Privacy Policy

01 Who is responsible for your data

The data controller — the party that decides why and how your personal data is processed — is the operator of Scangloo, the project available at scangloo.com (referred to as “Scangloo”, “we”, “us”).

Scangloo is currently an independent, pre-launch project based in Poland. You can reach us about anything in this policy — including to exercise your rights — at:

• Email: scanglooapp@gmail.com

We don't have a Data Protection Officer (DPO); we're not legally required to appoint one. Email above reaches the person responsible for your data.

02 What data we collect

Data you give us (waitlist sign-up)

• First name — so we can greet you properly.
• Email address — so we can email you when early access opens.

We use double opt-in: after signing up you'll get a confirmation email, and you only join the list once you click to confirm. If you never confirm, your address isn't added to the active list.

Data collected automatically (analytics)

To understand how the page is used and to improve it, we use Hotjar, which may collect technical and usage data such as your device and browser type, approximate (city-level, non-precise) location derived from your IP address, pages viewed, clicks, scrolling and similar interactions. This relies on cookies and similar technologies (see section 09) and runs only where permitted.

We do not collect special categories of data (e.g. health data) through this website, and we don't ask for your skin or product information here — that will only happen later, inside the app, under a separate notice.

03 Why we use it & the legal basis

• Running the waitlist and emailing you about launch / early access — legal basis: your consent (Art. 6(1)(a) GDPR), given when you sign up and confirm via double opt-in. You can withdraw it anytime (see section 07).
• Website analytics and improvement (Hotjar) — legal basis: your consent for the cookies/tracking involved (Art. 6(1)(a) GDPR), and our legitimate interest (Art. 6(1)(f)) in maintaining and improving the site in aggregate.
• Security, abuse prevention and serving the site — legal basis: our legitimate interest (Art. 6(1)(f)) in operating a safe, functioning website.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

04 Who we share it with (processors)

We don't sell your data and we don't share it for anyone else's marketing. We do use a few trusted service providers (“processors”) that process data on our behalf and on our instructions, under data processing agreements:

05 International data transfers

Some of our processors (Mailchimp/Intuit and Cloudflare) are based in the United States, so your data may be transferred outside the European Economic Area (EEA). Where this happens, the transfer is protected by appropriate safeguards under GDPR — namely the EU–US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses (SCCs). You can request more information about these safeguards via the contact email above.

06 How long we keep it

• Waitlist data (name, email): until you withdraw your consent / unsubscribe, or until we wind down the waitlist (e.g. after launch), whichever comes first. After that it's deleted or anonymised.
• Analytics data: retained for the limited period set by our analytics provider, then deleted or aggregated so it no longer identifies you.

07 Your rights

Under GDPR you have the right to:

• Access your data and get a copy (Art. 15);
• Rectify inaccurate or incomplete data (Art. 16);
• Erasure — ask us to delete your data, “right to be forgotten” (Art. 17);
• Restrict processing (Art. 18);
• Data portability — receive your data in a portable format (Art. 20);
• Object to processing based on legitimate interest (Art. 21);
• Withdraw consent at any time, without affecting prior lawful processing (Art. 7(3)) — every email has a one-click unsubscribe link, or just email us.

To exercise any of these, email scanglooapp@gmail.com. We'll respond within one month, as required by law.

08 Right to lodge a complaint

If you believe we've handled your data unlawfully, you can complain to your local data protection authority. In Poland that is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych — UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl. We'd appreciate the chance to sort it out first — just reach out.

09 Cookies & similar technologies

We use a small number of cookies and similar technologies:

• Essential — needed to serve and secure the site (e.g. via Cloudflare). These don't require consent.
• Analytics (Hotjar) — used to understand and improve how the page is used. These are set only with your consent and are not strictly necessary.

You can manage or block cookies in your browser settings, and you can opt out of Hotjar specifically via its opt-out page. Blocking non-essential cookies won't stop you from joining the waitlist.

10 How we protect your data

We keep your data with reputable providers that use encryption in transit and appropriate technical and organisational measures. We never store any API keys or secrets in this website's code, and access to the waitlist is limited. No method of transmission over the internet is 100% secure, but we take reasonable steps to protect your information.

11 Children

Scangloo is intended for users aged 16 and over. We don't knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact us and we'll delete it.

12 Changes to this policy

As Scangloo grows (and especially once the app launches), we may update this policy. We'll change the “Last updated” date above and, for significant changes affecting the waitlist, we'll let you know by email. The current version always lives at this page.