Privacy Policy

RemitScan ("we", "us", "our") operates the RemitScan platform at remitscan.eu — a pan-European generation outage surveillance service. We are the data controller for personal data processed in connection with this service.

Contact: privacy@remitscan.eu

We collect the minimum data necessary to operate the service:

• Account data: email address and display name when you create an account via Firebase Authentication.
• Usage logs: IP address, browser type, pages visited, timestamps — retained for 90 days for security and debugging.
• Authentication tokens: short-lived Firebase ID tokens stored in browser memory (not persisted to localStorage or cookies).
• Access requests: name, organisation, and stated purpose submitted through the market-participant registration form.
• Error telemetry: anonymised stack traces sent to Sentry when JavaScript errors occur. No personal data is included in error reports.

We do not sell personal data, use third-party advertising trackers, or process special-category data.

• Contract performance: to create and manage your account and deliver the service you requested.
• Legitimate interest: security monitoring, abuse prevention, and improving service reliability.
• Consent: where you have opted in to non-essential features. You may withdraw consent at any time.
• Legal obligation: to comply with applicable law, including GDPR and EU financial regulation.

• Account data: for the lifetime of your account, then deleted within 30 days of a verified deletion request.
• Usage logs: 90 days, then automatically purged.
• Access request records: 2 years for regulatory compliance.
• Error telemetry: 30 days in Sentry.

We share data only with the sub-processors listed below, all operating under appropriate data-processing agreements:

• Google Firebase — authentication (EU data residency).
• Google Cloud Platform — compute, storage, and database (europe-west1, Belgium).
• Vercel — frontend hosting (US; SCCs applied under GDPR Art. 46).
• Sentry — error monitoring (anonymised reports only).

We do not transfer personal data to any other third parties without your explicit consent.

If you are located in the EEA or UK, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure (“right to be forgotten”): ask us to delete your personal data.
• Portability: receive your data in a structured, machine-readable format.
• Restriction: ask us to pause processing while a dispute is resolved.
• Objection: object to processing based on legitimate interests.
• Complaint: lodge a complaint with your national supervisory authority (e.g. CNIL in France, BfDI in Germany, ICO in the UK).

To exercise any right, email privacy@remitscan.eu. We will respond within 30 days.

RemitScan does not use non-essential cookies or advertising trackers. We use browser session storage solely to maintain your authentication state. No consent banner is required for this purpose under ePrivacy rules for strictly necessary cookies.

Personal data is encrypted in transit (TLS 1.3) and at rest. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication. We conduct periodic security reviews and apply patches promptly.

We may update this policy to reflect changes in law or our practices. We will notify registered users by email of material changes at least 14 days before they take effect. The "Last updated" date at the top always reflects the current version.