ScanSafe

Introduction

This Privacy Policy explains how ScanSafe ("the App," "we," "us," or "our") — developed by Carlos Filipe / Craftura — collects, uses, and protects your information when you use the ScanSafe mobile application and related services.

By using ScanSafe, you agree to the data practices described in this Privacy Policy. If you do not agree, please discontinue use of the App.

Information We Collect

We collect only the minimum information necessary to provide ScanSafe's core features.

We do not collect device fingerprints, advertising IDs (IDFA/GAID), location coordinates, microphone recordings, photo library contents, or contacts.

How We Use Your Information

Your data is used solely to power ScanSafe's features:

• Product scanning: Camera access is used exclusively to detect barcodes in real-time. No images are captured or transmitted.
• Scan history: Your product history is stored on your device to let you review past scans. If cloud sync is enabled, this data is encrypted before transmission.
• Account management: Your email is used for login, password recovery, and important service communications. We do not send marketing emails without explicit consent.
• AI analysis: When you request ingredient analysis, product data (not your personal data) is sent to Claude AI for processing. No personal identifiers are included.
• Payment processing: Subscription payments are processed entirely by Stripe. ScanSafe never sees or stores your payment card details.
• App improvement: Anonymous, aggregated analytics help us identify crashes, optimize performance, and improve the scanning experience.

Third-Party Services

ScanSafe integrates with the following trusted third-party services. Each operates under its own privacy policy:

We do not integrate with advertising networks, social media trackers, or data brokers. No personal data is sold to or shared with any third party for commercial purposes.

Data Storage and Security

Primary storage is on-device. Your scan history, preferences, and cached product data are stored locally on your device using encrypted storage. This data does not leave your device unless you explicitly enable cloud sync.

Cloud sync (optional): If enabled, your scan history is encrypted end-to-end before being transmitted to our secure cloud infrastructure. We use industry-standard AES-256 encryption in transit (TLS 1.3) and at rest.

Account data: If you create an account, your email and hashed password are stored on our servers in the European Union. We never store plaintext passwords.

Data minimization: We automatically delete inactive account data after 24 months of inactivity. Scan history older than 12 months may be pruned from cloud sync while remaining on-device unless you delete it.

Security practices: Our infrastructure undergoes regular security audits, penetration testing, and automated vulnerability scanning. All servers are hardened with encrypted storage, VPN-only administrative access, and intrusion detection systems.

Your Rights (GDPR — EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

To exercise any of these rights, contact us at hello@craftura.net. We will respond within 30 days. No fees apply for standard requests.

The legal basis for processing your personal data is:

• Contract performance — to provide the ScanSafe service you subscribed to
• Legitimate interests — app security, fraud prevention, and service improvement
• Consent — for optional features such as cloud sync and marketing communications

Children's Privacy

ScanSafe is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at hello@craftura.net and we will promptly delete such information.

Users between 13 and 16 in the EU require parental consent under GDPR Article 8 before creating an account.

Cookies and Tracking

The ScanSafe mobile app does not use tracking cookies. The ScanSafe website (scansafe.pro) may use essential cookies for session management and optional analytics cookies, subject to your consent via our cookie banner.

We do not use:

• Third-party advertising cookies
• Cross-site tracking pixels
• Social media tracking scripts
• Fingerprinting technologies

International Data Transfers

ScanSafe is developed by Carlos Filipe / Craftura, based in Malta, European Union. Our primary infrastructure is located within the EU.

When product data is sent to Claude AI (Anthropic, US-based) for analysis, this represents a transfer outside the EU. This transfer occurs under Anthropic's Standard Contractual Clauses and Binding Corporate Rules, which provide adequate safeguards under GDPR Article 46.

Payment data handled by Stripe may be processed in the United States. Stripe operates under the EU-US Data Privacy Framework and Standard Contractual Clauses.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Send a notification to your registered email address (if applicable)
• Display an in-app notification for significant changes

Continued use of ScanSafe after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out: