PRIVACY POLICY

Introduction

ScanFlow Technologies Private Limited, operating as ScanFlow.ai (“we,” “us,” “our”), is dedicated to safeguarding your privacy and building your confidence in our commitment to data security. This Privacy Policy aims to transparently explain how we handle your information, reinforcing our responsibility to protect your privacy.

This Privacy Policy applies to information collected through:

• The Scanflow website (https://www.scanflow.ai)
• The Scanflow Platform and associated applications
• Email communications and customer support interactions
• Third-party integrations and services you enable
• Mobile applications and API integrations

By accessing or using our Services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

Important Notice for Indian Users: This Privacy Policy draft complies with India’s Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Rules. Section 19 outlines the additional obligations specific to Indian users.

1. Information We Collect

1.1 Information You Provide to Us

Account Information

When you register for an account, we may collect:

• Full name and email address
• Work email address and company name
• Password (stored in encrypted form using industry-standard hashing algorithms)
• Phone number (optional)
• Company size and industry (optional)
• Job title and role (optional)
• Billing and payment information (processed by third-party payment processors)
• Government-issued identification (for enterprise verification only, with consent)

Customer Data

You may upload, submit, or process various types of data through the Platform (“Customer Data”), including:

• Document images, PDFs, and other files processed by ScanFlow
• AI workflow configurations, prompts, and instructions
• Log data and telemetry from your automations
• API credentials and integration settings
• Usage metrics and performance data
• Custom models and training data you provide
• Business intelligence and analytics data generated via the Platform

Data Ownership: You retain full ownership and control of your Customer Data. We process Customer Data solely to provide the Services as described in our Terms of Service and applicable agreements. For Customer Data containing personal data, we typically act as a Data Processor (under GDPR) and Data Fiduciary (under DPDPA) with respect to such data.

Communications

We collect information when you:

• Contact our support team via email, chat, or phone
• Participate in surveys, questionnaires, or feedback forms
• Subscribe to newsletters or marketing communications
• Engage with our content or social media
• Attend webinars, training sessions, or events
• Provide testimonials or case study information

1.2 Information Collected Automatically

Usage Information

We automatically collect information about your use of the Services, such as:

• Pages visited and features accessed
• Time spent on the Platform and session duration
• Click patterns and navigation paths
• Search queries and filters used
• Projects created and configurations modified
• API calls and integration usage
• Error messages and system logs
• Performance metrics and response times
• Feature adoption and usage patterns

Device and Technical Information

We may collect:

• IP address and approximate geolocation (country/city level)
• Browser type, version, and language settings
• Operating system and device type
• Screen resolution and display settings
• Referring URLs and exit pages
• Time zone and access timestamps
• Mobile device identifiers (for mobile applications)
• Network information and connection type

Cookies and Tracking Technologies

We use cookies, web beacons, local storage, and similar tracking technologies to enhance your experience and gather information about usage patterns. Types of cookies we use include:

• Essential cookies
• Performance cookies
• Functional cookies
• Analytics cookies
• Advertising cookies (only with your consent)

You can control cookie preferences through your browser settings or our cookie preference center, though turning off certain essential cookies may limit Platform functionality. For detailed information, see our separate Cookies Policy.

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Authentication providers (e.g., Google Workspace, Microsoft Azure AD, Okta)
• Cloud service providers (e.g., AWS, Azure, GCP)
• Data platforms (e.g., Snowflake, Databricks, BigQuery)
• LLM or OCR/AI providers used for service integration
• Payment processors (e.g., Stripe, Razorpay)
• Marketing and analytics partners (e.g., LinkedIn, Google Ads)
• Public databases and data enrichment services
• Business partners and resellers
• Referral sources and affiliates

1.4 Sensitive Personal Data

We limit the collection of sensitive personal data. Under certain circumstances, with your explicit consent or as required by law, we may process:

• Financial information (processed via payment processors)
• Health information (only for domain-specific use cases with explicit consent and appropriate compliance)
• Biometric data (only for authentication in enterprise deployments, with explicit consent)
• Government-issued identification numbers (for compliance and verification purposes)

We apply enhanced security measures and do not use sensitive data for profiling, automated decision-making, or marketing without explicit consent.

2. Legal Basis for Processing

We process personal data based on consent, contractual necessity, legitimate interests, legal obligations, and specified legitimate uses under DPDPA (such as voluntary disclosure, compliance with law, emergencies, and fraud prevention).

3–7. Use, Sharing, Storage, Security, Rights

• How We Use Your Information: We use your information responsibly for providing and improving our services, ensuring your data is handled with care. We share data only with trusted partners and with your explicit consent, respecting your control over your information.
• How We Share Your Information: service providers, third-party integrations, business transfers, legal requirements, with your consent, logo/case studies, and public information.
• Data Storage and Security: primary regions, possible data residency options if you offer them, detailed technical/organizational/physical safeguards, incident response, backup, and recovery.
• Your rights include accessing, correcting, or deleting your data, and choosing your privacy preferences. We implement strong security measures to protect your information and uphold your trust in our platform.
• DPDPA- and GDPR-specific sections: records of processing, cross-border transfer safeguards, data minimization/purpose limitation, privacy by design/by default.