Privacy Policy

RailScanPro, operated by Winsit LLC ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our model railroad inventory management platform and related services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our Service.

2.1 Personal Information

We collect personal information you provide directly to us, including:

• Account information (name, email address, password)
• Profile information (railroad name, location, preferences)
• Billing information (payment methods, billing address)
• Communication data (support messages, feedback)
• User-generated content (inventory data, photos, descriptions)

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Log data (access times, error messages, referral URLs)
• Location data (approximate location based on IP address)

2.3 AI Analysis Data

Our AI vision service analyzes uploaded photos to extract inventory information. We process image data and metadata to provide automated cataloging features.

We use collected information for the following purposes:

• Service Provision: Provide, maintain, and improve our inventory management platform
• Account Management: Create and manage your account, process subscriptions
• AI Features: Analyze photos to provide automated inventory cataloging
• Communication: Send service updates, support responses, and marketing communications
• Security: Detect and prevent fraud, abuse, and security incidents
• Analytics: Understand usage patterns and improve our services
• Legal Compliance: Comply with applicable laws and regulations
• Business Operations: Process payments, provide customer support

We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers:

• Microsoft Azure: Cloud hosting and database services
• Google Cloud: AI vision analysis and image processing
• Stripe: Payment processing and subscription management
• Authentication Providers: User identity verification

4.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal process or government requests
• Protect our rights, property, or safety
• Investigate potential violations of our Terms of Service
• Prevent fraud or security incidents

4.3 Business Transfers

In connection with any merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to this Privacy Policy.

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit and at rest using AES-256
• Access Controls: Role-based access with multi-factor authentication
• Infrastructure: Secure cloud hosting with regular security updates
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Compliance: SOC 2 Type II and ISO 27001 certified service providers

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any material breaches as required by law.

We retain your information for the following periods:

• Account Data: Until account deletion or 3 years of inactivity
• Inventory Data: Until user deletion or account termination
• Payment Data: 7 years for tax and accounting purposes
• Usage Logs: 2 years for security and analytics purposes
• Support Communications: 3 years for quality assurance

After the retention period, we securely delete or anonymize your information. Some data may be retained longer if required by law or legitimate business interests.

Depending on your location, you may have the following rights:

7.1 GDPR Rights (EU/UK Residents)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured format
• Restriction: Limit processing of your data
• Objection: Object to processing for legitimate interests
• Withdraw Consent: Withdraw consent for data processing

7.2 CCPA Rights (California Residents)

• Know: Request disclosure of data collection and sharing practices
• Delete: Request deletion of personal information
• Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• Non-Discrimination: Equal service regardless of privacy choices

To exercise your rights, please contact us at legal@railscanpro.com or use our Data Deletion Request form.

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie usage, please see our Cookie Policy.

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) with service providers
• Data processing agreements with enhanced privacy protections
• Regular audits of international data handling practices

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information immediately.

If you believe we have collected information from a child under 13, please contact us at legal@railscanpro.com.

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices in our application

Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU/UK residents, you also have the right to lodge a complaint with your local data protection authority.