GDPR Information

Information about your rights under the General Data Protection Regulation (GDPR)

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union (EU) and European Economic Area (EEA), regardless of where the organization is located.

How Scanlytics Complies with GDPR

Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contract - To provide you with our QR code analytics services
  • Legitimate Interest - To improve our services and prevent fraud
  • Consent - For marketing communications (where applicable)
  • Legal Obligation - To comply with applicable laws and regulations

Privacy by Design

Scanlytics was built with privacy in mind from the ground up:

  • Cookieless Tracking - We don't use third-party cookies for analytics
  • IP Anonymization - Scanner IP addresses are not stored
  • Data Minimization - We only collect data necessary for our services
  • Secure Infrastructure - All data is encrypted in transit and at rest

Your Data Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data along with information about how it is processed.

Request your data export →

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Update your account information →

Right to Erasure (Article 17)

Also known as the "right to be forgotten", you can request deletion of your personal data when it is no longer necessary for the purpose it was collected.

Request data deletion →

Right to Restriction (Article 18)

You can request restriction of processing when you contest the accuracy of data, when processing is unlawful, or when we no longer need the data but you need it for legal claims.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Export your data in JSON/CSV →

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. You can disable analytics tracking for your QR codes at any time.

Manage analytics settings →

Data Processing Details

Data We Process

Data TypePurposeRetention
Account DataService provision, authenticationUntil account deletion
QR Code DataCore service functionalityUntil deletion or account closure
Analytics (Aggregated)Usage insights for customersBased on plan (30 days - unlimited)
Audit LogsSecurity and compliance30 days

Sub-processors

We use the following sub-processors to provide our services:

ProviderServiceLocation
Cloudflare, Inc.Infrastructure, CDN, AnalyticsGlobal (EU-US DPF certified)
Clerk, Inc.Authentication, User ManagementUSA (EU-US DPF certified)
Stripe, Inc.Payment ProcessingUSA (EU-US DPF certified)

International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA. We ensure appropriate safeguards are in place:

  • EU-U.S. Data Privacy Framework certification (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection

Data Protection Officer

For any GDPR-related inquiries or to exercise your data rights, please contact us at:

Email: privacy@scanlytics.app

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. You may contact your local data protection authority or the authority in the country where we are established.

For our full privacy practices, see our Privacy Policy.