Privacy Policy

Last updated: March 2026

1. What We Collect

When you create an account, we collect your email address and a hashed password. We do not collect your name, phone number, or payment details directly — billing is handled by our payment processor.

During normal use of the Service, we may log:

  • URLs submitted for scanning (to process and debug your jobs)
  • Scan results and extracted files (stored temporarily per your plan's retention policy)
  • IP addresses (for rate limiting and abuse prevention)
  • Basic usage metrics (number of scans, error rates) to improve the Service

2. How We Use Your Data

We use collected information solely to:

  • Provide and improve the SmartScan Service
  • Enforce usage limits and prevent abuse
  • Respond to support requests
  • Send account-related notifications (no marketing emails without consent)

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Retention

Scan results (extracted files and ZIP archives) are automatically deleted after 90 days from the date of the scan, regardless of plan. Scan history records may be retained longer for account management purposes.

Account data (email, role, usage statistics) is retained for as long as your account is active. You can request account deletion at any time.

4. Cookies & Local Storage

SmartScan uses browser localStorage to store your authentication token. We do not use tracking cookies or third-party analytics. No cookies are set for marketing or profiling purposes.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Paddle (paddle.com) — our payment processor and Merchant of Record. Paddle handles all billing, stores payment details, and manages tax compliance. We never see your full card number. Paddle's privacy policy applies to payment data.
  • Hosting provider — our servers are hosted on a VPS in the EU. Data is not intentionally transferred outside this region.

5a. GDPR

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority. Our lawful basis for processing your data is the performance of a contract (providing the Service) and our legitimate interests in operating the platform securely.

6. Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords (bcrypt), and access controls. No system is 100% secure — in the event of a breach affecting your data, we will notify affected users promptly.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data

To exercise these rights, contact us →

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the revision date at the top of this page. Continued use of the Service after changes indicates acceptance.

9. Contact

Privacy questions or data requests: contact us →