P
PrivaScanLegal Documents

Privacy Policy

Effective date: March 2, 2026

PrivaScan ("we", "us", "our") operates the PrivaScan platform at privascan.net. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our service, we may collect:

  • Account information — email address, name, and password (hashed)
  • Billing information — processed and stored by Stripe; we do not store payment card details on our servers
  • URLs you submit for scanning — website URLs, Google Play links, or App Store links that you provide for policy generation
  • Questionnaire answers — company name, address, contact email, product descriptions, and data practice details you provide
  • Support communications — emails or messages you send to our support team

1.2 Information Collected Automatically

  • Usage data — pages visited, features used, scan history, and policy generation logs
  • Device information — browser type, operating system, screen resolution, and device identifiers
  • IP address — used for rate limiting, security, and approximate geolocation (country level)
  • Cookies — essential session cookies and optional analytics cookies (see Section 6)

1.3 Information from Third-Party Scanners

When you submit a URL for scanning, our automated tools visit that URL and collect publicly visible information including HTTP headers, cookie names, script sources, form field labels, and page metadata. We do not create accounts on or log in to the websites we scan. All scanned data is associated with your PrivaScan account, not with the website's users.

2. How We Use Your Information

  • Service delivery — scanning URLs, generating privacy policies, hosting policy pages, and serving consent banners
  • Account management — authentication, billing, and subscription management
  • Security — fraud prevention, rate limiting, and abuse detection
  • Improvement — analyzing usage patterns to improve scan accuracy and policy quality
  • Communication — sending transactional emails (receipts, policy update alerts) and, with your consent, marketing communications
  • Legal compliance — responding to legal requests and enforcing our Terms of Service

We do not sell your personal data to third parties. We do not use your data for advertising. We do not use your questionnaire answers or generated policies for AI/ML training.

3. Third-Party Service Providers

We share data with the following categories of service providers, solely for operating the platform:

  • Anthropic (Claude API) — questionnaire answers and scan results are sent to Anthropic's API for policy text generation. Anthropic processes this data under their API terms and does not use it for training.
  • Supabase — cloud database hosting for accounts, policies, and consent logs. Servers located in the United States.
  • Vercel — web application hosting and serverless function execution.
  • Stripe — payment processing. Stripe's privacy policy applies to payment data.

4. Data Retention

  • Account data — retained for the lifetime of your account, deleted within 30 days of account deletion
  • Scan results — cached for 7 days, then automatically purged
  • Generated policies — retained as long as your account is active or published policy pages are live
  • Consent logs — retained for 3 years (GDPR compliance requirement for proof of consent)
  • Server logs — retained for 30 days

5. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data (account deletion removes all associated data within 30 days)
  • Portability — export your generated policies and scan data in machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restrict processing — request we limit how we use your data
  • Withdraw consent — withdraw consent for optional processing (e.g., marketing emails) at any time

To exercise these rights, email privacy@privascan.net. We respond within 30 days.

6. Cookies

We use the following cookies:

  • pp_session (essential) — authentication session, expires when you close your browser
  • pp_consent (essential) — stores your cookie consent preferences, expires after 1 year
  • _pp_analytics (optional) — anonymous usage analytics to improve the product, expires after 1 year. You can opt out via our cookie banner.

We do not use any third-party advertising cookies.

7. International Transfers

Our servers and service providers are located in the United States. If you access PrivaScan from the EU/EEA, UK, Brazil, or other jurisdictions with data transfer restrictions, your data will be transferred to the US. We rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework for lawful transfers.

8. Security

We implement industry-standard security measures including: encryption in transit (TLS 1.3), encryption at rest (AES-256), password hashing (bcrypt), rate limiting, and regular security reviews. No system is 100% secure; if you discover a vulnerability, please report it to security@privascan.net.

9. Children

PrivaScan is a B2B service not directed at individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

10. Changes

We may update this policy periodically. Material changes will be communicated via email to registered users and a prominent notice on our website. Your continued use after changes constitutes acceptance.

11. Contact

PrivaScan
Email: privacy@privascan.net
For EU-specific inquiries, you may also contact your local data protection authority.

Last updated: March 2, 2026 · Contact: legal@privascan.net