Scanvato ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our QR code generator platform at https://scanvato-main-eahqci.laravel.cloud ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. We comply with applicable data protection legislation, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide when using the Service:

Account Data: Name, email address, and password when you register for an account
Billing Data: Payment information processed securely by Stripe (we do not store full credit card numbers)
QR Code Content: The data you include in your QR codes (URLs, contact details, text, Wi-Fi credentials, event information, etc.)
Uploaded Files: Logos, images, PDFs, and other files you upload to the platform
Profile Data: Any additional profile information you choose to provide
Communication Data: Information provided when you contact our support team

1.2 Information Collected Automatically

When you or end-users scan QR codes created through our Service, we may automatically collect:

Scan Analytics: Date and time of scan, approximate geographic location (city/country level derived from IP address), device type, operating system, browser type, and referrer information
Usage Data: Pages visited, features used, session duration, and interaction patterns within the platform
Technical Data: IP address, browser type and version, device identifiers, screen resolution, and operating system
Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy for details)

1.3 Information from Third Parties

Payment Processor: Stripe provides us with limited transaction data (payment status, last four digits of card, billing address)
Authentication Providers: If you sign in via third-party services, we receive basic profile information (name, email)

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

Creating and managing your account
Generating, storing, and serving QR codes
Processing dynamic QR code redirects
Providing scan analytics and reporting
Processing payments and managing subscriptions
Facilitating team collaboration features

2.2 Service Improvement

Analysing usage patterns to improve features and user experience
Identifying and fixing bugs, errors, and performance issues
Developing new features and services
Conducting research and analytics

2.3 Communication

Sending transactional emails (account verification, password resets, subscription confirmations)
Providing customer support
Sending service-related notices and updates
Marketing communications (only with your consent, and you may opt out at any time)

2.4 Security and Legal

Detecting and preventing fraud, abuse, and security incidents
Enforcing our Terms of Use
Complying with legal obligations

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to provide the Service to you (account management, QR code generation, analytics)
Legitimate Interest: Service improvement, fraud prevention, and security (where our interests do not override your rights)
Consent: Marketing communications and non-essential cookies (you may withdraw consent at any time)
Legal Obligation: Compliance with applicable laws and regulations

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

Service Providers: Third-party companies that assist in providing the Service (hosting, payment processing, email delivery, analytics). These providers are contractually obligated to protect your data.
Team Members: If you use team features, designated team members may access QR code data within your workspace based on their assigned permissions.
Legal Requirements: When required by law, legal process, or to protect our rights and the safety of our users.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

Our Key Service Providers

Stripe - Payment processing
Hosting Provider - Infrastructure and data storage
Email Provider - Transactional and marketing emails

5. Data Retention

We retain your data as follows:

Account Data: For the duration of your account, plus 30 days after deletion request
QR Code Data: For the duration of your account. Static QR code data is encoded directly and not stored after generation.
Scan Analytics: Retained for the duration of your subscription. Aggregated anonymised data may be retained indefinitely.
Billing Records: Retained for 7 years as required by tax and accounting regulations
Server Logs: Automatically deleted after 90 days

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

Encryption of data in transit (TLS/SSL) and at rest
Secure password hashing (bcrypt)
Regular security assessments and updates
Access controls and least-privilege principles
Secure payment processing through PCI DSS-compliant Stripe

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 GDPR Rights (EU/EEA/UK Residents)

Access: Request a copy of your personal data
Rectification: Request correction of inaccurate data
Erasure: Request deletion of your personal data ("right to be forgotten")
Restriction: Request restriction of processing
Portability: Request your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interest
Withdraw Consent: Withdraw consent at any time where processing is based on consent
Lodge Complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Residents)

Know: Request information about what personal data we collect and how it is used
Delete: Request deletion of your personal data
Opt-Out: Opt out of the sale of personal data (we do not sell personal data)
Non-Discrimination: Not be discriminated against for exercising your privacy rights

To exercise any of these rights, contact us at privacy@scanvato.com. We will respond to verified requests within 30 days.

8. International Data Transfers

Your data may be processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete such information.

10. Third-Party Links

QR codes created through our Service may link to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: privacy@scanvato.com
Website: https://scanvato-main-eahqci.laravel.cloud

For GDPR-related enquiries, you may also contact our Data Protection contact at: dpo@scanvato.com

Privacy Policy