Cookie Policy
Last updated: July 2026
ScanTheGap uses essential cookies only — no tracking cookies, no advertising, no third-party analytics cookies. This page explains exactly what is used, and which external services receive data when you use the site.
1. What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help the website remember information about your visit. Even without setting cookies, some services receive your IP address when your browser loads resources — such as fonts — from their servers, and when you run a scan some of your input is sent to an AI provider for processing. We explain all of these below.
2. Cookies We Use
ScanTheGap sets only strictly necessary cookies. All are essential — the site cannot function correctly without them. There are no optional or analytics cookies, so there is nothing to opt out of.
| Cookie | Purpose | Duration | Legal Basis |
|---|---|---|---|
| scanthegap_session | Keeps you logged in during your visit | Session end | Strictly necessary — essential for login (Art. 6(1)(f) GDPR; § 25(2) TTDSG) |
| XSRF-TOKEN | Security token — prevents cross-site request forgery attacks | Session end | Strictly necessary — essential security (Art. 6(1)(f) GDPR; § 25(2) TTDSG) |
| cookie_consent | Remembers that you have seen this cookie notice | 1 year | Strictly necessary — required to avoid re-showing the notice (Art. 6(1)(f) GDPR; § 25(2) TTDSG) |
| Stripe session cookie | Set by Stripe on checkout pages only, to process your payment securely and prevent fraud | Checkout only | Contract performance — necessary to process payment (Art. 6(1)(b) GDPR) |
The Stripe cookie is only present when you are on a payment/checkout page. It is not set during normal browsing or scanning.
3. Third-Party Services and Data Transfers
The following services do not set cookies on your device, but they do receive data when your browser loads resources from them, when statistics are recorded, when we send you a service email, or when you run a scan. We list them here for full transparency.
| Service & Provider | Purpose | Data Transferred | Legal Basis |
|---|---|---|---|
|
DeepSeek AI Hangzhou DeepSeek AI — servers outside the EU (China / US) |
Analyses, scores and ranks the market signals for the scan you request. Runs server-side. | Your scan inputs and the public market data collected for that scan. No cookies. We do not send your name, email or payment data. | Contract performance (Art. 6(1)(b)) and transfer necessary to perform the contract you requested (Art. 49(1)(b) GDPR) |
|
Bunny Fonts BunnyWay d.o.o., Ljubljana, Slovenia (EU) |
Loads the Inter font used across the website | IP address, browser type, referring URL | Legitimate interest — privacy-friendly EU font CDN, no persistent user tracking (Art. 6(1)(f) GDPR) |
|
Umami Analytics Self-hosted by us (analytics.freelancerproof.com) |
Anonymous, aggregate visit statistics (page views, referrers). No cookies, no cross-site tracking, no personal profiles. | Anonymised request data only — no cookies, no personal identifiers | Legitimate interest — basic, privacy-friendly traffic measurement (Art. 6(1)(f) GDPR) |
|
Resend Resend, Inc. — transactional email delivery |
Sends service emails only (scan complete, credit purchase receipt, refund, low balance). No marketing. | Your email address and the content of the service message | Contract performance — necessary to operate your account (Art. 6(1)(b) GDPR) |
|
Stripe Stripe Payments Europe Ltd., Dublin, Ireland (EU) |
Payment processing and fraud prevention — active on pricing and checkout pages only | IP address, browser/device information, payment details (handled entirely by Stripe) | Contract performance — necessary to process payments (Art. 6(1)(b) GDPR) |
|
Hetzner Hetzner Online GmbH, Nuremberg, Germany (EU) |
Hosting and server infrastructure for the website and database | All site data, stored on EU servers in Germany | Contract performance / legitimate interest in reliable hosting (Art. 6(1)(b)/(f) GDPR) |
The only transfer outside the EU is to DeepSeek, which processes the content of the scan you request. This transfer is made on the basis of Art. 49(1)(b) GDPR — it is necessary to perform the scan you asked us to run. See our Privacy Policy and GDPR Rights page for details.
4. No Tracking or Advertising
We do not use:
- Google Analytics or any cookie-based analytics platform
- Facebook Pixel or any advertising network
- Any third-party tracking cookies
- Any fingerprinting or cross-site tracking technology
- Google Fonts or any Google-operated CDN
Our only analytics is Umami, which we host ourselves and which records anonymous, cookieless statistics. Bunny Fonts was specifically chosen as a privacy-friendly alternative to Google Fonts; Bunny.net does not create persistent user profiles or sell user data.
5. How to Control Cookies
You can control or delete cookies through your browser settings:
- Chrome: Settings → Privacy and Security → Cookies
- Firefox: Settings → Privacy and Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and Site Permissions
Note: Disabling essential cookies will prevent you from logging in to ScanTheGap.
6. Your Right to Object
Where our processing is based on legitimate interest rather than consent, you have the right to object at any time under Art. 21 GDPR. To exercise this right, contact us at info@scanthegap.com with the subject "GDPR Objection — Cookie Processing".
Note: Objecting to essential cookies will prevent you from using the login functionality of ScanTheGap.
7. Contact
ScanTheGap — operated by Samia Zahoor (Einzelunternehmen)
Address: Alsterkrugchaussee 595, 22335 Hamburg, Germany
Email: info@scanthegap.com
Website: https://scanthegap.com
Data protection authority for complaints:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
https://datenschutz.hamburg.de