Legal

Privacy Policy

Last updated: May 2025

Who we are

ScanSolve is a web-based facility issue reporting platform operated at scansolve.co. If you have any questions about this privacy policy, please contact us via the sign-in page at scansolve.co/auth.

What data we collect

Facility managers (account holders):

  • Email address — used for authentication and notifications
  • Organisation name and location names — used to configure your account

Issue reporters (no account required):

  • Issue category, description, and optional photo — the content of your report
  • Contact email — only if you choose to provide it for status updates
  • Basic request metadata (timestamp, browser type) — used for fraud prevention

How we use your data

  • To deliver the ScanSolve service (routing issue reports to the right facility manager)
  • To send authentication emails (magic links) to facility managers
  • To send issue notification and status emails
  • To improve the service and fix technical issues

We do not sell your data. We do not share your data with third parties except as required to deliver the service (Supabase for data storage, Resend for email delivery).

Data storage and security

Your data is stored on Supabase (EU region). Issue photo uploads are stored in Supabase Storage and accessed via signed URLs that expire after 7 days. We use row-level security to ensure each organisation can only access its own data. All connections are encrypted via HTTPS.

Cookies

ScanSolve uses session cookies for authentication (facility manager accounts only). These are strictly necessary cookies — no advertising or tracking cookies are used. We do not use Google Analytics or any third-party tracking scripts.

Your rights (UK GDPR)

If you are based in the UK or EU, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data

To exercise any of these rights, contact us via scansolve.co/auth.

Data retention

Account data is retained for as long as your account is active. Issue reports are retained for as long as the associated organisation account is active. You may request deletion of your account and associated data at any time.

Changes to this policy

We may update this privacy policy as the service evolves. Significant changes will be communicated to account holders by email.