What we collect, what we don’t, and why.
Plain-language privacy posture. The legal version of this page is the same content; we just write it in English first and lawyer-language second.
30 April 2026 · v5.0
This privacy posture covers scansmart.uk (this website) and app.scansmart.uk (CheckIT (the Progressive Web App)). It will evolve as the platform evolves; the version date above changes whenever the substance changes. Material changes will be notified via the website’s home page and the email digest.
1. The two-tier data architecture
SCANSMART deliberately separates two categories of data:
(a) Non-personal data — what you scan, what you decide (Bought / Put back / Just looking), the traffic-light verdict, the product barcode, the source database, an anonymous device ID generated locally on first use. This data is analysed in aggregate to produce the I500 hit-rate evidence base, the Weekly Supermarket Checkout, and the public Knowledge Library. Per UK GDPR Recital 26 and ICO anonymisation guidance, this corpus is outside the scope of “personal data” because nothing in it can identify an individual.
(b) Intentional personal data — what you give us when you submit a form (your name, email, organisation, role, message), subscribe to the Monday email digest, share a CheckIT Story with us, or sign up to the I500 enterprise programme. This data IS personal data under UK GDPR. We hold it under the lawful basis of consent (you sent us the form) for the duration of the relationship plus a reasonable archiving period.
2. The CheckIT — what travels off your phone
When you tap a Decision Marker (Bought / Put back / Just looking) in CheckIT, SCANSMART sends:
- Your tap (the decision word)
- The product barcode
- The traffic-light reading the app showed (green / amber / red)
- The product name and brand (as recognised from the database)
- The sugar & salt readings (numerical)
- The dataset that answered the scan (Open Food Facts / I500 / community contribution)
- An anonymous device ID (a UUID generated locally, stored on your phone, regenerates if you reinstall the app)
- Your selected health profile if you set one (diabetes / hypertension / family / general)
- The app version
- Browser/device user agent string
What we do not send and never have sent:
- Your name
- Your email or any contact detail
- Your phone number
- Your location or GPS data
- Your IP address (Cloudflare sees it at the TLS edge for routing; we don’t persist it or write it to our database)
- Your postcode
- Demographic self-ID beyond the in-app health-profile tag
- Cross-device tracking identifiers
- Photographs of you, your family, or your shopping
- Free-text notes
You can switch off all data sharing in Settings → Privacy in the app at any time. Default is on. Off stops further writes immediately and persistently.
3. Forms on this website
When you submit a form on scansmart.uk (Door 2 I500 inquiry, Door 3 Partner contact, Subscribe waitlist, Stories submission, Contact), we collect what you type into the form: your name, email, organisation, role, and message. These are stored in a Cloudflare D1 database located in the EU (Western Europe region).
Submissions are sent to SCANSMART at Admin@scansmart.uk for human follow-up. We use Resend as the email-delivery provider when notification is enabled.
Cloudflare and Resend are processors under UK GDPR. Their respective privacy postures are at cloudflare.com/privacypolicy and resend.com/legal/privacy-policy.
4. Analytics
We use Cloudflare Web Analytics — a privacy-respecting, cookie-free, GDPR-compliant analytics product that does not track individual visitors and does not require a consent banner. It tells us aggregate page views, referrer sources, and country-level traffic. It does not tell us who you are.
We deliberately do not use Google Analytics. We deliberately do not use Facebook Pixel or any cross-site tracking script. The website does not set tracking cookies of its own.
5. Email subscribers
If you subscribe to the Monday Checkout digest, we hold your email and (optional) first name for as long as you remain subscribed. Every email contains a one-click unsubscribe link. Unsubscribe is processed within 24 hours; the email address is then deleted from active mailing within 30 days, with audit-only retention beyond that.
We never sell, rent, share, or transfer email lists to third parties. Ever.
6. Cookies
The website does not set first-party tracking cookies. CheckIT (the Progressive Web App at app.scansmart.uk) uses local storage (technically not a cookie) to remember your scan history, your health profile preference, your privacy opt-out state, and your anonymous device ID. Local storage stays on your phone; it is not transmitted to SCANSMART.
Cloudflare may set technical cookies for bot protection — these are essential for the site to function and are not used for tracking.
7. Translation to other languages
The Languages picker (globe icon in the top nav) opens the current page in Google Translate in a new tab so you can read it in Hindi, Bengali, Urdu, Punjabi, Yoruba, Twi, Polish, French, Spanish, or Portuguese. We deliberately do not embed the Google Translate widget on this site, so no Google JavaScript loads and no Google cookies are set on scansmart.uk before or after you click. The link is your deliberate action; once you follow it, you are on a Google domain and Google’s privacy terms apply to the translated page.
If you prefer not to involve Google, on Chrome or Edge you can right-click any page and choose “Translate to…” — that uses your browser’s built-in translation feature, which you already configured when you installed the browser.
8. Your rights under UK GDPR
For any data we hold about you (i.e. data you submitted via a form, subscribed with, or shared as a CheckIT Story), you have:
- The right to know what we hold — email
Admin@scansmart.ukwith subject “Subject access request” and we’ll send what we have within 30 days - The right to correct it — same email channel
- The right to delete it — same email channel; we delete within 30 days unless legal retention applies
- The right to data portability — we’ll provide a JSON export of what we hold on request
- The right to object to processing — same email channel
- The right to complain to the regulator — the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint
9. Right to erasure on the anonymous Decision Record
The Decision Record (the corpus of scans + decisions) does not hold personal data, so the formal right to erasure under UK GDPR does not technically apply. However, as a precaution and as a courtesy, SCANSMART Ltd as data controller will bulk-delete by anonymous device ID on request. To do this, you would need to share the device ID from CheckIT (Settings → Privacy → Show my anonymous device ID) and request deletion via Admin@scansmart.uk. This is offered for transparency and trust, not because UK GDPR requires it.
10. Data security
Data in transit: TLS 1.3 (Cloudflare-managed). Data at rest: AES-256 (Cloudflare D1 default). Anonymous device ID generated client-side and never reversed to identity. No persistent IP retention. ICO registration in progress. Cyber Essentials in preparation. DPIA completed for the Decision Record (under v4.10 architecture, dated 29 April 2026).
11. International transfers
Data is stored in the EU (Cloudflare D1 Western Europe region). Some Cloudflare network operations cross borders for technical routing; Cloudflare operates under UK GDPR adequacy and Standard Contractual Clauses for any non-UK / non-EU data flow. No data is intentionally transferred outside the UK or EU for primary storage.
12. Children
The CheckIT and the public website are not directed at children under 13. Where SCANSMART works with schools, the relationship is with the school, the curriculum is age-appropriate, and any data collection within school contexts follows the school’s own data-protection policies and parental consent processes.
13. Changes to this posture
If SCANSMART changes any element of this privacy posture in a way that materially affects what we collect, how we use it, or your rights over it, we will (a) update the version date at the top of this page; (b) post a notice on the home page for at least 30 days; (c) email subscribers of the Monday digest with a summary of the change. Non-material changes (typo fixes, formatting, link updates) do not trigger this notice.
14. Contact
Data Controller: SCANSMART Ltd, registered in England & Wales, Co. No. 17128797.
For any privacy or data-protection question, including subject access requests, deletion requests, complaints, or just “what do you actually do with this” questions: Admin@scansmart.uk with subject line beginning “Privacy:”. Realistic response time: within 5 business days for routine queries; within the statutory 30 days for formal subject access requests.