all run on your iPhone using Apple's frameworks. Documents only leave your device if you explicitly export them, share them, or enable optional cloud sync. When data does need to travel, transfers use TLS 1.3.
ScanLens hashes the App Lock passcode with PBKDF2-SHA256, a deliberately slow key-derivation function. Failed-attempt counters are stored in the iOS Keychain, which is itself protected by hardware encryption. After repeated failures the app enforces a lockout window that grows with each round, making brute-force attacks impractical.
No account is required. ScanLens works fully offline with no sign-in, no email collection, and no third-party analytics SDKs. The fewer identifiers tied to your scans, the smaller your overall attack surface — that's a deliberate design choice rather than a missing feature.
Download ScanLens free, enable App Lock with Face ID, and keep your scans on-device. AES-256 PDF encryption is available when you upgrade — no account required, ever.