ملاحظة سريعة: تفعيل الإعلانات يساعدنا على تغطية التكاليف والاستمرار بنشر المحتوى مجانًا. هل ترغب بتفعيلها الآن؟

Privacy Policy

Privacy Policy — Shadow Scans

Effective Date: November 1, 2025

1) Introduction & Scope

This Privacy Policy describes how Shadow Scans (“Shadow Scans,” “we,” “us,” or “our”) collects, uses, stores, discloses, and safeguards information in connection with our websites, reading experiences, APIs, community spaces (including Discord and social channels we operate), and any related tools or services (collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read and understood this Policy. If you do not agree, do not access or use the Services.

This Policy applies regardless of device type (desktop, laptop, tablet, phone), operating system, or connection method (web browser, embedded webview, or application wrapper). It is intended to be globally applicable and is designed with major data protection frameworks in mind (e.g., GDPR, CCPA) while remaining readable and practical.

2) Key Definitions

  • “Personal Data” / “Personal Information”: Information that identifies, relates to, describes, could be associated with, or could reasonably be linked to a particular individual.
  • “Processing”: Any operation performed on data (collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, combination, restriction, erasure, or destruction).
  • “Cookies & Similar Technologies”: Technologies such as cookies, local storage, pixels, web beacons, SDKs, and tags that store or retrieve information from your device.
  • “Service Providers / Subprocessors”: Third parties that process data on our behalf to operate, secure, or enhance the Services.
  • “Aggregated / De-identified Data”: Data that has been transformed so it cannot reasonably be linked to an individual.

3) Information We Collect

3.1 Information You Provide Directly

  • Account or profile details (e.g., username, display name, password hashes, email address).
  • Communications you send to us (support requests, feedback, partnership inquiries).
  • User-generated content (e.g., comments, reviews, lists, ratings, posts).
  • Participation records in community or contributor programs (applications, role requests).
  • Purchase or subscription details you provide to payment processors (we receive limited non-sensitive metadata such as transaction status, timestamps, currency, and amounts).

3.2 Information Collected Automatically

  • Device identifiers and technical signals (IP address, user agent string, OS, browser type and version, preferred language, screen resolution).
  • Usage data (pages visited, reading progress, time on page, navigation paths, referral URLs, clickstream).
  • Session and diagnostic logs (error codes, load times, performance metrics, request/response codes).
  • Approximate geolocation derived from IP (country/region level).
  • Cookie/local storage identifiers, analytics events, and A/B test variant identifiers.

3.3 Information From Third Parties

  • If you connect third-party accounts (e.g., Discord), we may receive limited profile data needed to enable features (e.g., handle, internal user ID, avatar).
  • Anti-abuse and fraud signals from security vendors.
  • Payment confirmations and non-sensitive metadata from payment processors.
  • Publicly available information from social posts or platforms you make public and link to the Services.

4) Purposes of Processing

We process information to:

  1. Operate, maintain, and deliver the Services (authentication, content delivery, library and reading features).
  2. Personalize and enhance your experience (language, theme, layout, saved items, recommendations).
  3. Provide support and communicate with you (service notices, transactional messages, incident updates).
  4. Ensure security and integrity (detect spam, abuse, and fraud; protect accounts; mitigate DDoS).
  5. Measure, analyze, and improve performance (telemetry, A/B testing, feature diagnostics).
  6. Moderate content and communities (review reports, apply rules, maintain safe spaces).
  7. Comply with legal and operational requirements (taxes, accounting, recordkeeping, enforcing terms).
  8. Enable business continuity (backups, disaster recovery, incident response).
  9. Conduct research and development using aggregated or de-identified data to improve Services.

We may generate aggregated or de-identified insights for statistical reporting or product development. Such outputs do not identify individuals.

5) Legal Bases (General Statement)

Where a legal basis is required, we rely on one or more of the following: (a) performance of a contract (providing the Services you request), (b) legitimate interests (e.g., securing and improving the Services), (c) compliance with legal obligations, and (d) consent where we present an explicit choice (e.g., certain optional cookies or communications).

