Privacy Policy

The controller for ScanWize is PromptSlashers, Elisabeth Willemslaan 26, 3150 Wespelaar, Belgium. VAT: BE 0745.494.290.

Privacy requests can be sent through promptslashers.com. A dedicated ScanWize privacy email should be added before account storage or paid plans are launched.

• Website data: pages visited, cookie-consent choices, anonymous free-scan quota state and language preferences.
• Document data: uploaded images or PDFs, extracted text, sender details, payment details, QR/link destinations, risk signals and generated summaries when analysis is enabled.
• Account and billing data later: email address, profile details, plan status, Stripe customer/subscription references and support messages.
• Security data: request metadata, abuse-prevention signals, error logs and consent records.

The live scan backend is disabled until the required Supabase, OpenAI and EU data-region configuration is present. Until that happens, selected documents stay in the browser and are not uploaded by the ScanWize analysis flow.

When live analysis is enabled, non-archived document originals are designed to be deleted after processing. Archive storage will require an authenticated account and paid-plan checks before it is enabled.

• Providing the scan and explanation service: contract or steps before entering a contract.
• Security, fraud prevention, debugging and abuse control: legitimate interests and legal obligations where applicable.
• Optional analytics, marketing cookies and optional redacted scam-learning retention: consent.
• Billing, accounting and tax records: contract and legal obligations.

ScanWize is built to use Cloudflare Workers for hosting, Supabase for EU-hosted database/storage, OpenAI API for document analysis and Stripe for payments once billing is enabled. These services must be configured under appropriate data-processing terms before real document processing goes live.

The intended setup is EU-first for the database and file storage layer. Some processors or subprocessors may involve transfers outside the EEA; where that happens, appropriate safeguards such as data-processing agreements and standard contractual clauses should be used.

• Cookie-consent records are kept for up to 180 days unless replaced or expired earlier.
• Anonymous free-scan quota cookies are kept for up to 365 days so the free-scan limit can be enforced without an account.
• Anonymous scan results are kept in browser session storage only for the current tab session.
• Temporary document originals should be deleted after analysis unless the user has account-based archive storage enabled.
• Billing, legal and security records may be retained for the periods required by Belgian and EU law.

You can request access, correction, deletion, restriction, portability or objection where GDPR gives you those rights. You can also withdraw consent for optional processing.

We should respond without undue delay and in principle within one month after receiving a valid request. You may also lodge a complaint with the Belgian Data Protection Authority.