Last updated: March 15, 2026
Scandar ("Scandar," "we," "us," or "our") operates the scandar.ai website and related services. For the purposes of applicable data protection laws, Scandar is the data controller. Contact us at privacy@scandar.ai.
This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.
When you create an account, we collect your name, email address, and authentication credentials. If you sign in with Google, we receive your name and email from Google's OAuth service.
When you submit files or text for scanning, we process the content to perform security analysis. For authenticated users, scan results (findings, trust scores, and metadata) are stored to provide scan history. The original file content is stored temporarily for the scan and for AI Fix functionality.
Payment processing is handled by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. We store your Stripe customer ID and subscription status to manage your plan.
We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for rate limiting, abuse prevention, and service improvement.
The Scandar CLI in offline mode (Layer 1) processes files entirely on your machine. No data is sent to our servers. When using Layer 2 analysis or the Scandar API, file content is transmitted over HTTPS.
The Guard SDK runs entirely in-process on your infrastructure. Detection patterns execute locally. No message content, tool calls, or agent responses are transmitted to Scandar servers. Optional telemetry (detection counts, latency metrics) can be enabled but is off by default.
Fleet monitoring data including agent metadata, session summaries, threat scores, and policy evaluation results are stored on Scandar infrastructure. Message content is not stored unless explicitly configured for incident investigation.
If you are in the European Economic Area or United Kingdom, we process your personal data under the following legal bases: (a) Contract performance — to provide the services you have signed up for; (b) Legitimate interests — to improve our services, prevent fraud, and ensure security; (c) Consent — where you have opted in to marketing communications; (d) Legal obligation — to comply with applicable laws and regulations.
Scan results are retained for the duration of your account. When you delete your account, all associated data (profile, scan history, API keys, reports) is permanently deleted. Unauthenticated scan data is not stored beyond the immediate request/response cycle.
We do not sell your data. We share information only with:
We do not use your scan data to train AI models. Content sent to Anthropic for Layer 2 analysis is subject to Anthropic's usage policy, which does not use API inputs for training.
We use industry-standard measures to protect your data:
Depending on your jurisdiction, you may have the right to:
To exercise these rights, delete your account from Settings or contact us at privacy@scandar.ai.
If you are in the EEA/UK, you also have the right to: lodge a complaint with your local data protection supervisory authority; request restriction of processing; and object to processing based on legitimate interests.
If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.
We use essential cookies for authentication and session management. These cookies are required for the service to function and cannot be disabled. We do not use tracking or advertising cookies.
Scandar is not intended for use by anyone under 16. We do not knowingly collect data from children.
We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance.
For privacy-related inquiries: privacy@scandar.ai