6) Cookies & Similar Technologies

We use cookies, local storage, and comparable technologies to:

  • Keep you logged in and maintain session continuity.
  • Store preferences (e.g., language, reading view).
  • Measure usage and diagnose issues (analytics events, latency).
  • Improve reliability (CDN, caching, rate limiting).
  • Support optional attribution and anti-fraud measures where applicable.

You can control cookies via your browser settings. Disabling certain categories may degrade functionality (e.g., logins, library persistence, reading progress).

Illustrative categories:

  • Strictly Necessary: Authentication tokens, CSRF protection, load balancing.
  • Functional: Language, theme, reading layout, saved UI states.
  • Performance/Analytics: Page views, scroll depth, error rates, A/B allocation.
  • Optional Measurement: Campaign/referral attribution where permitted.

7) Community & User-Generated Content

Content you post (comments, reviews, suggestions) may be publicly visible along with your display name, avatar, timestamps, and other metadata exposed by the platform. Do not share personal information you do not wish to make public. Moderators may review reports and take action consistent with community guidelines. We may retain moderation records (report IDs, actions taken) to maintain platform integrity.

8) Links, Embeds, and Third-Party Components

The Services may include links to or embedded features from third-party platforms. Their practices are governed by their own policies. Review those privacy notices before interacting with third-party components.

9) Payments & Subscriptions

Payments are handled by third-party processors. Shadow Scans does not store full card numbers. We may receive non-sensitive transaction metadata (e.g., amount, currency, timestamp, masked card type, last 4 digits) for reconciliation, support, and fraud prevention. We may share relevant details with the processor and, where applicable, financial institutions during disputes, chargebacks, or refunds.

10) Security Program

  • Transport encryption (HTTPS/TLS).
  • Network and application hardening, firewalls, and abuse mitigation.
  • Role-based access controls and least-privilege principles.
  • Logging, monitoring, and integrity checks.
  • Backups and disaster-recovery procedures.

No method of transmission or storage is completely secure; we continuously assess and improve controls but cannot guarantee absolute security.

11) Data Retention & Deletion

We retain information only as long as necessary for the purposes described in this Policy, for the period an account remains active, or as required by law. Retention varies by data type and context. Examples:

  • Account basics: While the account is active; limited artifacts may persist in rolling backups until overwritten.
  • Operational logs: Retained under rotating windows to support security, debugging, and performance analysis.
  • Transaction records: Retained to satisfy financial, audit, and tax obligations.
  • Moderation records: Retained where necessary to protect platform integrity and enforce rules.

When information is no longer required, we delete or de-identify it according to technical constraints and backup cycles. Deletions from live systems may not immediately remove data from all backups until standard rotation completes.

12) International Data Transfers

We may process or store information on servers located in various jurisdictions. Protections may differ from those in your home region. Where required, we implement appropriate safeguards for cross-border transfers (e.g., standardized contractual clauses with service providers, inter-entity agreements, or other mechanisms permitted by law).

13) Service Providers & Subprocessors

We engage third parties to help operate and improve the Services (hosting, CDN, analytics, security, email delivery, payment processing, customer support tooling, and similar functions). These providers are granted access to information only as needed to perform their tasks and are bound by confidentiality and data-protection commitments consistent with this Policy and applicable law.

14) Anti-Abuse, Fraud Prevention, and Safety

  • Rate-limiting, automated challenge systems (e.g., CAPTCHAs).
  • IP reputation checks, anomaly detection, and abuse heuristics.
  • Device or session fingerprinting signals (where permitted).
  • Automated and human review workflows.

Access may be suspended or restricted when abuse indicators are detected. We may share relevant information with security vendors, hosting providers, payment processors, or law-enforcement authorities when appropriate and legally justified.

