1. Information We Collect

As our app is only accessible to registered users, we collect information solely from account holders. When you create an account on our ScanShape platform, we collect the following data:

• Email Address: Used for communications, account recovery, and notifications.
• Passwords: Securely stored using industry-standard cryptographic techniques.
• Profile Information: Such as website URLs, donation links, and other public details.
• User-Generated Content: Comments, forum threads, reviews, etc.
• Audit Log: Records of significant actions (e.g., logins, edits) with timestamps.
• Forum Usernames: Collected to index forum topics and maintain unique identification.

Additionally, when you interact with our platform, certain HTTP request data is logged, including the timestamp, IP address, page URL, device and operating system details, preferred language/locale, and download tracking information (retained for 14 days).

2. How We Use the Collected Information

• Object Scanning Data: Our mobile app uses the rear camera to scan objects and locations. This data is stored only on your device for design and measurement purposes and is not transmitted to our servers.
• HTTP Request Logs: Used for debugging, abuse prevention, and generating aggregated usage statistics (e.g., package download counts).
• Email Communications: To send essential system messages such as password resets and policy updates, as well as notifications which you can customize or opt out of.
• User Authentication: Collected credentials are used solely to authenticate your access to the platform.
• Audit Logging: Helps record actions that may affect the security or integrity of the platform for troubleshooting and security analysis.
• Locale Settings: Used to customize the interface and translate communications into your preferred language.
• IP Address Monitoring: Logged to monitor and combat abuse; cached download tracking data is retained for 14 days to avoid duplicate counts.

TrueDepth API Usage: Our app utilizes the TrueDepth API to enhance the accuracy and quality of object scanning. No facial or personally identifiable facial data is collected, stored, or processed.

3. Data Sharing and Storage

Third Parties: We share your data with trusted third-party service providers to improve our services, enhance user experience, and bolster user safety. This may include:

• Analytics and performance monitoring services to optimize platform functionality.
• Error logging services that help us detect and resolve issues quickly.
• Security services that assist in monitoring for abuse and protecting user accounts.

All third parties are contractually bound to maintain the confidentiality and security of your data. Any data shared is anonymized or aggregated where possible, and only the minimum necessary information is transmitted.

Data Storage: Our production servers are located in Germany. Encrypted backups are stored in the United Kingdom and, for redundancy, may be stored in other jurisdictions within the EU or US. By using our service, you consent to the transfer and storage of data within these regions.

4. Data Access and Security

We take the security of your data seriously:

• HTTP request logs are accessible only by authorized personnel for debugging and abuse prevention purposes, with personal information removed as necessary.
• Encrypted backups are accessible only to select staff under a dual-control system.
• Email addresses are visible only to authorized support staff for assistance and are not shared externally.
• Passwords and other sensitive credentials are stored securely using industry-standard cryptographic practices.
• Audit logs and user profile information are accessible only to authorized personnel for security oversight.
• When legally required, we may share data with law enforcement agencies.

5. Data Retention

• HTTP request logs are automatically deleted after 2 weeks.
• Usernames may be retained indefinitely for indexing forum topics and package identification.
• Other personal data will be removed upon request, unless retention is required by law or necessary for operational purposes.
• Download tracking information (IP address caches) is deleted after 14 days.

6. Removal of Personal Information

If you wish to have your personal information removed, please submit a removal request. In cases where your username is linked to existing packages or forum topics, your account will be deactivated and wiped of personal details rather than being completely removed.

7. Future Changes

We reserve the right to modify or update this Privacy Policy at any time. Significant changes will be communicated via notices on the ScanShape website. Your continued use of the platform constitutes acceptance of the revised policy.

8. Contact Information

For any questions or concerns regarding this Privacy Policy, please contact us at:
Email: lukasgroetsch94@gmail.com