← Back to Skannr

Privacy Policy

Effective date: April 4, 2026 — Last updated: April 4, 2026

Skannr (skannr.app) is a service provided by Three Fourteen, a company registered in France (hereinafter "Three Fourteen", "we", "us", or "our"). Three Fourteen is the data controller for the personal data processed through Skannr.

This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and applicable French data protection legislation (Loi Informatique et Libertés).

1. Data Controller

Three Fourteen

Email: privacy@skannr.app

2. Data We Collect

2.1 Account Data

  • Full name, email address, and hashed password (Argon2id — we cannot read your password).
  • Organization name and billing email.
  • MFA secrets (encrypted, if two-factor authentication is enabled).

2.2 Scan Data

  • IP addresses, domain names, and CIDR ranges you configure as monitoring targets.
  • Scan results: open ports, service banners, TLS certificate metadata, and differential analysis.
  • Alert history and notification preferences.

2.3 Billing Data

  • Billing name, address, and VAT number — collected by Stripe at checkout.
  • We do not store credit card numbers, CVVs, or full payment details. All payment processing is handled by Stripe.
  • We store a Stripe customer ID and subscription ID to manage your plan.

2.4 Technical Data

  • IP address used to access the service (for security logging and rate limiting).
  • API request timestamps and feature usage for service operation.
  • We do not use cookies for tracking. Authentication uses bearer tokens stored in your browser's local storage.

3. Legal Basis for Processing (Art. 6 GDPR)

  • Performance of a contract (Art. 6(1)(b)): processing your account and scan data is necessary to provide the service you subscribed to.
  • Legitimate interest (Art. 6(1)(f)): aggregated, anonymized analytics to improve service reliability; security logging to prevent abuse.
  • Consent (Art. 6(1)(a)): optional marketing emails. You can withdraw consent at any time by unsubscribing.
  • Legal obligation (Art. 6(1)(c)): retention of billing records as required by French commercial and tax law.

4. Data Location and Transfers

All data is stored on servers located in France, European Union. We do not transfer personal data outside the EEA except through sub-processors with adequate safeguards (Standard Contractual Clauses per Art. 46(2)(c) GDPR).

5. Sub-processors

ProviderPurposeLocationSafeguards
Stripe, Inc.Payment processing, billing, invoicingUnited StatesEU SCCs, PCI DSS Level 1
Brevo (Sendinblue)Transactional and marketing emailFranceEU-based, GDPR compliant

We will update this list and notify affected users before engaging any new sub-processor.

6. Cookies and Tracking

Skannr uses zero tracking cookies and no third-party analytics(no Google Analytics, no Meta Pixel, no tracking scripts of any kind). We do not participate in advertising networks or sell data to third parties.

The only client-side storage we use is localStorage for your authentication token, which is a strictly necessary functional mechanism exempt from cookie consent requirements under the ePrivacy Directive.

7. Your Rights (Articles 15–22 GDPR)

You have the right to:

  • Access (Art. 15): obtain a copy of all personal data we hold about you.
  • Rectification (Art. 16): correct inaccurate personal data via your dashboard.
  • Erasure (Art. 17): request deletion of your account and all associated data.
  • Restriction (Art. 18): pause processing of your data while a dispute is resolved.
  • Portability (Art. 20): export your data in a machine-readable format (JSON/CSV).
  • Object (Art. 21): object to processing based on legitimate interest.

You can exercise most of these rights directly from your dashboard (Account Settings). For any request, contact privacy@skannr.app. We will respond within 30 days.

You also have the right to lodge a complaint with the French data protection authority (CNIL — www.cnil.fr).

8. Data Retention

  • Account data: retained for the duration of your account, plus 30 days after deletion.
  • Scan results: retained according to your plan tier (Free: 30 days, Pro: 90 days, Business: 1 year, Enterprise: configurable).
  • Billing records: retained for 10 years as required by French commercial law (Code de commerce, Art. L123-22).
  • Security logs: IP addresses in access logs are retained for 12 months.

9. Security Measures

  • Passwords hashed with Argon2id (memory-hard, resistant to GPU attacks).
  • All data encrypted in transit (TLS 1.3) and at rest.
  • Optional two-factor authentication (TOTP) with recovery codes.
  • Role-based access control with JWT tokens (15-minute expiry).
  • All database queries use parameterized statements (no SQL injection).

10. Data Breach Notification

In the event of a personal data breach, we will notify the CNIL within 72 hours (Art. 33 GDPR) and affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms (Art. 34 GDPR).

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the service. Continued use of Skannr after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related inquiries: privacy@skannr.app

© 2026 Three Fourteen. All rights reserved.