Privacy Policy
1. What We Collect
When you create an account, we collect your email address and a hashed password. We do not collect your name, phone number, or payment details — SmartScan is free and does not process payments.
During normal use of the Service, we may log:
- URLs submitted for scanning (to process and debug your scans)
- Scan results and extracted files (stored temporarily for 30 days)
- IP addresses (for rate limiting and abuse prevention)
- Basic usage metrics (number of scans, error rates) to improve the Service
2. How We Use Your Data
We use collected information solely to:
- Provide and improve the SmartScan Service
- Enforce usage limits and prevent abuse
- Respond to support requests
- Send account-related notifications (no marketing emails without consent)
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Data Retention
Scan results (extracted files and ZIP archives) are automatically deleted after 90 days from the date of the scan, regardless of plan. Scan history records may be retained longer for account management purposes.
Account data (email, role, usage statistics) is retained for as long as your account is active. You can request account deletion at any time.
4. Cookies & Local Storage
SmartScan uses browser localStorage to store your authentication token and your cookie consent preference. We do not set first-party tracking cookies or use cookies for marketing or profiling purposes.
We use Yandex Metrika (Yandex LLC) as a website analytics service to understand aggregate traffic and usage patterns. Metrika is loaded only after you explicitly accept analytics cookies via the cookie consent banner. If you decline, Metrika is never loaded and no data is sent to Yandex. You can withdraw consent at any time by clearing your browser's localStorage (key: ss_cookie_consent). Yandex's privacy policy is available at yandex.com/legal/privacy.
5. Third-Party Services
We use the following third-party services to operate the platform:
- Hosting provider — our servers are hosted on a VPS in the EU. Data is not intentionally transferred outside this region.
5a. GDPR
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority. Our lawful basis for processing your data is the performance of a contract (providing the Service) and our legitimate interests in operating the platform securely.
6. Security
We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and access controls. No system is 100% secure — in the event of a breach affecting your data, we will notify affected users promptly.
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
To exercise these rights, contact us →
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will update the revision date at the top of this page. Continued use of the Service after changes indicates acceptance.
9. Contact
Privacy questions or data requests: contact us →