Privacy Policy

1. Overview

Scotell ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your choices. It applies to all users of the Scotell platform, including visitors, registered users, and Premium subscribers.

2. Information We Collect

We collect the following categories of information:

• Account information: name, email address, authentication provider (Google or email/password via Firebase).
• Profile data: user type, primary use case, and other onboarding preferences you provide.
• Research inputs: business ideas, locations, industries, and other parameters you submit when creating reports.
• Generated outputs: the research reports, competitor data, regulatory summaries, and business plans we produce for you.
• Usage data: pages visited, features used, report status, and interaction logs for service improvement.
• Technical data: IP address, device type, browser, and operating system for security and analytics.
• Payment data: billing information processed by our payment provider. We do not store full card details.

3. How We Use Your Information

We use your information to:

• Operate the Service — generate, store, and display your research reports.
• Authenticate and secure your account via Firebase Authentication.
• Personalise your experience based on your stated role and use cases.
• Send transactional emails including report-ready notifications and account updates.
• Analyse aggregate usage patterns to improve the platform.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with applicable laws and regulations.

4. Data Sharing

We do not sell your personal information. We share data with trusted service providers only as necessary to operate the platform:

• Firebase (Google) — authentication and identity management.
• OpenRouter — routes LLM requests to AI providers (inputs are processed but not stored long-term).
• Tavily, Google Maps, Foursquare, Firecrawl — external data sources used to generate research reports.
• Resend — transactional email delivery.
• Our cloud hosting provider — for secure infrastructure.

5. Data Retention

We retain your account information and generated reports for as long as your account is active. If you delete your account, we will delete or anonymise your personal information within 90 days, subject to any legal obligations to retain certain records.

6. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of your account and associated personal data.
• Export your data in a portable format.
• Withdraw consent for processing where consent is the legal basis.
• Lodge a complaint with your local data protection authority.

7. Security

We implement industry-standard security measures including encrypted data transmission (TLS), server-side authentication token verification, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security.

8. Cookies & Session Data

We use a single session cookie ("__session") to maintain your authenticated state. This is a strictly necessary cookie required for the Service to function. We do not use advertising or tracking cookies.

9. Children's Privacy

The Service is not directed at persons under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will update the "Last updated" date and notify registered users of material changes by email or in-app notice. Continued use of the Service constitutes acceptance of the updated Policy.