Privacy Policy

ScanToProve is operated by ⚠TODO: Legal entity name, a company incorporated in Jersey, Channel Islands (company number ⚠TODO: Jersey company number), with its registered office at ⚠TODO: Registered office address ("ScanToProve", "we", "us").

For the purposes of the Data Protection (Jersey) Law 2018 ("DPJL"), the UK General Data Protection Regulation ("UK GDPR") and the EU General Data Protection Regulation ("EU GDPR"), ScanToProve is the controller of personal data processed through the Platform, except where a partner operates a White-label Deployment (in which case that partner is the controller and ScanToProve acts as processor).

You can contact us about this Privacy Policy at legal@scantoprove.com.

We collect the following categories of personal data:

• Account data — name, email, password hash, organisation name, role, billing contact.
• Pet & owner data — pet name, photo, microchip number, vet details, lost-pet contact preferences, finder messages, vaccination & DNA records you choose to add.
• Vehicle data — VIN, plate, service history entries you record on the Platform.
• Asset data — items you register (wine, casks, luxury goods, warehouse stock, supply-chain shipments), including photos and condition reports.
• Scan event data — timestamp, device fingerprint, IP-derived approximate location, NTAG 424 SUN counter value, tag tamper status.
• Sample-authentication data (DNA Rails) — sample IDs, anchor types (microchip, ear tag, passport), lab partner identifiers, collection and result timestamps.
• OPCLS Gateway data — chip number queried, querying partner identity, registry response. We do not store registrant PII at the OPCLS Gateway — only audit metadata.
• Communications — emails, chat messages, support tickets.
• Technical data — browser type, IP address, error reports (via Sentry).

• Directly from you when you register, edit records, or upload media.
• Automatically when a tag is scanned (NFC, QR, RFID or barcode).
• From third parties — e.g. veterinary practices acting on your behalf, DNA laboratories using DNA Rails, federated registries responding to OPCLS lookups.

We process personal data on one or more of the following bases:

• Contract — to deliver the Platform you have signed up for (Article 6(1)(b) UK GDPR; Article 8(1)(b) DPJL).
• Legitimate interests — for security, fraud prevention, anti-counterfeiting, blockchain anchoring, and platform improvement.
• Consent — for optional features such as marketing emails or sharing contact details with a pet finder. You can withdraw consent at any time.
• Legal obligation — to respond to lawful requests from regulators, courts, or law enforcement.

• To provide and operate the Platform.
• To authenticate NTAG 424 tags and detect cloning or tampering.
• To route lost-pet alerts to nearby vets and finders.
• To anchor event hashes on Polygon for audit and provenance purposes.
• To send service emails (claims, breach alerts, system notifications) via our email provider.
• To improve the Platform through anonymised analytics.
• To respond to support requests and legal obligations.

The Platform anchors selected event hashes to the Polygon public blockchain. This is core to how ScanToProve works. You should understand the following:

• We anchor cryptographic hashes derived from event data — not raw personal data, photos, contact details, microchip numbers or DNA results.
• Once anchored, the on-chain transaction record is permanent and cannot be erased, including by ScanToProve. This is a feature of public blockchains, not a bug.
• The hash itself does not reveal personal data without the original off-chain record (which ScanToProve does control and can delete on request).
• For the purposes of UK GDPR / DPJL right-to-erasure requests, we will delete the off-chain record on request. The orphaned on-chain hash becomes unreadable and will lose any practical link to you.

We share personal data with:

• Processors that operate the Platform: MongoDB Atlas (database hosting), Cloudflare (CDN, R2 storage, Turnstile bot protection), Resend (transactional email), Sentry (error monitoring), Emergent (LLM infrastructure for in-app assistants), Polygon (blockchain anchoring — public network).
• Veterinary practices and pet finders: only where you have actively chosen to share contact details via a scan or lost-pet alert.
• OPCLS Gateway partners: when a partner registry responds to a chip lookup. The Gateway does not transmit registrant PII unless the originating registry chooses to do so.
• DNA Rails partners: laboratories you have authorised to handle a sample.
• Payment provider: ⚠TODO: e.g. Paddle.com Inc.
• Authorities: where required by law, court order, or to protect our rights.

We do not sell personal data.

Some of our processors are located outside Jersey, the United Kingdom and the EEA (notably in the United States). Where we transfer personal data outside an adequate jurisdiction, we rely on:

• Adequacy decisions where available (e.g. UK–US Data Bridge, EU–US Data Privacy Framework, Jersey adequacy decisions);
• Standard Contractual Clauses with appropriate supplementary measures; and/or
• Your explicit consent where appropriate.

We retain personal data for as long as your account is active, plus a reasonable period thereafter to comply with legal, accounting, or reporting obligations. Specific retention periods:

• Account data: duration of account + 6 years for tax/audit.
• Pet, vehicle and asset records: duration of account, then archived at owner request.
• Scan events: 7 years (for fraud / anti-counterfeit investigation).
• Blockchain anchors: permanent (on-chain — see Section 6).
• Support correspondence: 3 years.

We use technical and organisational measures to protect personal data, including TLS in transit, encryption at rest, hashed passwords (bcrypt), JWT-based session control, Cloudflare DDoS protection and Turnstile bot detection, NTAG 424 SUN cryptographic verification on every tap, role-based access control, and audit logging.

No platform is perfectly secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Jersey Office of the Information Commissioner and, where required, you, in accordance with Article 24 DPJL and Article 33–34 UK GDPR.

Under the DPJL, UK GDPR and EU GDPR you have the right to:

• Access your personal data;
• Have it rectified if inaccurate;
• Have it erased, subject to the blockchain caveat in Section 6;
• Restrict or object to processing;
• Receive your data in a portable format;
• Withdraw consent at any time where processing is based on consent;
• Complain to a supervisory authority — for Jersey, the Jersey Office of the Information Commissioner (jerseyoic.org); for the UK, the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email legal@scantoprove.com. We will respond within one month.

See our Cookies Policy for details of the cookies and similar technologies used by the Platform.

The Platform is not intended for use by children under 16. If you believe a child has provided personal data, please contact legal@scantoprove.com and we will take steps to delete it.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the Policy was last changed. Material changes will be notified by email or a prominent in-platform notice.

For privacy questions, contact us at legal@scantoprove.com.

If you are unhappy with our response, you have the right to complain to the Jersey Office of the Information Commissioner or your local supervisory authority.