Privacy Policy
Last updated: July 2026
ScanTheGap is operated from Hamburg, Germany and is subject to the General Data Protection Regulation (GDPR). This policy explains what data we collect, why, who processes it, and what your rights are.
1. Who We Are (Data Controller)
ScanTheGap is operated by Samia Zahoor, Einzelunternehmen (sole proprietorship), located at Alsterkrugchaussee 595, 22335 Hamburg, Germany. Contact: info@scanthegap.com. Samia Zahoor is the data controller responsible for your personal data.
2. What Data We Collect
- Account information: name and email address provided at registration
- Scan inputs: the category, country and solution type you select for each scan
- Scan results: the opportunities generated for you and any bookmarks you save
- Credit and purchase data: which credit pack you bought and your credit balance (card details are handled entirely by Stripe — we never see them)
- Server logs: IP address, browser type, access times — retained for 30 days
- Anonymous usage statistics via our self-hosted Umami (no cookies, no personal identifiers)
3. Why We Collect It (Legal Basis)
- To provide the ScanTheGap service and run the scans you request — contract performance, Art. 6(1)(b) GDPR
- To process credit purchases and send receipts — contract performance, Art. 6(1)(b) GDPR
- To send service-related emails such as scan-complete notices and password resets — contract performance, Art. 6(1)(b) GDPR
- To keep the platform secure and measure basic, anonymous traffic — legitimate interest, Art. 6(1)(f) GDPR
- To comply with legal and tax obligations — legal obligation, Art. 6(1)(c) GDPR
4. How Long We Keep It
- Account data: until you delete your account
- Raw scan data: automatically deleted after 90 days
- Scan results and bookmarks: until you delete them or your account
- Server logs: 30 days
- Invoice and payment records: retained as required by German tax law (up to 10 years, § 147 AO)
5. Third-Party Processors
We use the following processors to operate ScanTheGap. We do not sell your data to anyone.
- DeepSeek AI (servers outside the EU — China / US) — our primary AI provider. When you run a scan, your scan inputs and the public market data collected for that scan are sent to DeepSeek for analysis and scoring. This runs server-side. We do not send your name, email address or payment data to DeepSeek. Because DeepSeek operates outside the EU and there is no EU adequacy decision for it, this transfer is made under Art. 49(1)(b) GDPR — it is necessary to perform the scan you requested. (OpenAI and Anthropic Claude are implemented as optional alternative providers and are only used if explicitly selected, e.g. for an on-demand deep analysis.)
- Stripe (Stripe Payments Europe Ltd., Dublin, Ireland — EU) — payment processing for credit purchases. Stripe handles your card details directly; we never see or store them.
- Resend (Resend, Inc.) — delivery of transactional service emails only (scan complete, credit purchased, refund, low balance). No marketing email.
- Bunny Fonts (BunnyWay d.o.o., Slovenia — EU) — EU-based font CDN. Your IP address is transferred when fonts load. No cookies, no persistent tracking.
- Umami (self-hosted by us) — anonymous, cookieless visit statistics. Processes no personal identifiers and creates no user profiles.
- Hetzner Online GmbH (Nuremberg, Germany — EU) — hosting and server infrastructure. Your data is stored on EU servers in Germany.
6. Transfers Outside the EU
The only transfer of your data outside the EU is to DeepSeek (China / US), and only for the content of the scans you choose to run. As explained above, this is based on Art. 49(1)(b) GDPR. All other processors store and process your data within the EU. If you do not wish your scan content to be processed outside the EU, please do not run a scan.
7. Your GDPR Rights
You have the right to access, correct, delete, export, restrict, and object to processing of your data. See our GDPR Rights page for full details.
To exercise any right: email info@scanthegap.com with subject "GDPR Request". We respond within 30 days as required by law.
8. Cookies
We use essential cookies only. See our Cookie Policy for details.
9. No Advertising or Selling
We do not sell your data. We do not use advertising networks. We do not use tracking cookies.
10. Complaints
You have the right to lodge a complaint with your national data protection supervisory authority. In Germany: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit.
11. Contact
Data Controller: Samia Zahoor (Einzelunternehmen — ScanTheGap)
Address: Alsterkrugchaussee 595, 22335 Hamburg, Germany
Email: info@scanthegap.com