This policy explains what we collect, why we collect it, where it lives, who touches it, and exactly how you get it deleted. It covers our website, dashboard, APIs, and SDKs.
SmartScanPro.ai ("SmartScanPro", "we", "us") operates an API and set of SDKs that convert a 30-second front-camera video into vitals (heart rate, HRV, SpO₂, respiratory rate, stress, blood pressure estimates, and other wellness markers) and that extract structured data from photos of medical devices and clinical documents.
This policy describes how we handle information about you when you visit our website, sign up for an account, integrate our SDK into an application, call our API directly, or contact our support team. It applies to every environment we operate — the US region (AWS us-east-1) and the EU region (AWS eu-west-1).
If you are an end user of an application built on top of SmartScanPro, your data is primarily governed by the privacy policy of that application. We act as a processor on behalf of our customer (the application's operator).
When you create an account we collect your full name, email address, company name, country of residence, and a hashed password. If you upgrade to a paid plan we collect billing name, billing address, and the last four digits of your payment method (the full card number is held by Stripe, not by us).
We record which API endpoints you call, how often, from which IP address, with which SDK version, and how long each call takes. This is aggregated into the dashboards you see on the Usage page. We also capture browser user-agent, screen resolution, and referring URL for pages on our marketing site.
If you use the API in a HIPAA context and have signed a Business Associate Agreement with us, we may process PHI on your behalf. PHI we may handle includes: face-scan video frames (processed in memory only — never written to disk unless you explicitly enable raw-video retention), extracted vitals, device photos, document images, and any metadata you attach such as patient identifier or visit ID.
We do not train our models on your PHI. We do not combine PHI across customers. We do not use PHI for any purpose other than returning results to you, debugging support tickets you open, and meeting our legal retention obligations.
For each scan our SDK captures camera model, OS version, device orientation, ambient lighting estimate, and a face-quality score. These are used to debug accuracy issues and are not linked to a person unless you include an identifier in the request.
We use the information described above to:
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR:
International transfers out of the EEA are covered by the European Commission's Standard Contractual Clauses (2021/914/EU) and, where applicable, the EU-US Data Privacy Framework.
We keep data only as long as we need it. Concrete timelines:
Regardless of jurisdiction we offer the same set of rights to every user:
If you are an end user of an application built on our platform, exercise these rights through that application first — they are the data controller and we are the processor.
We engage a small, deliberately short list of vendors to run our service. Every one of them has signed a written data-processing agreement that matches or exceeds the commitments in this policy. We notify customers at least 30 days before adding or removing a subprocessor that handles customer data.
| Subprocessor | Region | Purpose |
|---|---|---|
| Amazon Web Services | us-east-1 (N. Virginia) | Primary compute, storage, and database for US-region customers. |
| Amazon Web Services | eu-west-1 (Ireland) | Primary compute, storage, and database for EU-region customers; strict region pinning. |
| Cloudflare | Global edge | DDoS protection, TLS termination, and static-asset CDN for our marketing site only (not PHI paths). |
| Stripe | US / EU | Payment processing and invoicing. Card numbers never reach our servers. |
| HubSpot | US | CRM for sales contacts and marketing emails only. No PHI is ever sent to HubSpot. |
| Sentry | US / EU (per region) | Error-reporting for our application code. PII is scrubbed before send; PHI fields are excluded at source. |
SmartScanPro is a HIPAA-capable platform. On enterprise-tier plans we execute a Business Associate Agreement (BAA) that makes us a Business Associate under 45 CFR Part 160 and Part 164. Once a BAA is signed, your workspace is provisioned with HIPAA-mode defaults: zero-retention is available, encryption is mandatory, audit logging is immutable, and subprocessors without a downstream BAA are automatically excluded.
Without a BAA in place you must not send PHI to our API. We monitor for fields that look like PHI and will proactively reach out if we see them on a non-BAA account.
For the full BAA text and to request one, visit our HIPAA page.
Our marketing site uses a small number of first-party cookies for session handling and an optional analytics cookie that you can decline on first visit. We do not use third-party advertising cookies anywhere on the site. The authenticated dashboard uses a session cookie and a CSRF token; both are strictly necessary and not subject to consent.
Our service is not directed at children under 13, and we do not knowingly collect data from anyone under 13. If you become aware that a child has provided us with personal data, please contact us and we will delete it. In jurisdictions where the age of digital consent is higher (for example 16 in some EU member states), that local age applies.
Questions about this policy, data requests, or anything else can go to our Data Protection Officer at privacy@smartscanpro.ai. EEA-specific inquiries can also reach our EU representative via the same address with "EU rep" in the subject line. Formal legal notices should be sent to the mailing address listed in our Contact page.
We will acknowledge every request within 5 business days and respond substantively within 30 days (or 45 days for complex cases, with notice).