PRIVACY POLICY
We deploy forensic analysis on highly sensitive digital evidence. Trust is not a promise; it is a structural architectural guarantee. This Privacy Policy outlines our strict adherence to GDPR, CCPA, and our foundational Zero-Retention Protocol.
I. Identity of the Controller
Data Controller: ScanTrue AI
Contact Email: scantrueai@gmail.com
Domain: scantrueai.com
II. Zero-Retention & Ephemeral Processing
Our primary service involves analyzing sensitive media (images, videos, documents, audio) for deepfake detection. We do not store your digital evidence.
- ▹ RAM-Only Processing: Uploaded media is processed exclusively within volatile memory (RAM) within secure GPU clusters.
- ▹ Instant Destruction: Upon completion of the forensic analysis and generation of the cryptographic hash (SHA-256), the original file is permanently and unrecoverably purged from memory.
- ▹ No Training Data: We never use customer-uploaded evidence to train, retrain, or fine-tune our proprietary AI neural networks.
III. Data Controller & Processor Roles
In the context of uploaded files for analysis, You (the User) are the Data Controller. You bear sole legal responsibility for possessing the lawful right and necessary consent to process any personal biometrics or data contained within the files you upload.
ScanTrue AI acts strictly as the Data Processor. We execute the algorithmic analysis solely based on your explicit command. We do not determine the purpose or means of processing the evidence content.
IV. Data Minimization (Account & Billing)
To provide the core functionalities of the Platform (authentication, credit allocation, and API access), we adhere strictly to the principle of data minimization, collecting only:
- ▹ Authentication Data: Email address and encrypted password hashes.
- ▹ Billing Information: Invoice details. We do not store raw credit card numbers.
- ▹ Technical Telemetry: Anonymized IP logs and API request volume strictly for DDoS prevention, rate-limiting, and infrastructure security.
V. Authorized Subprocessors
ScanTrue AI utilizes secure, SOC2 and GDPR-compliant third-party infrastructure providers to sustain the Platform. Data transfers are protected by Standard Contractual Clauses (SCCs).
Supabase
Provides secure database hosting, authentication states, and encrypted backend operations.
Stripe
Global payment gateway infrastructure processing secure B2B financial transactions and fraud prevention.
Google Analytics & AdSense
Provides telemetry for performance monitoring and sponsor adaptation. Users retain control over these nodes via our Cookie Preference Manager.
VI. Your Privacy Rights
In compliance with global data protection frameworks (GDPR, CCPA), you retain total sovereignty over your identifiable account data. You possess the right to:
- ▹ Request access to your stored profile data.
- ▹ Rectify inaccurate information.
- ▹ Request the immediate erasure (Right to be Forgotten) of your account credentials. Note: Legal and tax regulations mandate the retention of billing invoices for up to 5 years.
To execute any of these rights, please contact our Compliance Officer directly at scantrueai@gmail.com.
VII. Data Breach Protocol
While our Zero-Retention policy ensures no digital evidence can be breached, in the highly unlikely event that our authentication or billing databases are compromised, ScanTrue AI commits to executing a 72-hour notification protocol. We will alert the respective supervisory authorities and all affected users without undue delay, detailing the nature of the breach and the mitigation vectors applied.
"Trust is a vulnerability
Mathematics is proof"
ScanTrue AI © 2026
Forensic Grade Identity Verification Hub