Legal

Privacy & Cookies

Last updated: May 2026 · Operated by TrustDev

Short version: ScanReq does not use analytics, advertising, or tracking of any kind. We do not sell your data. We do not share your data with third parties except Stripe (payment processing) and Cloudflare (infrastructure).

The only personal data we store is your email address and license token, used exclusively to deliver your Pro license and allow recovery if you lose it.

1. Who we are

ScanReq is a VS Code extension developed and operated by TrustDev, reachable at support@scanreq.com. This policy covers the website at scanreq.com and the VS Code extension.

2. What data we collect and why

We collect only what is strictly necessary to provide the service:

Email address — collected by Stripe at checkout when you purchase ScanReq Pro. We receive it through the Stripe webhook only to send you your license token and allow you to recover it via scanreq.com/recover. We do not send marketing emails. We do not share it with anyone other than Stripe (who collected it) and Resend (our transactional email provider, used solely for token delivery).

License token — a randomly generated string stored in our database (Supabase) linked to your email and Stripe session. Used to validate your Pro license from the VS Code extension.

IP address — used temporarily by Cloudflare for bot protection and by our Cloudflare Workers for rate limiting (max 5 checkout attempts per hour per IP). Not stored in our database. Not linked to your identity.

We do not collect: browsing behavior, device identifiers, location data, or any data from your VS Code projects. The extension queries public registries (PyPI, npm, crates.io, etc.) and OSV.dev directly from your machine — those requests never pass through our servers.

3. Cookies

We do not set cookies ourselves. The cookies below are set by third-party services we use for payment processing and infrastructure. None of them are used for advertising or tracking.

Because all cookies are strictly necessary for the functioning of the service (payment or infrastructure), they do not require your prior consent under the GDPR ePrivacy Directive. However, you are being informed of their existence here.

These cookies are not set until you navigate to the Stripe Checkout page (payment flow). Browsing scanreq.com without initiating a purchase will only result in the Cloudflare __cf_bm cookie being set.

4. Third-party services

Stripe — payment processor. When you purchase ScanReq Pro, you are redirected to a Stripe-hosted Checkout page. Stripe's privacy policy applies to that interaction: stripe.com/privacy.

Cloudflare — DNS, CDN, and Cloudflare Pages hosting. All traffic to scanreq.com passes through Cloudflare's network. Cloudflare's privacy policy: cloudflare.com/privacypolicy.

Supabase — database for license storage. Hosted in the EU (AWS eu-central-1). Only your email and license token are stored.

Resend — transactional email provider. Used exclusively to send your license token after purchase. Resend's privacy policy: resend.com/legal/privacy-policy.

5. Data retention

Your email and license token are retained indefinitely so that you can recover your token at any time. If you would like your data deleted, contact us at support@scanreq.com and we will remove it within 30 days. Note that deleting your record will deactivate your Pro license permanently.

6. Your rights (GDPR)

If you are in the EU or UK, you have the right to access, correct, or delete the personal data we hold about you, and to object to or restrict its processing. To exercise any of these rights, contact us at support@scanreq.com.

7. Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date above. We will not retroactively change how we use data already collected.

8. Contact

Questions about privacy? Email us at support@scanreq.com.