ScanSafe

← Back to App

Privacy Policy

Last updated: March 23, 2026  |  Effective: March 23, 2026

1. Who We Are

Data Controller: NexusFleet, operated by CarlosFilipe.net
App name: ScanSafe - Product Safety Scanner
Website: scansafe.pro
Privacy contact: privacy@carlosfilipe.net

ScanSafe is a product safety scanning application designed to help users identify potentially hazardous ingredients, carcinogens, allergens, and harmful additives in consumer products. We are the data controller for all personal data collected through this app.

Important health disclaimer: ScanSafe is an informational tool only. Results are not medical advice. Always consult a qualified healthcare professional before making health decisions based on product safety information.

2. Information We Collect

ScanSafe collects the following categories of personal data:

• Account credentials: Your email address and a bcrypt-hashed password when you register for an account. We never store your password in plain text.
• Allergen and dietary preferences: Personal allergen flags (e.g., nuts, gluten, lactose, sulphites) and dietary restrictions (e.g., vegan, halal, kosher) that you configure in your profile. This data is used solely to personalise your scan results.
• Scan history: Records of barcodes you have scanned, the product name and brand retrieved, the ingredients analysed, flagged substances, and the safety score returned. Each record is timestamped and automatically deleted after 30 days.
• Ingredient label images (temporary): When you use the OCR label scan feature, the image captured by your camera is transmitted to Anthropic's Claude API for text extraction and analysis. The image is not stored on our servers — it is processed in memory and discarded after the API call completes.
• Payment data (premium users): Subscription status — your payment card details are handled exclusively by Stripe and never stored on our servers.
• Authentication session data: A session token stored as a cookie to keep you logged in.

We do not collect your GPS location, contacts, microphone audio, or any data beyond what is listed above.

3. How We Use Your Information

• To allow you to scan barcodes and retrieve product safety information from our curated database and the OpenFoodFacts API
• To personalise scan results against your saved allergen and dietary restriction preferences
• To send ingredient label image content to Anthropic's Claude AI for OCR text extraction and ingredient analysis
• To maintain your scan history so you can review past scans within the app
• To automatically delete scan history records older than 30 days
• To send transactional emails via Brevo (account verification, password resets, subscription receipts)
• To process premium subscription payments via Stripe
• To maintain session authentication so you stay securely logged in
• To improve our ingredient database and flagging algorithms using aggregated, anonymised scan data
• To comply with applicable law and respond to lawful legal requests

4. Legal Basis for Processing (GDPR Article 6)

For users in the European Union, we process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b)): Processing your account data, scan history, and allergen preferences is necessary to deliver the ScanSafe service you signed up for
• Consent (Art. 6(1)(a)): Sending ingredient label images to Anthropic's Claude AI for OCR analysis, and any optional marketing communications. You may withdraw consent at any time without affecting prior processing.
• Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, and improving our product database using aggregated anonymised data
• Legal obligation (Art. 6(1)(c)): Retaining payment records to comply with financial regulations

5. Third-Party Services

We share limited data with the following service providers. We do not sell data to any third party.

• Anthropic (Claude AI) — When you use the ingredient label OCR scan feature, the captured image is sent to Anthropic's Claude API for text extraction and ingredient analysis. Anthropic processes this image data per their own privacy policy. Images are not stored by us after the API call completes.
  Privacy policy: anthropic.com/privacy
• OpenFoodFacts API — When you scan a product barcode, the barcode number is sent to the OpenFoodFacts open-source database to retrieve product name, brand, and ingredient information. OpenFoodFacts is a non-profit project; no personal data is sent to them — only the barcode number.
  Privacy policy: world.openfoodfacts.org/privacy
• Brevo (Sendinblue) — We use Brevo to deliver transactional emails such as account verification, password reset links, and subscription notifications. Your email address is shared with Brevo solely for this delivery purpose.
  Privacy policy: brevo.com/legal/privacypolicy
• Stripe — Premium subscription payments are processed by Stripe. We share your email address with Stripe for payment identification. We never receive or store your full card number, CVV, or billing address.
  Privacy policy: stripe.com/privacy
• Let's Encrypt — SSL/TLS certificates that encrypt all data in transit. No personal data is shared with Let's Encrypt.
  Privacy policy: letsencrypt.org/privacy
• Google Fonts — The Inter typeface is loaded from Google Fonts CDN, which may log your IP address. No personal account data is shared with Google.
  Privacy policy: policies.google.com/privacy

We do not use advertising networks, tracking pixels, social media trackers, behavioural analytics platforms, or any service that shares your personal data with third parties for marketing.

6. AI and Automated Processing

ScanSafe uses Anthropic's Claude AI for ingredient label OCR analysis. When you photograph a product label:

• The image is captured by your device camera via the WebRTC/MediaDevices API
• The image is transmitted over an encrypted HTTPS connection to Anthropic's Claude API
• Claude extracts the ingredient list text and analyses it against known hazardous substance classifications (IARC, NTP, California Prop 65, EFSA, EWG)
• The analysis result is returned to your device and, if you are logged in, saved to your scan history
• The original image is not stored by ScanSafe after the API call completes
• Anthropic may temporarily process this image in accordance with their API data handling policies

No automated decision-making with legal or significant personal effects is performed solely by AI in ScanSafe. All AI-generated safety assessments are informational only and are not a substitute for professional health or safety advice.

