Privacy Policy
Last updated: July 19, 2026
1. Introduction
LogbookScan, LLC ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Xcelify AI-powered OCR and table extraction service.
2. Data We Collect
2.1 Information You Provide
- Account Information: Email address, password (encrypted)
- Document Data: Images, PDFs, screenshots, and scanned pages you upload for table extraction, including extracted rows, columns, and cell values
- Project Settings: Column mappings, schemas, and configuration you create
- Payment Information: Processed securely through Stripe (we do not store full card details)
- Feedback and Support: Bug reports, feature requests, extraction feedback, and customer service communications
2.2 Automatically Collected Information
- Usage Data: Pages scanned, credits used, scan history, export history
- Device Information: Browser type, operating system, device model
- IP Address: For rate limiting, fraud prevention, and service optimization
- Cookies and Similar Technologies: Authentication cookies, session cookies, and analytics cookies
3. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Contractual Necessity: To provide the Xcelify service you've subscribed to (Article 6.1(b) GDPR)
- Consent: For cookies and optional analytics (Article 6.1(a) GDPR)
- Legitimate Interests: For fraud prevention, service improvement, and customer support (Article 6.1(f) GDPR)
- Legal Obligation: For tax records and payment transaction retention (Article 6.1(c) GDPR)
4. How We Use Your Data
- To provide and maintain our table extraction and OCR service
- To process your payments and manage subscriptions and credit top-ups
- To extract structured data from uploaded documents using AI/OCR technology
- To export extracted data to Excel, CSV, and integrated services (e.g., Google Sheets)
- To respond to your support requests and bug reports
- To improve our service through analytics and user feedback
- To prevent fraud, enforce rate limits, and ensure fair usage
- To send transactional emails (account notifications, scan confirmations)
5. Data Sharing and Third Parties
We share your data with the following trusted third-party processors:
- Stripe: Payment processing (PCI DSS compliant)
- Resend: Transactional email delivery
- Lovable Cloud / Supabase: Database hosting, authentication, and file storage (ISO 27001 certified)
- Google Analytics: Website analytics (only with your consent)
- Lovable AI: Image processing and OCR for table extraction
We require all third-party processors to maintain appropriate security standards and comply with GDPR. We do NOT sell your personal data to third parties.
6. Data Retention
- Account Data: Retained while your account is active, deleted within 30 days of account deletion
- Scan History & Documents: Retained per your project settings; automatically deleted after 2 years unless otherwise configured
- Payment Transactions: Retained for 7 years for tax compliance (anonymized after account deletion)
- Rate Limit Logs: Deleted after 90 days
- Analytics Data: Aggregated and anonymized after 26 months (Google Analytics standard)
7. Your Rights (GDPR / CCPA)
Depending on your location, you may have the following rights:
- Right to Access: Request a copy of all data we hold about you
- Right to Rectification: Correct inaccurate data in your account settings
- Right to Erasure: Delete your account and all associated data
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Export your data in machine-readable format (Excel/CSV)
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw cookie consent at any time
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise these rights, contact us at privacy@logbookscan.com.
8. Cookies
We use the following cookies:
- Essential Cookies: Authentication session cookies (required for service functionality)
- Preference Cookies: UI state and settings preferences (requires consent)
- Analytics Cookies: Google Analytics cookies (requires consent)
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using the service.
9. Security
We implement industry-standard security measures:
- HTTPS encryption (TLS) for all data transmission
- Encrypted password storage using bcrypt
- Row-Level Security (RLS) policies on database tables
- Regular security audits and dependency updates
- Rate limiting to prevent abuse
- Secure authentication via Supabase Auth
However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
10. International Data Transfers
Your data may be transferred to and processed in countries outside the EEA. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs) with third-party processors
- Hosting with providers that comply with EU-US Data Privacy Framework
- Ensuring all processors maintain GDPR-equivalent protection
11. Children's Privacy
Our service is not intended for individuals under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at privacy@logbookscan.com.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Updating the "Last updated" date at the top of this policy
- Sending an email notification for significant changes
- Displaying a prominent notice on our website
Continued use of the service after changes constitutes acceptance of the updated policy.
13. Contact Us
For privacy-related questions, data requests, or to exercise your rights:
- Email: privacy@logbookscan.com
- Support: support@logbookscan.com
- Data Protection Officer: Available upon request
This Privacy Policy is compliant with GDPR (EU Regulation 2016/679), CCPA, and other applicable data protection laws. For GDPR complaints, contact your local supervisory authority.