DATA PROTECTION GDPR COMPLIANT

1. GDPR COMPLIANCE

1.1 Legal Basis for Processing

Metascanner processes your data under the following legal bases:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interest: Security, fraud prevention, and service improvement
• Consent: For optional features and communications

1.2 Data Controller

Metascanner acts as the data controller for all personal data processed through our platform. We are responsible for ensuring compliance with GDPR requirements.

2. YOUR DATA RIGHTS (GDPR)

2.1 Right of Access

You have the right to request confirmation of whether we process your personal data and, where we do, access to the personal data and information about:

• The purposes of processing
• The categories of personal data concerned
• The recipients or categories of recipients
• The envisaged retention period
• Your rights under GDPR

2.2 Right to Rectification

You have the right to have inaccurate personal data rectified and incomplete personal data completed.

2.3 Right to Erasure ("Right to be Forgotten")

You have the right to request the erasure of your personal data where:

• The personal data is no longer necessary
• You withdraw consent
• You object to processing
• The personal data has been unlawfully processed

2.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

2.5 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

3. DATA SECURITY MEASURES

3.1 Technical Safeguards

We implement comprehensive technical security measures:

• Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
• Access Controls: Role-based permissions and multi-factor authentication
• Network Security: Firewalls, intrusion detection, and DDoS protection
• Data Isolation: Separate processing environments for each user session

3.2 Organizational Safeguards

We maintain strict organizational security practices:

• Regular security training for all staff
• Background checks for personnel with data access
• Incident response procedures
• Regular security audits and penetration testing

4. DATA PROCESSING DETAILS

4.1 Processing Purposes

We process your data for the following purposes:

• Service Provision: Metadata extraction and AI analysis
• Account Management: User authentication and profile management
• Security: Fraud prevention and platform security
• Support: Customer service and technical support

4.2 Data Categories

We process the following categories of personal data:

• Account Data: Email address, account preferences
• Usage Data: Analysis history, feature usage
• Technical Data: IP addresses, device information
• Content Data: Temporarily processed images (never stored)

5. INTERNATIONAL DATA TRANSFERS

5.1 Transfer Safeguards

When data is transferred outside the EEA, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Binding corporate rules where applicable
• Additional technical and organizational measures

5.2 Third-Party Processors

We use the following third-party processors with appropriate safeguards:

• Firebase (Google): Authentication and database services
• Google Gemini: AI analysis capabilities
• OpenCage: Geocoding services

6. DATA RETENTION POLICY

6.1 Retention Periods

We retain different types of data for specific periods:

• Account Data: Until account deletion or 2 years of inactivity
• Analysis History: Until account deletion or user request
• Uploaded Images: Never stored - processed in memory only
• Log Data: 90 days for security and debugging

7. BREACH NOTIFICATION

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Notify affected users without undue delay
• Document all breaches and remedial actions taken
• Implement additional security measures as needed

8. DATA PROTECTION OFFICER

For data protection inquiries, contact our Data Protection Officer:

• Email: dpo@metascanner.site
• Subject: Data Protection Inquiry
• Response time: Within 30 days

9. SUPERVISORY AUTHORITY

You have the right to lodge a complaint with your local supervisory authority if you believe we have not addressed your concerns adequately.

10. CHANGES TO DATA PROTECTION

We may update our data protection practices periodically. Significant changes will be communicated via email or platform notification at least 30 days in advance.