15) Platform Integrations (e.g., Discord)

If you connect or participate in official Shadow Scans community spaces (e.g., Discord), we may receive limited information from those platforms (e.g., handle, internal user ID, roles). We use this to verify eligibility for features, manage roles, and enforce rules. Your activity on those platforms is governed by their own terms and privacy notices.

16) Children’s Privacy

The Services are not intended for individuals under 13 years of age (or the minimum age of digital consent in your jurisdiction, if higher). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected such information, we will take steps to delete it promptly.

17) Do-Not-Track (DNT), Global Privacy Control (GPC), and Similar Signals

Browsers or extensions may send signals such as DNT or GPC. The ecosystem continues to evolve. We assess and, where feasible and appropriate, honor recognized signals in contexts where we rely on optional measurement or sharing flows controlled by consent tools.

18) Automated Logic, Personalization, and Experiments

We may use algorithmic logic and A/B tests to tailor aspects of the experience (e.g., recommended lists, reading order hints, anti-spam triggers). Such processing is intended to enhance usability and safety. We do not make decisions with legal or similarly significant effects solely by automated means without appropriate safeguards.

19) Communications

  • Transactional messages (password resets, purchase confirmations, essential service notices).
  • Operational messages (maintenance windows, feature deprecations).
  • Optional updates (newsletters, feature highlights) where permitted or with your consent. You can unsubscribe from optional communications via provided links or settings. Essential service notices may still be sent.

20) Backups, Business Continuity, and Disaster Recovery

We maintain periodic backups and continuity plans to ensure resilience. Backups are encrypted at rest where applicable and retained for limited windows. During incidents, we follow defined response procedures (detection, containment, remediation, post-incident review).

21) Law-Enforcement and Legal Requests

We may preserve or disclose information when reasonably necessary to comply with the law, respond to lawful requests (e.g., subpoenas, court orders), enforce our terms, protect our rights, defend against legal claims, or protect users and the public from harm. Where legally permitted, we seek to minimize disclosure and require appropriate process.

22) Product Changes and Policy Updates

We may update this Policy to reflect changes in legal requirements, technologies, or our practices. When updates are material, we will post the revised Policy and adjust the Effective Date above. In some cases, we may provide additional notice (e.g., banner or email) prior to changes taking effect. Your continued use of the Services after an update constitutes acceptance of the revised Policy.

23) Regional and Local Considerations

We design our controls to be adaptable across jurisdictions. Consent tools may be presented where required (e.g., for certain cookies). Local rules may provide additional obligations on us or additional choices for you. Where applicable, we make reasonable efforts to support those obligations and choices within the architecture of the Services.

24) Operational Transparency Addendum (Illustrative)

To provide more clarity, the following describes typical data flows and safeguards:

  • Analytics Flow: Client-side events (e.g., page view, click) are sent to analytics endpoints with pseudonymous identifiers. IPs may be truncated or masked where supported. Aggregated reporting is used to guide product decisions.
  • Telemetry & Logs: Server logs capture request metadata (IP, user agent, response code, timestamps) for security and troubleshooting. Access to logs is restricted to authorized personnel and rotated per retention schedules.
  • Content Delivery: Images and pages may be cached by CDNs. CDNs process IP addresses and request metadata to route traffic, optimize performance, and mitigate attacks.
  • Security Tooling: Abuse detection and WAF rules may examine request patterns while minimizing exposure of personal data.
  • Backups: Snapshot or incremental backups are stored in restricted storage locations and adhere to retention windows for disaster recovery.
  • De-identification: Where feasible, we de-identify or aggregate data for research and service-improvement to reduce privacy risk.

25) Practical Guidance for Users

  • Avoid posting personal information in public comments or community areas.
  • Use strong, unique passwords and keep them confidential; enable any available protective features (e.g., 2FA on linked platforms).
  • Review third-party platform settings (e.g., Discord) if you connect accounts or interact via those platforms.
  • Manage cookies and local storage via browser settings; clearing storage on shared devices can reduce unintended persistence.

26) Contact

Questions about this Policy or our data practices can be sent to: [email protected]