SCANNA / LEGAL

Privacy Policy

Last updated: 2026-05-03

This page describes what data Scanna collects, how we use it, and how you can request changes.

1. What we collect

Email address — required to create an API key and receive billing receipts.
Optional company name and primary use case — collected on the signup form, stored on the customer record for product analytics.
API request metadata — timestamp, endpoint, response status — used for usage counting and rate-limit enforcement. We log only HTTP 2xx responses to your aggregate counter; failed requests are not billed and not retained beyond standard server logs.
Stripe customer + subscription identifiers needed to process billing. Card data is held by Stripe, not by us.

2. What we don't collect

No third-party analytics or advertising pixels are loaded on api.scanna.xyz.
We don't sell or share your email address with third parties.

3. How we use it

Provisioning your API key and routing the welcome / billing-cycle emails through Resend (transactional only).
Aggregate usage reporting on your dashboard (today / month / billing-cycle counts; 7-day chart).
Internal product analytics (e.g., which endpoints are most used).

4. Sub-processors

Stripe (payment processing).
Resend (transactional email delivery).
Railway (application hosting + Postgres).

5. Your rights

Email [email protected] or [email protected] to request a copy of the data we hold about you, request deletion of your account and associated rows, or update your email or other account details.

6. Retention

Account rows + Stripe references are kept while your subscription is active and for 6 months after cancellation for billing reconciliation. Aggregate usage rows are kept indefinitely for product analytics; per-call audit logs are not retained.

7. Cookies

We set one cookie, sid, when you log in via magic link. It is HttpOnly, Secure (HTTPS-only), SameSite=Lax, and expires after 30 days. We use no third-party cookies.

8. Contact

[email protected] or [email protected].

← Back to docs