1. Information We Collect

Scan 2 Flow is designed with privacy as a core principle. We collect minimal information necessary for the application to function:

• Local Storage: Your workflow configurations, settings, scan history, and preferences are stored locally in your browser's local storage. This data never leaves your device and is not transmitted to any external servers.
• Camera Access: We request camera access solely for scanning barcodes and QR codes. All camera data is processed locally in your browser using Web APIs. Camera feeds are never recorded, stored, or transmitted to external servers.
• No Account Required: Scan 2 Flow does not require user registration, account creation, or login. We do not collect personal identification information such as names, email addresses, or phone numbers.
• API Usage: If you use the decode API (e.g. /api/parse-code), image data (base64 or URLs) is processed server-side for barcode detection. All image data is immediately discarded from memory and disk after processing. We do not store images or full scan results; minimal operational logs (e.g. success/failure, format) may be recorded and are not retained long-term.

2. How We Use Information

All data processing occurs locally on your device or is processed temporarily for API requests:

• Local Processing: Barcode/QR code scanning is performed entirely in your browser using client-side libraries. No scan data is sent to external servers.
• Workflow Execution: Workflow actions (URL opening, API calls, clipboard operations) are executed from your device. We do not intercept or log these actions.
• Settings Storage: Your preferences and settings are stored in your browser's local storage and remain on your device.
• API Processing: When using the decode API, images are processed server-side and immediately discarded; we do not store them. Workflow API calls that use our proxy (for CORS or auth) are forwarded with your chosen credentials; we do not store request or response bodies.

3. Data Sharing and Disclosure

Scan 2 Flow does not share, sell, or disclose your data to third parties, except as described below. We do not:

• Collect or store personal information (beyond optional analytics if you consent)
• Use tracking cookies or analytics that identify users without your consent
• Share data with advertisers or marketing companies without your consent
• Transmit scan data to external servers (the API endpoint processes images on the same server and immediately discards them after processing)

Note: When you create workflows that interact with third-party services (URLs, APIs), those interactions are between your device and the third-party service. We do not intercept or log these interactions.

4. Third-Party Services

When you configure workflows to open URLs or make API calls, those requests are sent either directly from your device or via our workflow proxy (when auth or CORS requires it). We do not store workflow request or response content. We are not responsible for the privacy practices of external websites or APIs that you choose to interact with through workflows.

We may display logos of integration platforms (e.g., Make.com, n8n, Zapier) on the site for identification only. This does not imply endorsement or affiliation. Their privacy practices are governed by their own policies.

5. Data Storage

All your data (workflows, settings, scan history) is stored locally in your browser using localStorage. This means:

• Your data remains on your device
• Clearing your browser data will remove all Scan 2 Flow data
• Data is not synchronized across devices unless you manually export/import it

6. Cookies and Tracking

We use a hybrid approach to analytics that respects your privacy while helping us improve the service:

Essential (Always Active): Our hosting infrastructure (Cloudflare) is required by default. Cloudflare uses cookies for security, DDoS protection, and performance: __cflb, __cf_bm, and cf_clearance for bot management and load balancing. These cannot be disabled. The i18n_redirected cookie stores your language preference.

Cloudflare Web Analytics: We use Cloudflare Web Analytics (beacon) for privacy-preserving, cookieless traffic insights. It is essential and always active; it does not use cookies or collect personal data. This helps us understand usage and improve the service.

Cookieless Analytics (No Consent Required): We track basic pageviews using Google Analytics 4 in cookieless mode. This collects anonymous, aggregated data without storing cookies or identifying individual users. IP addresses are anonymized and no personal data is collected.

Optional Cookies (Your Choice): You can enable or decline separately: (1) Google Analytics with cookies (Google Tag Manager) for detailed analytics, and (2) Marketing (e.g. Meta/Facebook Pixel) for remarketing and ads. Both require your consent and can be toggled in Settings > Cookie Management.

You control your preferences via the cookie banner or Settings > Cookie Management. Essential (Cloudflare security and Web Analytics) is always active. You can enable or disable Google Analytics cookies and Marketing cookies independently at any time.

7. Children's Privacy

Scan 2 Flow does not knowingly collect any information from children under the age of 13. Since we don't collect any personal information, this is not applicable, but we want to make our position clear.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us through the appropriate channels.