Privacy policy
1. Data controller
Micro-enterprise « Scan-Access » (SIRET 850 856 386 00014), 42 rue Laudinat, 33130 Bègles, France · hello@scan-access.com.
2. Data we collect
We collect strictly what is needed to provide the service:
- Account data: email, hashed password, first name.
- Billing data: payment reference held by our payment processor.
- Technical data: scanned URLs, fetched public HTML, scan metadata.
- Usage data: action log (login, scan, triage), for security and service improvement.
3. Purposes of processing
Your data is processed to: (a) provide and improve the service, (b) process billing, (c) ensure security and prevent fraud, (d) comply with legal obligations.
4. Retention period
- Accounts: 12 months after last sign-in, then anonymised.
- Scans: 12 months (renewed while subscription stays active).
- Invoices: 10 years (French CGI art. L. 102 B).
5. Service providers
We use technical service providers (hosting, payment, email…) bound by confidentiality obligations. Transfers outside the EU are covered by appropriate safeguards where applicable.
6. Your rights
You have rights of access, rectification, erasure, restriction, portability, and objection. Exercise them by emailing hello@scan-access.com. You may also lodge a complaint with the CNIL (France) or your local data protection authority.
7. Security
Passwords are hashed using Argon2id. Data is transmitted over TLS. Infrastructure is hosted on Google Cloud Platform.
8. Contact
For any privacy-related request: hello@scan-access.com.