What we collect, what we don’t, and why.
Plain-language privacy posture. The legal version of this page is the same content; we just write it in English first and lawyer-language second.
30 April 2026 · v5.0
This privacy posture covers scansmart.uk (this website) and app.scansmart.uk (the KiP Progressive Web App). It will evolve as the platform evolves; the version date above changes whenever the substance changes. Material changes will be notified via the website’s home page and the email digest.
1. The two-tier data architecture
ScanSmart deliberately separates two categories of data:
(a) Non-personal data — what you scan, what you decide (Bought / Put back / Just looking), the traffic-light verdict, the product barcode, the source database, an anonymous device ID generated locally on first use. This data is analysed in aggregate to produce the I500 hit-rate evidence base, the Weekly Supermarket Checkout, and the public Knowledge Library. Per UK GDPR Recital 26 and ICO anonymisation guidance, this corpus is outside the scope of “personal data” because nothing in it can identify an individual.
(b) Intentional personal data — what you give us when you submit a form (your name, email, organisation, role, message), subscribe to the Monday email digest, share a KiP Story with us, or sign up to the I500 enterprise programme. This data IS personal data under UK GDPR. We hold it under the lawful basis of consent (you sent us the form) for the duration of the relationship plus a reasonable archiving period.
2. The KiP scanner — what travels off your phone
When you tap a Decision Marker (Bought / Put back / Just looking) in the KiP app, ScanSmart sends:
- Your tap (the decision word)
- The product barcode
- The traffic-light reading the app showed (green / amber / red)
- The product name and brand (as recognised from the database)
- The sugar & salt readings (numerical)
- The dataset that answered the scan (Open Food Facts / I500 / community contribution)
- An anonymous device ID (a UUID generated locally, stored on your phone, regenerates if you reinstall the app)
- Your selected health profile if you set one (diabetes / hypertension / family / general)
- The app version
- Browser/device user agent string
What we do not send and never have sent:
- Your name
- Your email or any contact detail
- Your phone number
- Your location or GPS data
- Your IP address (Cloudflare sees it at the TLS edge for routing; we don’t persist it or write it to our database)
- Your postcode
- Demographic self-ID beyond the in-app health-profile tag
- Cross-device tracking identifiers
- Photographs of you, your family, or your shopping
- Free-text notes
You can switch off all data sharing in Settings → Privacy in the app at any time. Default is on. Off stops further writes immediately and persistently.
3. Forms on this website
When you submit a form on scansmart.uk (Door 2 I500 inquiry, Door 3 Partner contact, Subscribe waitlist, Stories submission, Contact), we collect what you type into the form: your name, email, organisation, role, and message. These are stored in a Cloudflare D1 database located in the EU (Western Europe region).
Submissions are sent to ScanSmart at courtneyclive84@gmail.com for human follow-up. We use Resend as the email-delivery provider when notification is enabled.
Cloudflare and Resend are processors under UK GDPR. Their respective privacy postures are at cloudflare.com/privacypolicy and resend.com/legal/privacy-policy.
4. Analytics
We use Cloudflare Web Analytics — a privacy-respecting, cookie-free, GDPR-compliant analytics product that does not track individual visitors and does not require a consent banner. It tells us aggregate page views, referrer sources, and country-level traffic. It does not tell us who you are.
We deliberately do not use Google Analytics. We deliberately do not use Facebook Pixel or any cross-site tracking script. The website does not set tracking cookies of its own.
5. Email subscribers
If you subscribe to the Monday Checkout digest, we hold your email and (optional) first name for as long as you remain subscribed. Every email contains a one-click unsubscribe link. Unsubscribe is processed within 24 hours; the email address is then deleted from active mailing within 30 days, with audit-only retention beyond that.
We never sell, rent, share, or transfer email lists to third parties. Ever.
6. Cookies
The website does not set first-party tracking cookies. The KiP Progressive Web App at app.scansmart.uk uses local storage (technically not a cookie) to remember your scan history, your health profile preference, your privacy opt-out state, and your anonymous device ID. Local storage stays on your phone; it is not transmitted to ScanSmart.
Cloudflare may set technical cookies for bot protection — these are essential for the site to function and are not used for tracking.
7. Your rights under UK GDPR
For any data we hold about you (i.e. data you submitted via a form, subscribed with, or shared as a KiP Story), you have:
- The right to know what we hold — email
courtneyclive84@gmail.comwith subject “Subject access request” and we’ll send what we have within 30 days - The right to correct it — same email channel
- The right to delete it — same email channel; we delete within 30 days unless legal retention applies
- The right to data portability — we’ll provide a JSON export of what we hold on request
- The right to object to processing — same email channel
- The right to complain to the regulator — the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint
8. Right to erasure on the anonymous Decision Record
The Decision Record (the corpus of scans + decisions) does not hold personal data, so the formal right to erasure under UK GDPR does not technically apply. However, as a precaution and as a courtesy, ScanSmart Ltd as data controller will bulk-delete by anonymous device ID on request. To do this, you would need to share the device ID from your KiP app (Settings → Privacy → Show my anonymous device ID) and request deletion via courtneyclive84@gmail.com. This is offered for transparency and trust, not because UK GDPR requires it.
9. Data security
Data in transit: TLS 1.3 (Cloudflare-managed). Data at rest: AES-256 (Cloudflare D1 default). Anonymous device ID generated client-side and never reversed to identity. No persistent IP retention. ICO registration in progress. Cyber Essentials in preparation. DPIA completed for the Decision Record (under v4.10 architecture, dated 29 April 2026).
10. International transfers
Data is stored in the EU (Cloudflare D1 Western Europe region). Some Cloudflare network operations cross borders for technical routing; Cloudflare operates under UK GDPR adequacy and Standard Contractual Clauses for any non-UK / non-EU data flow. No data is intentionally transferred outside the UK or EU for primary storage.
11. Children
The KiP scanner and the public website are not directed at children under 13. Where ScanSmart works with schools (per the Partner programme), the relationship is with the school, the curriculum is age-appropriate, and any data collection within school contexts follows the school’s own data-protection policies and parental consent processes.
12. Changes to this posture
If ScanSmart changes any element of this privacy posture in a way that materially affects what we collect, how we use it, or your rights over it, we will (a) update the version date at the top of this page; (b) post a notice on the home page for at least 30 days; (c) email subscribers of the Monday digest with a summary of the change. Non-material changes (typo fixes, formatting, link updates) do not trigger this notice.
13. Contact
Data Controller: ScanSmart Ltd, registered in England & Wales, Co. No. 17128797.
For any privacy or data-protection question, including subject access requests, deletion requests, complaints, or just “what do you actually do with this” questions: courtneyclive84@gmail.com with subject line beginning “Privacy:”. Realistic response time: within 5 business days for routine queries; within the statutory 30 days for formal subject access requests.