EmmaScanOpen Scanner

Privacy Policy

Last updated: February 15, 2026

This Privacy Policy describes how EmmaScan ("we", "us", "our") collects, uses, and protects your information when you use our service at emmascan.io ("the Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address - provided during registration or social sign-in.
  • Display name and profile photo - from your social account if you use social sign-in.
  • User ID - a unique identifier assigned by our authentication system.

1.2 Subscription Data

If you subscribe to a paid plan, our third-party payment processor handles all payment information. We store:

  • Your subscription tier (Free/Pro/Power).
  • Subscription status and renewal dates.
  • Payment processor customer and subscription identifiers.

We never see or store your credit card number, CVV, or full payment details. These are handled entirely by our payment processor.

1.3 Usage Data

We collect minimal usage data:

  • Watchlist tickers - tickers you add to your watchlist (stored per user).
  • Alert configurations - signal alert conditions you create (stored per user).
  • Signal requests - custom signal requests you submit.
  • AI conversations - stored locally in your browser (localStorage). We do not store your AI conversations on our servers.

1.4 Technical Data

Our infrastructure may log:

  • IP addresses (for rate limiting and security).
  • Request timestamps and HTTP metadata.
  • Error logs for debugging.

These logs are retained for a limited period and used solely for security and operational purposes.

2. How We Use Your Information

  • Service delivery - to provide signal scanning, alerts, watchlists, and AI analysis.
  • Tier enforcement - to verify your subscription level and apply appropriate limits.
  • Alert notifications - to send email alerts when your configured signals trigger (Pro+ tiers).
  • Security - to prevent abuse and unauthorized access.
  • Improvement - to diagnose issues and improve the Service.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

The Service relies on third-party providers for authentication, payment processing, email delivery, content delivery, AI processing, and market data. These providers may receive limited data necessary to perform their function (e.g., your email address for authentication, or your chat messages for AI analysis).

Each third-party provider operates under its own privacy policy and data handling practices. We select providers that maintain industry-standard security and privacy practices.

4. AI Conversations

When you use the AI advisor feature:

  • Your messages are processed by a third-party AI provider to generate responses.
  • Conversation history is stored only in your browser's local storage. We do not persist conversations on our servers.
  • If you use BYOK (Bring Your Own Key), your messages go through your chosen provider under your own API agreement.
  • AI providers may have their own data retention policies. Please review their respective terms.

5. Cookies and Local Storage

We use minimal client-side storage:

  • Authentication token - for session management.
  • Theme preference - dark/light mode selection.
  • AI conversations - chat history (browser local storage only).
  • BYOK settings - your AI provider API key if configured (stored locally, never sent to our servers).

We do not use tracking cookies, advertising pixels, or third-party analytics trackers.

We collect first-party usage analytics on our own infrastructure to improve the Service. This includes pages visited, features used, session duration, and API response times. This data is processed and stored exclusively on our own servers - it is never shared with third parties. IP addresses are hashed and never stored in raw form.

6. Data Retention

  • Account data - retained while your account is active. Deleted upon request.
  • Subscription data - retained for billing and legal compliance purposes.
  • Server logs - retained for a limited period, then automatically purged.
  • Usage analytics - retained for up to 90 days, then automatically deleted.
  • Chat history - stored locally in your browser; cleared when you clear browser data.

7. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

  • Access - request a copy of your personal data.
  • Rectification - correct inaccurate personal data.
  • Erasure - request deletion of your personal data ("right to be forgotten").
  • Portability - receive your data in a structured, machine-readable format.
  • Objection - object to processing of your personal data.
  • Restriction - request restriction of processing.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit, abuse prevention systems, secure authentication, and per-user data isolation. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you become aware that a minor has provided us with personal data, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For questions or concerns about this Privacy Policy, or to exercise your GDPR rights, contact us at [email protected].

← Back to EmmaScan