Scanny
Get Early Access

Privacy Policy

Last updated: December 27, 2025

1. Introduction

Scanny ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered OCR and document processing service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us:

  • Name and email address (required for account creation)
  • Payment information (processed securely through Stripe)
  • Company name and business information (optional)
  • Communication preferences

2.2 Document Data

When you use our OCR service, we process:

  • Uploaded documents and images
  • Extracted text and structured data from documents
  • Document metadata (file names, upload timestamps, processing status)
  • Custom document type schemas you create

2.3 Usage Data

We automatically collect certain information about your use of the Service:

  • API usage logs and processing history
  • Browser type, device information, and IP address
  • Pages visited and features used
  • Error logs and performance metrics
  • Google Analytics data (anonymized)

2.4 Third-Party Integration Data

When you connect third-party services:

  • OAuth tokens and refresh tokens for HubSpot, Google Drive, etc.
  • CRM field mappings and workflow configurations
  • Metadata from integrated platforms (deal names, contact information)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

  • Process documents using AI-powered OCR
  • Extract and structure data according to your schemas
  • Integrate with your HubSpot CRM and Google Drive accounts
  • Execute automated workflows
  • Provide API access and documentation

3.2 Account Management

  • Create and maintain your account
  • Process payments and manage subscriptions
  • Send service notifications and updates
  • Provide customer support

3.3 Service Improvement

  • Analyze usage patterns to improve accuracy and performance
  • Train and improve our AI models (using anonymized data only)
  • Debug errors and fix technical issues
  • Develop new features and integrations

3.4 Legal Compliance

  • Comply with legal obligations
  • Prevent fraud and abuse
  • Protect user security and privacy

4. Data Processing and AI

Your documents are processed using Google's Gemini Vision API for OCR and data extraction:

  • Documents are transmitted securely to Google's AI services
  • Processing occurs in real-time and documents are not permanently stored by Google
  • We use structured schema validation to ensure accurate extraction
  • Extracted data is stored on our secure servers
  • We do not use your documents to train third-party AI models without consent

5. Data Storage and Security

We implement industry-standard security measures:

5.1 Technical Safeguards

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Secure password hashing using bcrypt
  • API token-based authentication
  • Regular security audits and penetration testing

5.2 Infrastructure

  • AWS cloud infrastructure with SOC 2 compliance
  • PostgreSQL database with automated backups
  • Redis caching with secure access controls
  • CloudFront CDN with DDoS protection

5.3 Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication for admin accounts
  • Audit logs for all data access
  • Limited employee access on a need-to-know basis

6. Data Retention

We retain your data as follows:

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Documents: Stored according to your plan limits; you can delete anytime
  • Extracted Data: Retained for the lifetime of associated documents
  • Usage Logs: Retained for 90 days for debugging and analytics
  • Billing Records: Retained for 7 years as required by law

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

7.1 Third-Party Services

  • Google Gemini: For AI-powered OCR processing
  • Stripe: For payment processing
  • AWS: For cloud infrastructure and storage
  • Google Analytics: For anonymized usage analytics

7.2 Your Authorized Integrations

  • HubSpot: When you connect your HubSpot account, we share extracted data to populate CRM fields
  • Google Drive: When you authorize access, we read documents from your Drive

7.3 Legal Requirements

We may disclose your information if required by law, court order, or government request.

8. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Export: Download your documents and extracted data
  • Opt-Out: Unsubscribe from marketing emails (service emails required)
  • Revoke Access: Disconnect third-party integrations anytime

To exercise these rights, contact us at amr@scanny-ai.com.

9. Cookies and Tracking

We use cookies and similar technologies:

Essential Cookies

  • Session management and authentication
  • Security and fraud prevention

Analytics Cookies

  • Google Analytics (anonymized IP addresses)
  • Performance monitoring and error tracking

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure adequate safeguards are in place through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with vendors
  • Compliance with GDPR, CCPA, and other privacy regulations

11. Children's Privacy

Scanny is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will promptly delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our Service. Your continued use after such changes constitutes acceptance of the updated Privacy Policy.

13. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data includes consent, contract performance, and legitimate interests.

14. CCPA Compliance (California Users)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to deletion
  • Right to non-discrimination for exercising CCPA rights

15. Contact Information

For privacy-related questions or to exercise your rights, contact us:

  • Email: amr@scanny-ai.com
  • Website: https://scanny-ai.com
  • Data Protection Officer: amr@scanny-ai.com

By using Scanny, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.