Privacy Policy
Effective June 26, 2026
RackScan is a mobile app that analyzes photos of network, AV, and equipment racks. This policy explains what data the app collects, where it goes, and how to request deletion. Plain English; no dark patterns.
What we collect
- Photos you take or select for AI analysis. Photos are sent over HTTPS for the assessment request.
- Assessment results, notes, client names, and locations that you save in the app. Signed-out scans are stored on your device. Signed-in workspace scans may be synced to RackScan's cloud backend.
- Email address if you create or sign in to a RackScan workspace. We use email one-time passwords for authentication.
- Workspace and usage data, including plan, scan-pack balances, scan counts, AI question counts, project/site names, and billing-related status.
- Analysis retry cache data, including a client request identifier, the completed assessment JSON, analysis mode, and fallback status. This prevents duplicate retries from consuming another paid scan.
- Security and abuse-prevention identifiers, including hashed IP/network identifiers, hashed anonymous install identifiers, hashed device identifiers, session metadata, and rate-limit counters. RackScan uses these to protect paid scans, prevent automated abuse, enforce device limits, and investigate suspicious activity.
- Pack purchase status and identifiers through Google Play, the App Store, and RevenueCat.
- Device, app, and crash diagnostics through Sentry if enabled, such as device model, OS version, app version, stack traces, and error context. We do not intentionally send photos to crash reporting.
What we do not collect
- We do not sell personal data.
- We do not use advertising SDKs or share data with advertisers.
- We do not request GPS location or track your precise location.
- We do not collect contacts, calendar data, health data, SMS messages, or audio recordings.
- We do not collect payment card or bank account numbers. Payments are handled by Google Play or the App Store.
Where photos and AI data go
When you analyze a rack, the app sends your photo or selected image over HTTPS to RackScan's Cloudflare Worker backend. The backend forwards the image to Anthropic's Claude API to generate the assessment. Photos are processed for the request and are not intentionally stored by RackScan's backend in the current release. The returned assessment JSON may be stored locally on your device, and if you are signed in, may be stored in your RackScan workspace so you can view usage and scan history.
Signed-in analysis requests may also write the completed assessment JSON to an analysis retry cache. The cache is keyed by your workspace and a request identifier from the app. It is used only to return the same completed result if the app retries after a network hiccup or timeout, so a duplicate retry does not consume another scan credit.
Workspace login
Workspace login is optional. If you sign in, RackScan uses your email address to send a one-time password. Transactional email may be processed through Brevo or another email provider. Session tokens are stored on your device so you can remain signed in.
Billing and scan packs
Scan-pack purchases are managed by Google Play or the App Store, with RevenueCat used for purchase syncing. RackScan receives the pack product identifier, purchase and refund events, and related metadata needed to credit scans and AI questions to your workspace. RackScan does not receive your credit card or bank account details.
Data retention
Original rack photos are processed for the analysis request and are not intentionally stored by RackScan's backend in the current release. Workspace scan records and saved assessment JSON are kept until you delete them or request workspace deletion. Analysis retry cache entries are retained for up to 30 days. Operational scan metrics, such as success/failure status, latency, upload size estimates, and fallback status, are retained for up to 180 days. Billing, security, and support records may be retained longer when needed for app store disputes, fraud prevention, security, accounting, or legal obligations. Active abuse-prevention blocks are kept until they expire, are revoked, or are no longer needed for security or fraud prevention.
Security
RackScan encrypts data in transit using HTTPS. Access to workspace data requires a valid session. We use rate limiting, server-side usage checks, and abuse-prevention controls to protect the service. We avoid storing raw IP addresses in RackScan application tables for these controls; when a network identifier is needed, RackScan stores a cryptographic hash instead.
Your data, your control
For local device data, go to Settings - Delete All My Data in the app to wipe saved scans, clients, preferences, and local counters from that device. To delete a single local scan, long-press it in History.
To request deletion of a RackScan workspace account, cloud scan records, or associated workspace data, email support@rackscan.app from the email address connected to your workspace and include "RackScan data deletion" in the subject. We will verify the request and delete or anonymize associated workspace data unless we are required to keep limited records for legal, security, or billing reasons.
Children
RackScan is a professional utility and is not directed at children. We do not knowingly collect personal data from children.
Changes
If we change this policy materially, we will update the effective date and, when appropriate, notify active users in-app or by email.
Contact
Questions or requests: support@rackscan.app.
Back to RackScan