Who runs Scanini
Scanini is operated by Powery Dev Group, LLC, a limited liability company organized under the laws of the State of Delaware, United States of America. For privacy law purposes (GDPR, UK GDPR, CCPA, LGPD), Powery Dev Group, LLC is the data controller responsible for the personal data described below. Reach us at [email protected].
What we collect
Account data
- Your email address (for login and account recovery)
- A hashed password (never the plaintext)
- Your display name (whatever you typed at signup)
- Account timestamps (created, last seen)
Collection + scan data
- The codes you've scanned and how many copies of each you own
- An audit log of every scan — the raw model output, the confidence level, whether it matched a real card, and whether a credit was charged. This lets us debug misreads and watch for abuse.
- Your scan credit balance
Payment data
- A Stripe customer ID linking your account to Stripe's billing record
- The last 4 digits and brand of any saved payment method (we never see the full card number — Stripe handles all card data)
- Subscription / charge metadata returned by Stripe (status, dates, amounts)
Things we explicitly do not collect or store
- Your camera images. Camera frames flow through our server to the vision model and are discarded immediately. They're never written to disk or any database.
- Your full credit-card details. Stripe handles all card data; we don't see it.
- Cross-site tracking data. No analytics SDKs, no third-party trackers, no advertising IDs.
- Your location, contacts, photos library, microphone, or any sensor besides the camera.
How we use your data
- To run the service: store your collection, decrement credits, show you what you have and what's missing, fulfill payments.
- To prevent abuse: rate limits, detecting scripted access, identifying accounts that try to drain credits via tricks.
- To fix bugs: server-side error logs may include your account ID. We don't log payloads (no scan images, no passwords).
- To contact you about your account when something important happens (security, billing, service changes).
We don't use your data to train AI models, sell to third parties, or share with advertisers.
Who we share data with
We use a small number of third-party services strictly for operation:
- Anthropic — runs the vision model that reads sticker codes. We send the cropped camera frame; Anthropic processes it and returns the code. Per Anthropic's privacy terms, API inputs are not used to train their models.
- Stripe — processes payments and stores the card details we never see. See Stripe's privacy policy.
- Laravel Cloud — hosts the app, the database, and our logs.
- Email provider — for transactional emails (verification, password resets, billing receipts). Not used for marketing.
We don't share data with anyone outside this list, and we don't sell data to anyone, period.
Cookies and local storage
Scanini uses your browser's localStorage (not cookies) to keep you signed in (your auth token) and to remember small UI preferences (sound on/off, "you've seen the onboarding" flag). Clear these from browser settings if you want; you'll just need to sign in again.
We don't set tracking cookies. We don't use analytics services.
Data retention
Camera images are never stored — they're discarded the moment the scan completes. Account data and your collection live as long as your account does, and are deleted within 30 days of you closing the account. Scan logs auto-purge after 90 days. Stripe holds payment records on its side for the 7 years required by US tax and accounting rules; that copy is outside our control.
Your rights
Depending on where you live, you may have rights under privacy laws like GDPR (EU/UK), CCPA (California), or LGPD (Brazil) — including the right to:
- Access the personal data we hold about you
- Request a correction or update
- Request deletion of your account and associated data
- Export your collection data
- Object to certain processing
For deletion, you can do it yourself in seconds: sign in, click Account in the footer, then Delete my account. We hard-delete your tokens, collection data, scan history, and account row immediately. (Stripe payment records remain in Stripe for the retention period required by their tax/accounting obligations — we don't control that copy.)
For any other request — access, correction, export — email [email protected] from the address on your account. We respond within 30 days.
Children
Scanini isn't intended for users under 13. If you believe a child under 13 has created an account, contact us and we'll remove it.
Security
Passwords are hashed with bcrypt. Connections are HTTPS-only in production. API access is bearer-token scoped to a single account. We follow industry-standard practices, but no service is 100% secure — if you spot a vulnerability, please report it to [email protected] rather than disclosing publicly.
Changes to this policy
We'll update this page if our practices change. Material changes will be flagged in-app. The "Last updated" date at the top reflects the most recent revision.
Contact
Privacy questions: [email protected]