Scan

Privacy Policy

Last updated: June 1, 2026

This Privacy Policy explains how i (“we”, “us”, or “our”), operated by Ghozt Systems, Inc, doing business as GHOZT, collects, uses, and protects information when you use our platform, including its editor and related applications and services such as Scanner (collectively, the “Services”).

This policy applies to all users worldwide unless stated otherwise.

1. The Platform

i allows users to create and publish rich digital content using its editor. Each published item is referred to as an annotation.

Content may be viewed on the web or in Scanner, available as a mobile app on iOS and Android. Content may be accessed by scanning QR codes or opening links, including via NFC-based system links (Universal Links on iOS and App Links on Android).

2. Information We Collect

2.1 Information You Provide

Accounts

To use the editor, you must create an account using:

  • Email
  • Google OAuth
  • Apple OAuth

If you sign up using email, we collect your email address. No additional personal information is collected.

2.2 Information Collected When Viewing Content

Web

When viewing content (an annotation) on the web, we collect limited analytics to understand how content is accessed, including:

  • Content views
  • Link clicks

These analytics relate only to content created using the editor.

Scanner (mobile)

Scanner collects:

  • Platform-provided analytics from the operating system or app store
  • Our own analytics related to:
    • Scans (QR or link-based opens)
    • Content views
    • Link clicks

2.3 Technical Information

For analytics and security purposes, we generate derived identifiers using technical signals such as:

  • IP address
  • User agent
  • Country

These values are hashed and combined to create non-reversible identifiers. We do not store raw IP addresses in our analytics database, and we do not attempt to identify individuals.

3. How We Use Information

We use information to:

  • Operate and maintain the Services
  • Authenticate users
  • Deliver and display content
  • Understand usage patterns and improve the platform
  • Detect abuse and maintain security
  • Respond to support requests

We process information only where we have a lawful basis to do so, including to perform the Services, comply with legal obligations, and pursue our legitimate interests in operating and improving the platform.

We do not sell personal data.

4. Cookies and Similar Technologies

We use only strictly necessary cookies required for security and authentication, including:

  • Authentication tokens
  • OAuth flow protection values
  • CSRF protection tokens

These cookies do not store personal information and are required for the editor to function securely.

5. Data Retention

  • Account data (email): retained while the account exists
  • Authentication data: short-lived and automatically expires
  • Viewing analytics: retained for 90 days
  • Aggregated or anonymized analytics may be retained longer for platform improvement

6. Data Security

We take reasonable technical and organizational measures to protect information from unauthorized access, loss, misuse, or alteration. However, no system is completely secure, and we cannot guarantee absolute security.

7. Sharing and Service Providers

We use third-party service providers to operate and support the Services. These providers assist with:

  • Hosting and infrastructure
  • Data storage
  • Content delivery and security
  • Authentication
  • Analytics and error monitoring

They process data on our behalf and under our instructions. We do not authorize them to use data for their own purposes.

8. Children’s Privacy

Scanner and web viewing are available to users of all ages. When content is viewed, we collect only the limited, non-identifying analytics described in this policy (such as scans, content views, and link clicks). We do not require an account to view content and do not knowingly collect identifying personal information from children through viewing.

Accounts are intended for users aged 13 or older (or the minimum age of digital consent in your jurisdiction, where higher), because creating an account involves providing an email address. We do not knowingly create accounts for children below the applicable age. If we learn that we have collected such data without appropriate consent, we will delete it. If you believe a child has provided us with personal data, please contact us using the details below.

9. International Data Transfers

Your information may be processed and stored in countries other than the one in which you reside, including countries where we or our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

Where we transfer personal data out of the European Economic Area, the United Kingdom, or other regions with transfer restrictions, we rely on an appropriate safeguard for that transfer, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable) or a transfer to a country recognized as providing an adequate level of protection. You may request more information about the safeguards we use by contacting us using the details below.

10. Your Rights

Depending on your location, you may have some or all of the following rights regarding your personal data:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Request portability of data you provided to us, in a structured, commonly used format
  • Withdraw consent at any time, where processing is based on consent (this does not affect processing carried out before withdrawal)
  • Lodge a complaint with your local data protection or supervisory authority

To exercise any of these rights, contact us using the details below. We will respond within the timeframe required by applicable law (for example, within one month under the GDPR, extendable where permitted). We may need to verify your identity before acting on a request.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a new “Last updated” date. Continued use of the Services constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Email: [email protected]