Privacy Policy

1. Introduction

Prescanix ("we", "us", "our") is operated by Prescanix. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (www.prescanix.com) and services (the "Service"). Please read this policy carefully. By using the Service, you agree to the collection and use of information as described herein.

2. Information We Collect

2.1 Account Information

When you register, we collect your email address and a display name. Authentication is handled by Clerk (our identity provider) — we do not store passwords directly.

2.2 Uploaded Files (IPA)

When you submit a scan, your .ipa file is temporarily uploaded to secure cloud storage (AWS S3) solely for the purpose of analysis. IPA files are permanently deleted immediately after analysis completes — typically within seconds to minutes. We do not retain your binary files.

2.3 Scan Results & Metadata

We store the analysis output associated with your account: the risk score, findings, app metadata (bundle ID, version, permissions list), and the extracted feature vector used for ML analysis. This data is retained for as long as your account is active and is deleted upon account closure.

2.4 Usage & Technical Data

We collect standard server logs including IP addresses, browser/user-agent strings, and timestamps for security and operational purposes. This data is retained for up to 90 days.

2.5 Payment Information

Billing is processed by Cashfree Payments. We store only your subscription status and payment provider customer ID. We never receive, store, or log your full card number, CVV, or bank credentials.

3. How We Use Your Information

• To provide, operate, and improve the Prescanix analysis service
• To authenticate your account and enforce plan limits
• To process payments and manage subscriptions
• To improve our ML models using anonymized feature data (no raw IPA data)
• To send transactional emails (scan complete notifications, billing receipts)
• To respond to support requests
• To comply with legal obligations

We do not sell your personal data to third parties, and we do not use your data for advertising purposes.

4. Third-Party Services

Prescanix relies on the following sub-processors, each governed by their own privacy policies:

5. Data Retention

• IPA files: Deleted immediately after analysis (typically within minutes)
• Scan results & findings: Retained while your account is active; deleted within 30 days of account closure
• Account data: Retained for the lifetime of your account
• Server logs: Retained for up to 90 days
• Payment records: Retained for 7 years as required by applicable law

6. Data Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage at rest, access-controlled infrastructure, and API key hashing. IPA files are stored using presigned S3 URLs with short-lived access tokens and are deleted immediately after processing.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Object to or restrict certain processing activities
• Receive your data in a portable format

To exercise any of these rights, contact us at contact@prescanix.com.

8. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking or advertising cookies.

9. Children's Privacy

Prescanix is intended for professional use and is not directed at children under 13. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this policy periodically. We will notify registered users by email of material changes. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, contact us at: