Privacy Policy

Last updated: April 2026

Scanely ("we", "us", or "our") operates the website and service at scanely.io (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Data We Collect

1.1 Account Information

When you create an account, we collect the following personal data:

  • Name
  • Email address
  • Password (stored in hashed form only; we never store plaintext passwords)

1.2 Scan Analytics Data

When someone scans a QR code created through Scanely, we automatically collect the following data about the scan event:

  • Country and city (derived from IP address via geolocation)
  • Device type (mobile, desktop, tablet)
  • Browser name and version
  • Operating system
  • Referrer URL
  • Timestamp of the scan
  • IP address — hashed using SHA-256 before storage. We never store raw IP addresses.

1.3 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other financial information on our servers. Please refer to Stripe's Privacy Policy for details on how they handle your payment data.

2. How We Use Your Data

We use the information we collect for the following purposes:

  • To create and manage your account
  • To provide, maintain, and improve the Service
  • To generate scan analytics and reports for your QR codes
  • To process payments and manage subscriptions
  • To communicate with you about your account, service updates, or support requests
  • To detect and prevent fraud or abuse of the Service
  • To comply with legal obligations

We process your data under the following legal bases as defined by the GDPR: performance of a contract (providing the Service you signed up for), legitimate interests (improving and securing the Service), and compliance with legal obligations.

3. Cookies

Scanely uses cookies strictly for session management and authentication purposes. When you log in, a session cookie is set to keep you authenticated as you navigate the Service. These are essential cookies required for the Service to function and cannot be disabled.

We do not use advertising cookies, tracking cookies, or any third-party analytics cookies.

4. Third-Party Services

We use the following third-party services to operate Scanely:

4.1 Stripe

We use Stripe for payment processing. When you make a purchase, your payment information is transmitted directly to Stripe and is subject to Stripe's Privacy Policy.

4.2 Cloudflare

Our Service is hosted on Cloudflare's infrastructure, including Cloudflare Pages, Workers, and D1 database. Cloudflare may process certain data (such as IP addresses) as part of delivering our Service. This processing is governed by Cloudflare's Privacy Policy.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. Scan analytics data is retained for the duration of your account's existence to enable historical reporting.

If you delete your account, we will delete your personal data within 30 days, except where we are required to retain certain data for legal or regulatory purposes.

6. Your Rights Under the GDPR

As a data subject in the European Economic Area (EEA), you have the following rights under the GDPR:

  • Right of access — You have the right to request a copy of the personal data we hold about you.
  • Right to rectification — You have the right to request correction of inaccurate personal data.
  • Right to erasure — You have the right to request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing — You have the right to request that we limit the processing of your data under certain circumstances.
  • Right to data portability — You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object — You have the right to object to the processing of your personal data for certain purposes.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

7. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Passwords are hashed using industry-standard algorithms before storage
  • IP addresses are hashed with SHA-256 and never stored in raw form
  • All data in transit is encrypted via TLS/HTTPS
  • Infrastructure is hosted on Cloudflare's secure, SOC 2-compliant platform
  • Access to production systems is restricted to authorised personnel only

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe that a child has provided us with personal data, please contact us at [email protected].

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

If we make material changes that affect how we handle your personal data, we will notify you by email or through a prominent notice on the Service prior to the changes taking effect.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Scanely
Email: [email protected]
Website: scanely.io