Scanby Logo
Scanby

Privacy Policy

Last updated: 26 April 2026

We respect your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit the Scanby website, use the app at app.scanby.cloud, contact us, or use our product features. It applies together with our Cookie Policy, which describes how we use cookies and similar technologies.

1. Data controller and scope

The data controller is the Scanby team operating the Services ("we"). This policy covers processing through our public website and the Scanby application, marketing communications when you have opted in, and support channels we operate. The specific legal entity name and company registration, if you need them for a contract or complaint, you can request from info@scanby.com. For general questions, use the same address.

2. Data we collect

Account and product data: when you register, we collect identifiers such as your name, email, business name, and country, and we store the menu, configuration, and usage data you add to the platform. Technical and usage data: we may process IP address, device and browser type, general location (country or region from IP), log data, and product analytics so we can run and secure the service. If you use contact forms, we process the name, email, and message you send. Marketing: if you subscribe to our newsletter, we use your email and (if you give it) your name to send updates you agreed to. Cookies and similar data are covered in the Cookie Policy.

3. How we use your data and legal bases (GDPR)

We use data: to create and run your account and deliver the Services (contract, Art. 6(1)(b) GDPR; where required, legitimate interest in a secure, reliable product, 6(1)(f) with you able to object where applicable). To process payments, we work with a payment provider; we do not store full card numbers on our own servers. To communicate about the service, security, or legal obligations (6(1)(c) and (b)). To improve the product, we may use usage metrics in an aggregated or pseudonymous form. For optional analytics or marketing, we ask for your consent through our cookie and preference settings where required (6(1)(a)).

Newsletter and product marketing: we only send you marketing if you have opted in, or, where the law allows, in connection with a similar product; you can unsubscribe at any time. We do not sell your personal data in the common sense of selling lists to random buyers.

4. Retention

We keep account and product data for as long as you have an account, plus a short period to recover from accidental deletion or to handle disputes, unless a longer period is required by law (e.g. accounting). Support tickets and contact messages are kept for a period necessary to support you and to demonstrate compliance. Logs may be kept for a limited period for security. After cancellation, our standard practice and any stated retention (for example, the period before permanent deletion in our FAQ) apply; you can ask for earlier deletion if the law offers that right, subject to legal holding periods.

5. Recipients, transfers, and processors

We use professional hosting and service providers (for example, infrastructure, email delivery, and analytics) as processors, under agreements that require them to protect the data. Some providers may be in countries outside the EEA. Where we transfer personal data to countries without an adequacy decision, we use appropriate safeguards such as standard contractual clauses or other mechanisms the law provides. You can request a summary of these safeguards or a copy of the standard clauses in relation to your data, contact info@scanby.com.

6. Your rights

If you are in the EEA, UK, or in another jurisdiction with similar law, you may have the right to access, correct, delete, or restrict processing of your data, to data portability, to object to certain processing, and to withdraw consent where we rely on it. You may also lodge a complaint with your local data protection authority. To exercise a right, email info@scanby.com. We will respond without undue delay and within the time the law allows (commonly 30 days for many EU requests, with possible extension for complex cases).

7. Security

We use technical and organizational measures appropriate to the risk, including access controls, encryption in transit, and safe practices for our team. No online service can be 100% secure; you should also protect your account password and device.

8. Children

The Services are not intended for use by children under 16, and we do not knowingly process their personal data. If you believe a child has given us data, contact us and we will delete it where the law requires.

9. Changes to this policy

We may update this policy and will change the "Last updated" date. If changes are material, we will provide a clearer notice (for example, by email to account holders) where the law or our product practices require. For cookies, the Cookie Policy may also be updated when we change technologies.