Privacy.

01 · What we collect

• Account data. Email address, hashed password or OAuth identifier, display name, account creation time, and plan status.
• Code data. The name, type (static or dynamic), destination URL, and optional short slug for each QR code you create.
• Scan metadata. When someone scans a dynamic code, we record a timestamp, the user-agent string, and the country inferred from the request IP address. We do not store the raw IP address after derivation.
• Billing data. If you subscribe, our payment processor Stripe collects your payment method and billing address. Scanta stores only the Stripe customer identifier and subscription status.
• Product analytics. Page views, referrers, and performance vitals through Vercel Analytics and Vercel Speed Insights, which are privacy-first and do not use cookies or cross-site identifiers.

02 · How we use it

We use the data above to operate the service, authenticate you, render analytics in your account, bill you, send essential transactional email, respond to support requests, detect abuse, and improve the product. We do not sell your data and we do not use it to train AI models.

03 · Service providers

• Supabase. Database and authentication. Data is stored in managed Postgres.
• Vercel. Application hosting, analytics, speed insights.
• Stripe. Payment processing and subscription management.
• Resend. Transactional email delivery.
• Cloudflare. DNS and edge delivery for our domain.

Each provider processes data on our behalf under their own contractual privacy commitments.

04 · Cookies

We use a small number of first-party cookies strictly to keep you signed in and to remember your session across pages. We do not use third-party advertising or cross-site tracking cookies.

05 · Your rights

Depending on where you live, you may have rights to access, correct, export, restrict processing of, or delete your personal data. You also have the right to object to certain processing and to withdraw consent where applicable.

To exercise any of these rights, email hello@satosushi.co from the address associated with your account. We respond within 30 days. Account deletion removes your profile, codes, and scan records from active systems; residual copies may remain in encrypted backups for a limited retention period.

06 · Data retention

We retain account data for as long as your account is active. Scan metadata is retained while the associated code exists or up to 24 months, whichever is shorter. Billing records are retained for the period required by applicable tax and financial-records laws.

07 · Security

We use encryption in transit (TLS) and at rest for stored data. Access to production systems is limited to personnel who need it and authenticated through our identity provider. No system is perfectly secure; please use a unique strong password and report any suspected compromise immediately.

08 · Children

Scanta is not directed to children under 13. We do not knowingly collect personal data from anyone in that age range. If you believe a child has provided us data, contact us and we will delete it.

09 · International transfers

Our providers operate globally. Your data may be processed in jurisdictions outside your own, including the United States. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses.

10 · Changes

If we make material changes to this policy we will notify you by email or in-app notice before the change takes effect.

11 · Contact

Questions about privacy: reach us at hello@satosushi.co.