Politique de confidentialité
This Privacy Policy explains what personal data Scanverity Intelligence collects, why, and your rights. KotIQ OÜ, a private limited company registered in Estonia (registry code 16529665), of Sepapaja tn 6, Tallinn 15551, Estonia is the data controller for personal data processed through the Service. We collect the minimum needed to run the Service.
1. Data we collect
- Account data: your email address, a securely hashed password (scrypt — we never store your password in readable form), display name, plan, and account status.
- Authentication & security data: session records, coarse IP prefix and a truncated user-agent for rate-limiting and abuse detection, and audit events for security. We do not store full IP addresses.
- Usage data: which markets you analysed and when (report metadata scoped to your account), and per-plan quota counts. We store report metadata, not a copy of every full report.
- Payment data: processed entirely by Stripe. We store only a Stripe customer/subscription identifier and your plan state — we never receive or store your full card number.
- MFA data (administrators only): a TOTP secret encrypted at rest.
2. Why we use it (lawful bases)
- To provide the Service — running analyses, enforcing quotas, showing your history (performance of contract).
- Security & abuse prevention — rate-limiting, audit logs (legitimate interests).
- Billing — managing subscriptions via Stripe (performance of contract / legal obligation).
- Service communication — messages about your account, security, or billing, shown in-product or sent manually by our team (performance of contract). We do not send automated marketing or product email today; the Daily Brief is read in your workspace, and email delivery for it is not yet enabled. If automated email is introduced it will be opt-in and unsubscribable.
3. Processors & third parties
- Stripe — payment processing (their privacy terms apply to card data).
- Our hosting provider — infrastructure hosting of the application and database.
- Public market data (Polymarket, UMA, blockchain RPC) is read by the Service; your identity is not shared with them when you run an analysis.
4. Retention
Account data is kept while your account is active. Sessions and rate-limit records expire automatically. On account deletion we remove your personal data except records we must keep for legal, tax, or security reasons.
Reports you request
When you ask Scanverity to analyse a market, we save that report to your account so you can re-read it without spending another request from your plan. We keep it for 90 days, after which it is deleted automatically by a scheduled cleanup. You can delete any saved report sooner from the report itself, or clear all of them at once from Report history — deletion takes effect immediately and the report's link stops working.
What remains after you delete a report: the record that your account made a request, which tool, and when. That is your usage and billing history; we are required to keep it, and it contains none of the report's content. Nothing else about the deleted report is retained.
The market analysis is cached separately. Polymarket market data is public, and the analysis Scanverity derives from it is about that public market — it contains nothing about you, your identity or your account. We therefore store each analysis once and reuse it for anyone who asks about the same market at the same model version, rather than keeping a separate copy per customer. That cache is kept for up to 90 days and is removed sooner when no customer report refers to it. Deleting your report never leaves another customer's report broken, and reusing a cached analysis never reveals that anyone else requested it.
Security and audit events (sign-in, deletion, administrative actions) are kept for 365 days and store a truncated IP prefix rather than a full IP address. Failed analysis jobs are kept for 14 days for diagnosis.
These periods are the ones the software actually enforces — this page renders them from the running configuration rather than describing them separately, so it cannot drift from what the cleanup does.
5. Your rights
Where the GDPR applies you may request access, correction, deletion, restriction, portability, and object to processing based on legitimate interests, and lodge a complaint with your supervisory authority. Exercise any right — including account deletion and a copy of your data — by emailing scanverity@gmail.com; we act on verified requests within the statutory period. You can change your password from your account settings (which signs out other devices).
6. Security
Passwords are hashed with scrypt; administrator access requires TOTP multi-factor authentication; sessions are server-side and revocable; cookies are HttpOnly; Secure; SameSite. No system is perfectly secure, but we apply appropriate technical and organisational measures.
7. Cookies
We use a single strictly-necessary authentication cookie. See the Cookie Notice.
8. Contact
KotIQ OÜ, a private limited company registered in Estonia (registry code 16529665), of Sepapaja tn 6, Tallinn 15551, Estonia. Privacy enquiries: scanverity@gmail.com.