Privacy Policy

Scanvato Labs LLC ("Scanvato", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QR code generator platform at https://scanvato.com ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. We comply with applicable data protection legislation, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide when using the Service:

• Account Data: Name, email address, and password when you register for an account
• Billing Data: Payment information processed securely by Lemon Squeezy (we do not store full credit card numbers)
• QR Code Content: The data you include in your QR codes (URLs, contact details, text, Wi-Fi credentials, event information, etc.)
• Uploaded Files: Logos, images, PDFs, and other files you upload to the platform
• Profile Data: Any additional profile information you choose to provide
• Communication Data: Information provided when you contact our support team

1.2 Information Collected Automatically

When you or end-users scan QR codes created through our Service, we may automatically collect:

• Scan Analytics: Date and time of scan, approximate geographic location (city/country level derived from IP address), device type, operating system, browser type, and referrer information
• Usage Data: Pages visited, features used, session duration, and interaction patterns within the platform
• Technical Data: IP address, browser type and version, device identifiers, screen resolution, and operating system
• Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy for details)

1.3 Information from Third Parties

• Payment Processor: Lemon Squeezy provides us with limited transaction data (payment status, last four digits of card, billing address)
• Authentication Providers: If you sign in via third-party services, we receive basic profile information (name, email)

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

• Creating and managing your account
• Generating, storing, and serving QR codes
• Processing dynamic QR code redirects
• Providing scan analytics and reporting
• Processing payments and managing subscriptions
• Facilitating team collaboration features

2.2 Service Improvement

• Analysing usage patterns to improve features and user experience
• Identifying and fixing bugs, errors, and performance issues
• Developing new features and services
• Conducting research and analytics

2.3 Communication

• Sending transactional emails (account verification, password resets, subscription confirmations)
• Providing customer support
• Sending service-related notices and updates
• Marketing communications (only with your consent, and you may opt out at any time)

2.4 Security and Legal

• Detecting and preventing fraud, abuse, and security incidents
• Enforcing our Terms of Use
• Complying with legal obligations

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service to you (account management, QR code generation, analytics)
• Legitimate Interest: Service improvement, fraud prevention, and security (where our interests do not override your rights)
• Consent: Marketing communications and non-essential cookies (you may withdraw consent at any time)
• Legal Obligation: Compliance with applicable laws and regulations

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• Service Providers: Third-party companies that assist in providing the Service (hosting, payment processing, email delivery, analytics). These providers are contractually obligated to protect your data.
• Team Members: If you use team features, designated team members may access QR code data within your workspace based on their assigned permissions.
• Legal Requirements: When required by law, legal process, or to protect our rights and the safety of our users.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

Our Key Service Providers

• Lemon Squeezy - Payment processing
• Hosting Provider - Infrastructure and data storage
• Email Provider - Transactional and marketing emails

5. Data Retention

We retain your data as follows:

• Account Data: For the duration of your account, plus 30 days after deletion request
• QR Code Data: For the duration of your account. Static QR code data is encoded directly and not stored after generation.
• Scan Analytics: Retained for the duration of your subscription. Aggregated anonymised data may be retained indefinitely.
• Billing Records: Retained for 7 years as required by tax and accounting regulations
• Server Logs: Automatically deleted after 90 days

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing (bcrypt)
• Regular security assessments and updates
• Access controls and least-privilege principles
• Secure payment processing through PCI DSS-compliant Lemon Squeezy

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 GDPR Rights (EU/EEA/UK Residents)

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request restriction of processing
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interest
• Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Lodge Complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Residents)

• Know: Request information about what personal data we collect and how it is used
• Delete: Request deletion of your personal data
• Opt-Out: Opt out of the sale of personal data (we do not sell personal data)
• Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise any of these rights, contact us at support@scanvato.com. We will respond to verified requests within 30 days.

8. International Data Transfers

Your data may be processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete such information.

10. Third-Party Links

QR codes created through our Service may link to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Email: support@scanvato.com
• Website: https://scanvato.com

For GDPR-related enquiries, you may also contact our Data Protection contact at: support@scanvato.com