Privacy & Data Policy
Last updated June 22, 2026
This policy explains how Scanli (“Scanli,” “we,” “us”) handles personal information — both information we collect for our own purposes (for example, when you contact us through scanli.io) and information we process on behalf of our business clients when you take part in a Scanli-powered activation. Questions or requests: use the contact form at scanli.io or email us at hi@scanli.io.
1. Our two roles
As a controller — our own site and business. When you visit scanli.io or contact us, we decide how your information is used.
As a processor — client activations. When you scan a client’s Scanli experience (for example, a branded survey at an event), we collect your information on behalf of that client. The client is the controller: they decide why the information is collected and how it is used after the event. We process it under the client’s instructions and deliver it to them, and the client’s own privacy notice governs their use. We do not sell this information or use it for our own marketing.
2. Information we collect
- On scanli.io (as controller): information you submit through our contact form (such as name, email, and message); limited technical data (such as IP address and browser type) for security and basic analytics; and minimal cookies needed to run the site.
- In a client activation (as processor): the information you choose to provide — typically your name, email, and answers to a survey, quiz, or game; a timestamp; and, where a referral feature is used, a referral code. A client may request additional custom fields, which are described in that activation’s notice. If the activation includes a “follow on social media” step, we record only your self-confirmation that you followed (a yes/no) — we do not access your social-media account or follower data.
Activations are intended for general contact and marketing information only. They are not designed to collect health information (such as PHI under HIPAA), government ID numbers, full payment-card numbers, or other sensitive data, and clients are instructed not to collect such data through the experience.
3. How we use information
We use information from scanli.io to respond to you and operate the site. We use activation information to run the experience and deliver the captured data to the client it was collected for. We do not sell personal information.
4. Consent at the point of capture
We recommend that client activations show a short notice and ask for your agreement before you take part (see the recommended sample notice at the end of this policy). The exact notice and lawful basis are the client’s responsibility. Participation is voluntary, and you can ask to be removed at any time.
5. Who we share information with
We use trusted third-party providers to run the service — including cloud hosting and serverless functions, managed database storage, data-delivery (spreadsheet) services, and a payment processor for client billing (not participant data). A current list of our providers is available on request. We share captured activation data only with the client it was collected for. We do not sell data or share it for others’ marketing.
6. How long we keep information
Activation data: kept while the engagement is active and delivered to the client; deleted from our active systems after the engagement ends or on request, typically within 30 days, except for routine backups that age out and anything we must keep by law. Clients may also set their own retention rules. Site/contact data: kept only as long as needed to handle your inquiry.
7. Your choices and rights
Depending on where you live (for example, under the GDPR or California’s CCPA/CPRA), you may have rights to access, correct, delete, or limit the use of your information, and to opt out of “sale” (we do not sell). For information collected in a client activation, the client is the controller — send your request to that client, or contact us and we will help route it. We will not discriminate against you for exercising your rights.
8. Security
We use appropriate technical and organizational measures, including encryption in transit, access controls, and reputable infrastructure providers. We do not store payment-card numbers — billing is handled by our payment processor. No method of transmission or storage is 100% secure.
9. Children
Our services are not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided information, contact us and we will delete it.
10. International transfers
Our providers may process data in other countries. Where required, we use appropriate safeguards for such transfers.
11. Changes and contact
We may update this policy and will change the “last updated” date above. For any questions or requests, use the contact form at scanli.io or email hi@scanli.io.
Appendix — Sample point-of-capture consent line (recommended)
We recommend clients display a short notice like the one below before a participant enters; the client fills in their brand name and follow-up purpose, and is responsible for its accuracy and lawful basis:
“By entering, you agree that [Brand] — with its technology partner Scanli — may collect your name, email, and answers to run this activation and follow up with you about [Brand]. Participation is voluntary, and you can ask to be removed anytime at hi@scanli.io. See [Brand]’s privacy policy.”