Trust resources
Security
Authentication, workspace isolation, row-level access controls, private storage, and audit logging.
Read →
Privacy Policy
What we collect, how we use it, your choices, and Virginia (VCDPA) rights.
Read →
AI Transparency
Where AI is used, how requests are routed, and what you must review.
Read →
Data Retention
How long we keep different categories of data and how to request deletion or export.
Read →
Terms of Service
The agreement that governs use of Scannect.
Read →
Data Processing Addendum
Template DPA describing processor roles, safeguards, and subprocessor categories.
Read →
Current status
- Workspace-isolated access controls, enforced by row-level security and by server-side authorization checks.
- Private storage for uploaded card images and workspace logos, accessed via time-limited signed URLs.
- Sensitive operations (auth, AI calls, connected-account use, plan changes) handled server-side.
- Audit logging for sensitive events, including connected-account activity and plan changes.
- No patient data / no PHI. Scannect is not designed for and must not be used for clinical or patient management.
Contact
Questions about security, privacy, AI, retention, or the DPA: support@myscannect.com. For vulnerability reports, see Security → Responsible Disclosure.
