Scantient: AI App Security Monitoring for IT Directors

1. Who we are

Scantient Inc. (“Scantient”, “we”, “us”) operates the Scantient security monitoring platform, accessible at scantient.com. This policy explains how we collect, use, and share information when you use our service.

2. Information we collect

Account information: When you create an account, we collect your name, email address, organization name, and password (stored as a one-way hash).

Application URLs: You provide URLs of applications you want us to monitor. We store these to perform scans and maintain your monitoring history.

Scan data: We store the results of security scans, including findings, scores, and remediation status. This data is scoped to your organization and not shared with other customers.

Usage data: We collect basic usage analytics (pages visited, features used, session duration) to improve the product. We do not sell this data.

Payment information: Billing is handled by Stripe. We do not store credit card numbers. We store subscription status and billing history.

3. How we use your information

We use collected information to: provide and improve the Scantient service; send security alerts and notifications you have configured; respond to support requests; send product updates and account communications; fulfill legal obligations.

We do not use your data to train AI models. We do not sell your data to third parties.

4. Data sharing

We share data only with service providers necessary to operate Scantient: Neon (database hosting), Vercel (application hosting), Stripe (billing), Sentry (error monitoring), and Upstash (rate limiting). Each is bound by a data processing agreement.

We may disclose information if required by law, court order, or to protect the rights and safety of Scantient, our customers, or the public.

5. Data retention

We retain your account data as long as your account is active. Scan history is retained for 12 months on the Pro plan and 24 months on Enterprise. After account deletion, we purge personal data within 30 days and anonymized scan data within 90 days.

6. Security

We encrypt data in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorized personnel. We conduct periodic security reviews of our own infrastructure.

7. Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing privacy@scantient.com. If you are in the European Economic Area, you have additional rights under GDPR including the right to data portability and to lodge a complaint with a supervisory authority.

8. Cookies

We use cookies for authentication and basic analytics. See our Cookie Policy for details.

9. Changes to this policy

We may update this policy periodically. We will notify customers of material changes by email at least 14 days before they take effect.

10. Contact

Questions about this policy: privacy@scantient.com. Scantient Inc., Chicago, Illinois.

Privacy Policy