Privacy Policy

Last updated: 17 May 2026

This Privacy Policy explains how ProjScan (“ProjScan”, “we”, “us”) collects, uses, and protects personal data when you visit projscan.com or use the application at app.projscan.com (the “Service”).

1. Data controller

ProjScan is the data controller for the personal data processed through the Service. For privacy enquiries, contact us at privacy@projscan.com.

2. What personal data we process

• Account data — email, full name, password hash (when using local authentication), authentication provider identifiers (when signing in with Google).
• Receipt content — photos and PDFs you upload, plus the structured fields extracted from them (merchant, total, tax, line items, category, dates).
• Project data — project names, budgets, member lists, roles.
• Billing data — subscription tier, plan history, receipt-pack purchases, invoice records. Card and payment-method details are handled by Stripe and never stored on our servers.
• Technical data — IP address, browser type, device information, log timestamps. Collected for security and reliability.

3. Why we process it (legal bases)

• Contract (Art. 6(1)(b) GDPR) — to deliver the Service: authentication, receipt processing, dashboards, billing.
• Legitimate interests (Art. 6(1)(f) GDPR) — security, fraud prevention, product analytics, service improvement.
• Legal obligation (Art. 6(1)(c) GDPR) — tax record retention, response to lawful requests.
• Consent (Art. 6(1)(a) GDPR) — non-essential cookies and marketing communications, where applicable.

4. Processors and sub-processors

We share data with the following service providers, under data-processing agreements:

• Supabase (EU region) — managed database, authentication, and file storage.
• Hetzner Online GmbH (Germany) — application hosting.
• OpenRouter — third-party AI provider used for receipt data extraction. Receipt images and extracted text are sent for processing; OpenRouter and its upstream model providers (e.g. Google) act as processors.
• Stripe (Ireland / USA) — billing, payments, invoices.
• Resend (when wired) — transactional emails.

5. International transfers

Where data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses or an adequacy decision, as applicable to each processor.

6. Retention

• Account data — retained while your account is active and for up to 30 days after deletion (then permanently erased).
• Receipts — retained while the parent project exists, or until you delete them.
• Billing records and invoices — retained for the period required by applicable tax law in the relevant jurisdiction (commonly 5–10 years).
• Server logs — typically retained for up to 90 days.

7. Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request erasure (“right to be forgotten”).
• Restrict or object to processing.
• Data portability.
• Withdraw consent at any time, where consent is the legal basis.
• Lodge a complaint with the data protection authority in your country (for example, the ICO in the UK, the CNIL in France, the BfDI in Germany, or the AEPD in Spain).

To exercise any of these rights, email privacy@projscan.com. We will respond within 30 days.

8. Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is limited to authorised personnel. Passwords are securely hashed; when you sign in with Google or another federated identity provider, ProjScan never sees your password.

9. Changes to this policy

We may update this policy occasionally. Material changes will be notified by email or via an in-app banner. The current version is always the one published on this page.

10. Contact

Questions or requests: privacy@projscan.com.