Legal · privacy policy

Privacy Policy

Effective date: 31 May 2026

ScanItHub (www.scanithub.com) takes privacy seriously. This policy explains what we collect, why, and how to exercise your rights.

Data Controller

  • Data Controller: Andrew David Curtis, trading as Curtisium
  • Address: Le Fouothets, Rue Des Fouothets, St Ouen, Jersey, Channel Islands, JE3 2BG
  • Jersey Office of the Information Commissioner (JOIC) registration no: 103902 (valid until 31 December 2026)

What we collect

  • Email — for delivery, magic-link sign-in, and security notifications. Stored as plain text.
  • PIN hash — bcrypt-hashed; we never store your PIN.
  • Uploaded content — photos, video, PDFs, captions. Stored on Cloudflare R2 (SOC 2 Type II).
  • Scan events — hashed IP (never raw), country (ISO-2), bucketed user-agent class. Raw events purge after 7 days; daily aggregates retained for analytics.
  • Audit log — every PIN attempt, magic-link use, and account-level action, retained for chargeback and abuse defence.

What we do NOT collect

  • Passwords (we use email + PIN + magic-link)
  • Card details (Paddle, our Merchant of Record, handles all payment data)
  • Raw IP addresses
  • Cross-site tracking pixels

Your rights

  • Access — `/buyer/data-export` returns a ZIP of everything we hold.
  • Delete — `/buyer/delete-account` hard-deletes your buyer record, codes, magic-link tokens, and audit log.
  • Object — email legal@scanithub.com to opt out of any specific processing.
  • Lodge a complaint — with your local data protection authority.

Contact

legal@scanithub.com

ScanItHub
QR/NFC Tags With Built-In Hosting.
Pay once. Stays live. Hosting included while the platform operates.
© 2026 ScanItHub · Payments processed by Paddle (Merchant of Record) · Storage on Cloudflare R2
Data Controller: Andrew David Curtis (Curtisium), Jersey · JOIC registration no. 103902