Privacy Policy

1. Overview

This Privacy Policy explains what information Scanmint collects, how we use it, and your rights with respect to your data. By using the Service you agree to the collection and use of information in accordance with this policy.

Scanmint is operated by Aayla Secura LLC, doing business as Sarvixo (sarvixo.co). “We”, “us”, and “our” refer to Aayla Secura LLC throughout this policy.

2. Information We Collect

2a. Account information

When you create an account, we collect your email address and (optionally) a display name. We use this information to authenticate you, send transactional emails (password reset, billing receipts), and communicate product updates.

2b. QR code content

For static QR codes, the destination URL or payload you enter is encoded entirely in the QR image and is not stored on our servers after the image is generated. For dynamic QR codes, we store the destination URL you configure so that we can redirect scans to it and allow you to update it later.

2c. Scan analytics

Each time a dynamic QR code is scanned, Scanmint logs the following data for the account that owns the code:

• Timestamp — the date and time of the scan (UTC).
• Approximate location — country, region, and city derived from the scanner’s IP address using IP geolocation. We do not store the raw IP address beyond the duration of the request.
• Device and browser information — device type (mobile, tablet, desktop), operating system, and browser name/version, parsed from the HTTP User-Agent header.
• IP-derived data — we may retain the hashed or truncated IP address solely to detect and prevent abuse (e.g., artificial scan inflation).

Scan analytics data belongs to the account that owns the QR code. Scanmint does not sell or share individual scan records with third parties.

2d. Usage and log data

We automatically collect certain technical data when you use the Service, including your IP address, browser type and version, pages visited, timestamps, and referring URLs. This data is used to operate, secure, and improve the Service.

3. Cookies

Scanmint uses cookies and similar browser-storage mechanisms for the following purposes:

• Authentication — a session cookie keeps you logged in across page loads.
• Preferences — we store lightweight UI preferences (e.g., QR style settings) in localStorage to improve your experience.
• Analytics — we use privacy-respecting analytics to understand aggregate usage patterns. No personal identifiers are shared with analytics providers.

You can clear cookies and localStorage at any time in your browser settings. Doing so will log you out and reset stored preferences.

4. Payment Processing

Scanmint uses Stripe to process all payments. When you subscribe to a paid plan, your payment card details are entered directly into Stripe’s secure form and are never transmitted to or stored on Scanmint servers. Stripe’s privacy practices are governed by the Stripe Privacy Policy.

5. Third-Party Service Providers

We share data with third-party vendors only to the extent necessary to operate the Service:

• Stripe — payment processing (see Section 4).
• Cloud infrastructure providers — hosting, database, and CDN services. Data is processed within data centers located in the United States.
• Email delivery — transactional email (account confirmations, receipts) is sent via a third-party email provider.

We do not sell, rent, or trade your personal data with third parties for advertising or marketing purposes.

6. Data Retention

We retain account information and dynamic QR code data for as long as your account is active. Scan analytics records are retained for up to 24 months and then aggregated or deleted.

When you delete your account, we remove your personal information and dynamic QR code configurations within 30 days. Aggregated, anonymized analytics data (e.g., total scan counts) may be retained beyond that period.

7. Your Data Rights

Depending on your location, you may have the following rights with respect to your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate data.
• Deletion — request that we delete your personal data (“right to be forgotten”).
• Portability — request an export of your data in a machine-readable format.
• Objection / Restriction — object to or request restriction of certain processing activities.

To exercise any of these rights, contact us at ryan@sarvixo.co. We will respond within 30 days.

8. Children’s Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected such information, please contact us so we can delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, for material changes, notify registered users via the email address on file.

10. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us: