Privacy Policy

Last updated: April 2026

Introduction

ScanStory ("we", "our", or "us") operates the augmented reality platform at myscanstory.com. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your data.

By registering for or using ScanStory, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the platform.

Information We Collect

Account & Identity

  • Full name, email address, and phone number provided during registration.
  • Password stored as a cryptographic hash — we never store your plain-text password.
  • Email verification status and the date your account was created.

Content You Upload

  • Images and videos you upload to create Your Story.
  • Computed AR feature data derived from your images (stored server-side for detection).
  • QR codes generated for your Story.

Usage & Scan Data

  • Timestamps and counts of successful AR scan events.
  • Project creation, update, and deletion events.
  • Scanner session durations (no video or camera footage is ever stored).

Payment Information

  • Subscription plan, payment status, and transaction references.
  • Payment processing is handled entirely by Razorpay. We do not store card numbers, CVV, or any raw financial data on our servers.

Technical Data

  • IP address and browser/device type collected during login and scanner sessions.
  • Session cookies used to keep you logged in — these expire when you log out or close the browser.

How We Use Your Information

  • To create and manage your account and authenticate your identity.
  • To process, store, and serve your uploaded images, videos, and AR feature data.
  • To generate QR codes and deliver AR scanner experiences to your end-users.
  • To manage your subscription, process payments, and send billing confirmation emails.
  • To enforce your plan limits (project count, scan count).
  • To send transactional emails: email verification, password reset, and payment receipts.
  • To detect and prevent fraud, abuse, or violations of our Terms of Service.
  • To improve platform performance, stability, and features using aggregated analytics.
We do not sell, rent, or trade your personal information to third parties for marketing purposes — ever.

Camera & Device Access

The ScanStory scanner requires access to your device camera to detect AR markers in real time. Important facts about this access:

  • Camera access is requested only when the scanner page is open — never in the background.
  • No camera frames, images, or video are transmitted to our servers during a scan session.
  • All AR detection processing happens entirely on your device using WebAssembly (OpenCV.js).
  • The browser will always prompt you to grant or deny camera permission before any access occurs.
  • You can revoke camera permission at any time through your browser settings.

Cookies & Local Storage

  • Session cookies: Used to keep you logged in. Deleted when you log out or your session expires.
  • Service Worker cache: We cache the AR engine files (opencv.js, ~14 MB) in your browser's local cache so the scanner loads faster on repeat visits. This data stays on your device and is never transmitted to us.
  • We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies.

Data Sharing & Third Parties

We share your information only where necessary to operate the platform:

  • Razorpay: Payment processor for subscription transactions. Subject to their own Privacy Policy. We only receive payment status and transaction IDs.
  • Email provider (SMTP): Used to send transactional emails (verification, reset, receipts). Only your email address and the message content are transmitted.
  • Hosting / cloud infrastructure: Your data is stored on servers used to run the platform. These providers are contractually obligated to protect your data.
  • We may disclose information if required by law, court order, or to protect the rights and safety of our users or the public.

Data Retention

  • Your account data is retained for as long as your account is active.
  • When you delete a project, all associated images, videos, and AR feature files are permanently deleted from our servers.
  • When you delete your account, all personal data, uploaded content, and scan logs are permanently erased within 30 days.
  • Payment transaction records may be retained for up to 7 years as required by Indian financial regulations.
  • Anonymised, aggregated scan statistics (no personal identifiers) may be retained indefinitely for platform analytics.

Your Rights

You have the following rights over your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate personal information via your profile settings.
  • Deletion: Request permanent deletion of your account and all associated data.
  • Portability: Request your uploaded content and account data in a portable format.
  • Objection: Object to how we process your data where processing is based on legitimate interest.
  • Withdraw consent: Revoke camera permission at any time via your browser settings without affecting your account.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

Data Security

  • Passwords are hashed using industry-standard algorithms — plain-text passwords are never stored.
  • All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
  • Payment data is handled exclusively by Razorpay's PCI-DSS compliant infrastructure.
  • Access to production data is restricted to authorised personnel only.
  • We review our security practices regularly and update them as the threat landscape evolves.

While we take all reasonable steps to protect your data, no system is 100% secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

Children's Privacy

ScanStory is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please contact us immediately and we will delete the account and all associated data.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will notify registered users via email. Your continued use of the platform after changes are posted constitutes acceptance of the updated policy.

Contact Us

For any privacy-related questions, requests to exercise your rights, or data deletion requests, please contact us:

myscanstory.com
support@myscanstory.com
Also read our Terms & Conditions  ·  Back to Home