7. Camera Access

ScanSafe requests access to your device camera for two distinct purposes:

• Barcode scanning: The camera viewfinder is used to read product barcodes in real time. Barcode images are decoded entirely on your device using local JavaScript barcode detection libraries. No barcode image frame is ever transmitted to our servers.
• Ingredient label OCR: A photo of a product label is captured and sent to Anthropic's Claude API for ingredient text extraction. This image is processed in memory only and is not stored on our servers.

You may deny camera permission at any time. If camera access is denied, you can still use ScanSafe by manually entering barcodes or product names in the search field. You can revoke camera permission at any time in your device or browser settings.

8. Data Security

We protect your data using the following security measures:

• Encryption in transit: All communication between your device and our servers uses TLS 1.2 or higher
• Encryption at rest: Scan history, allergen preferences, and account data are stored in a MongoDB database on our dedicated server with filesystem encryption
• Password hashing: Passwords are hashed with bcrypt (cost factor 12) — we never store plain text passwords
• Session security: Authentication uses signed, expiring session tokens that are invalidated on logout
• Server hardening: Our server runs on dedicated hardware (Hetzner, Helsinki, EU) with firewall rules, intrusion detection, fail2ban, and regular security audits
• No sensitive data in logs: No personal data is written to application logs in plain text

In the event of a data breach affecting your rights, we will notify affected users and relevant supervisory authorities as required by applicable law within 72 hours of becoming aware of the breach.

9. Data Retention

• Scan history: Each scan record is automatically and permanently deleted 30 days after creation. This deletion is automated and irreversible.
• Allergen preferences: Retained for the duration your account is active. Deleted within 30 days of account deletion.
• Account credentials: Retained while your account is active. Permanently deleted within 30 days of a verified account deletion request.
• Ingredient label images: Not stored — processed in memory during the API call and discarded immediately after the response is returned.
• Payment records: Stripe transaction records are retained for 7 years to comply with financial regulations. Card details are never stored by us.
• Security logs: Login and security event logs are retained for 90 days, then permanently deleted.

10. Your Rights (GDPR)

If you are located in the European Union or European Economic Area, you have the following rights:

• Right of access (Art. 15): Request a full copy of all personal data we hold about you, including scan history, allergen preferences, and account information
• Right to rectification (Art. 16): Correct your email address or allergen preferences — most fields are editable directly in your account settings
• Right to erasure (Art. 17): Request deletion of your account and all associated data — available in account settings or by emailing us
• Right to data portability (Art. 20): Export your scan history and allergen preferences in a machine-readable format (JSON) via account settings
• Right to restriction (Art. 18): Request that we pause processing of your data under certain circumstances
• Right to object (Art. 21): Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for AI label image processing at any time — you can continue using barcode scanning without the OCR feature
• Right to lodge a complaint: Contact your national supervisory authority (e.g., the Malta Information and Data Protection Commissioner, the ICO in the UK, or your EU member state's data protection authority)

To exercise any right, email privacy@carlosfilipe.net with the subject "Privacy Rights Request — ScanSafe". We will respond within 30 days.

11. Cookies and Local Storage

ScanSafe uses minimal browser storage:

• Session cookie: A single strictly-necessary cookie containing your session token is set on login. It expires when you log out or the session times out. It contains only a session identifier and no personal data. This cookie is required for the app to function — it cannot be disabled while you are logged in.
• Local storage: App UI preferences (e.g., default scan mode, display settings) may be stored in your browser's local storage. This data never leaves your device and contains no personally identifiable information.

We do not use advertising cookies, third-party analytics cookies, or tracking pixels. We do not display a cookie consent banner because we use no non-essential cookies beyond those strictly necessary to operate the service.

12. Age Restrictions

ScanSafe is intended for users aged 16 and older. We do not knowingly collect personal data from anyone under 16 years of age. If you are under 16, you must not create an account or provide personal information to us.

If we discover that personal data has been inadvertently collected from a person under 16, we will delete that data promptly. If you believe a minor has registered, contact us immediately at privacy@carlosfilipe.net.

13. International Data Transfers

Your account data and scan history are stored on a dedicated server in Helsinki, Finland, within the European Union. EU data protection standards apply by default.

When you use the ingredient label OCR feature, label images are sent to Anthropic's API, which may process data on servers in the United States. Anthropic maintains appropriate legal mechanisms for international transfers. By using the OCR feature, you consent to this transfer.

Barcode lookups via the OpenFoodFacts API may involve servers outside the EU. Only the barcode number (not personal data) is transmitted in these requests.

Email delivery via Brevo and payment processing via Stripe involve international data transfers subject to Standard Contractual Clauses (SCCs) or equivalent GDPR-compliant mechanisms.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect product changes or legal requirements. We will notify you of material changes by:

• Displaying an in-app notification at least 14 days before changes take effect
• Sending an email to your registered email address for significant changes affecting your rights

The "Last updated" date at the top of this page reflects the most recent revision. Continued use of ScanSafe after the effective date of a revised policy constitutes acceptance of the updated terms.

15. Contact Information

NexusFleet / CarlosFilipe.net
Privacy inquiries: privacy@carlosfilipe.net
App website: scansafe.pro

For GDPR rights requests, email us with subject "GDPR Request — ScanSafe" and your registered email address. We respond within 30 days.

For urgent security or data breach concerns, email us with subject "Security — ScanSafe".