Privacy Policy

Last updated: May 5, 2026

1. Introduction

Scenair ("we," "us," or "our") operates the scenair.com website and platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. Please read this policy carefully. By accessing or using Scenair, you agree to this policy.

2. Information We Collect

We collect information in the following ways:

Information You Provide

  • Account Information: When you create an account, we collect your name, email address, and password.
  • Business Information: Domain name, brand name, industry, and other business details you provide during onboarding.
  • Payment Information: Billing details processed securely through Stripe. We do not store credit card numbers on our servers.
  • Scan Data: Domains and email addresses submitted through our free scan tool.
  • Communications: Any information you provide when contacting our support team.

Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken within the platform.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Log Data: IP address, access times, referring URLs, and pages viewed.
  • Cookies: We use essential cookies for authentication and session management. See Section 7 for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Scenair platform
  • Process your AI visibility scans and generate reports
  • Create and manage your account
  • Process payments and manage subscriptions
  • Send you scan results, account and security emails (password reset, login codes), and payment notifications
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to improve our platform
  • Detect, prevent, and address technical issues or fraud
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We share data only with the subprocessors required to run the Service. The complete, current list — including each subprocessor's role and what data it receives — lives at /security and includes Convex (database/auth), Stripe (payments), Resend (email), OpenAI / Anthropic / Google AI / Perplexity (model inference), OpenRouter (model routing), Vercel (hosting), Cloudflare Turnstile (bot challenge), Sentry (error reporting), PostHog and Google Analytics 4 (analytics — both consent-gated).

We may also share information for:

  • Legal Requirements: When required by law, regulation, or legal process.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

5. Data Retention

We retain your account information for as long as your account is active or as needed to provide services. Scan results and reports are retained for the duration of your subscription. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Anonymized and aggregated data may be retained indefinitely for analytics.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS/SSL), secure authentication, and access controls. However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Cookies and Tracking

We use two categories of cookies and tracking technologies:

  • Essential (always on): Authentication and session cookies set by Convex Auth, the cookie-consent record itself, and a CSRF token. These are required for sign-in and core platform functionality and cannot be disabled.
  • Analytics (consent-gated): Google Analytics 4 and PostHog. These do not load until you click "Accept" on the cookie banner. If you decline, no analytics scripts load and no analytics cookies are set.

You can update or withdraw your consent at any time by clearing your cookies and revisiting the site. You can also block all cookies through your browser settings; doing so may break sign-in.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data.
  • Portability: Request a copy of your data in a machine-readable format.
  • Objection: Object to certain processing of your data.
  • Withdrawal of Consent: Withdraw consent where processing is based on consent.

You can exercise the access, deletion, and portability rights directly inside the app at Settings → Account → Data & Privacy (data export downloads as JSON; account deletion has a 7-day grace window before permanent erasure). For other requests, email privacy@scenair.com.

For users in the European Economic Area, UK, or Switzerland (GDPR)

We process your data on the following legal bases: contract (to provide the Service you signed up for), legitimate interests (security, fraud prevention, product analytics), and consent (cookies for analytics, marketing emails). You may withdraw consent or object to processing based on legitimate interests at any time.

Scenair is operated from the United States. When you use the Service, your data is transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards with our subprocessors. You have the right to lodge a complaint with your local data protection authority.

For California residents (CCPA / CPRA)

You have the right to know what personal information we collect, to delete it, to correct it, and to limit the use of sensitive personal information. We do not sell or share your personal information for cross-context behavioral advertising. You will not be discriminated against for exercising any of these rights. To submit a request, email privacy@scenair.com.

9. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal information.

10. Children's Privacy

Scenair is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of Scenair after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

privacy@scenair.com