PRIVACY POLICY

Effective Date: 11/11/2025 Last Updated: 11/11/2025 Version: 1.0

1. INTRODUCTION AND SCOPE

We acknowledge and respect that the personal information you entrust to our Platform represents sensitive and confidential data deserving of the highest level of protection and responsible stewardship. The protection and lawful processing of personal data constitutes a fundamental obligation and core operational principle of our Platform, and we maintain unwavering commitment to implementing comprehensive data protection measures that exceed minimum regulatory requirements. This Privacy Policy establishes the legal framework governing our collection, processing, storage, transfer, disclosure, and retention of personal information in connection with your access to and use of our digital platform and associated services, and constitutes a binding legal agreement between you and our Platform.

We operate under strict compliance with applicable international, national, and regional data protection legislation, including but not limited to the General Data Protection Regulation (GDPR) and its national implementations within the European Economic Area (EEA), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents, the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian users, the Privacy Act for Australian residents, and all other relevant data protection statutes, regulations, and regulatory guidance in jurisdictions where we operate or where our users are located. Our data processing activities are conducted in accordance with internationally recognized privacy principles, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability, ensuring that your personal information is processed lawfully, securely, and in accordance with your rights and our legal obligations.

This Privacy Policy ("Policy") governs the collection, processing, storage, transfer, and disposal of personal data by Scanprops ("Scanprops", “Platform”,"we," "us," "our") in connection with the operation of scanprops.com (the "Platform"). This Policy applies to all users, visitors, and any individual whose personal data is processed through our Platform, regardless of geographic location or method of access.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to the processing of your personal data as described herein. If you do not agree with any aspect of this Policy, you must immediately discontinue use of the Platform and refrain from providing any personal information.

This Policy is incorporated by reference into our Terms & Conditions and constitutes an integral part of your contractual relationship with the Company. Any terms not defined herein shall have the meanings ascribed to them in our Terms & Conditions.

2. LEGAL BASIS FOR DATA PROCESSING

We process personal data based on multiple legal grounds depending on the nature of the processing activity and your relationship with the Platform:

Contractual Necessity: Processing is necessary for the performance of our Terms & Conditions, including account creation, service provision, payment processing, customer support, determining whether the real user has entered the platform and fulfillment of our contractual obligations to users.

Legitimate Interests: We process data to pursue our legitimate business interests, including fraud prevention, security enhancement, platform optimization, business analytics, marketing communications to existing customers, and protection of our intellectual property rights, provided such interests are not overridden by your fundamental rights and freedoms.

Legal Compliance: Processing is required to comply with applicable laws, regulations, court orders, regulatory investigations, tax obligations, anti-money laundering requirements, sanctions compliance, and other legal obligations in jurisdictions where we operate.

Consent: Where required by law, we obtain your explicit consent for specific processing activities, including marketing communications, cookies usage, data transfers to third countries, and other discretionary processing activities.

Vital Interests: In exceptional circumstances, we may process data to protect your vital interests or those of another person, particularly in emergency situations or to prevent serious harm.

3. CATEGORIES OF PERSONAL DATA COLLECTED

We collect and process various categories of personal data necessary for Platform operation and service provision:

Identity and Contact Information: Full name, username, email address, postal address, telephone number, date of birth, nationality, government-issued identification numbers, and profile photographs. This information is essential for account creation, identity verification, and communication purposes.

Financial and Transaction Data: Banking details, credit card information, payment processor data, transaction histories, trading account information, profit and loss statements, tax identification numbers, and anti-money laundering verification documents. This data enables payment processing, regulatory compliance, and financial service provision.

Technical and Usage Data: IP addresses, device identifiers, browser information, operating system details, session logs, clickstream data, page views, feature usage statistics, error reports, and performance metrics. This information supports platform functionality, security monitoring, and service improvement. Also platform performance analysis, user experience optimization, feature development.

Communication Records: Customer support correspondence, forum posts, reviews, ratings, comments, feedback submissions, survey responses, and any other communications with our Platform or staff. These records facilitate customer service and platform community management.

Behavioral and Preference Data: Platform navigation patterns, content preferences, search histories, interaction data, marketing preferences, notification settings, and other behavioral indicators that help us personalize your experience and improve our services.

4. DATA COLLECTION METHODS

Personal data is collected through multiple channels and methods during your interaction with our Platform:

Direct Collection: Information you voluntarily provide during account registration, profile updates, customer support interactions, survey participation, contest entries, newsletter subscriptions, and other direct communications with our Platform.

Automated Collection: Data automatically gathered through cookies, web beacons, pixel tags, software development kits (SDKs), application programming interfaces (APIs), and other tracking technologies that monitor your Platform usage and device information.

Third-Party Sources: Information obtained from prop firms you review, payment processors, identity verification services, fraud prevention agencies, marketing partners, data brokers, public databases, and social media platforms when you connect your accounts.

Derived and Inferred Data: Information we generate through analysis of your Platform usage, including preference profiles, risk assessments, creditworthiness evaluations, and other analytical insights derived from your behavioral patterns.

5. DATA PROCESSING PURPOSES

We process your personal data for specific, explicit, and legitimate purposes related to Platform operation and business activities:

Core Platform Services: Account management, user authentication, service personalization, customer support provision, payment processing, transaction facilitation, dispute resolution, and fulfillment of contractual obligations under our Terms & Conditions.

Security and Fraud Prevention: Identity verification, determining whether the real user has entered the platform, account security monitoring, fraud detection and prevention, abuse prevention, risk assessment, compliance with anti-money laundering regulations, sanctions screening, and protection of Platform integrity.

Analytics and Improvement: Platform performance analysis, user experience optimization, feature development, A/B testing, market research, trend analysis, and strategic business planning to enhance service quality and user satisfaction.

Communication and Marketing: Service-related notifications, account updates, promotional communications, newsletter distribution, survey invitations, contest announcements, and other marketing activities to existing and prospective customers.

Legal and Regulatory Compliance: Compliance with applicable laws, regulatory reporting, tax obligations, court order fulfillment, regulatory investigation cooperation, audit requirements, and other legal obligations in relevant jurisdictions.

6. DATA SHARING AND DISCLOSURE

We may share your personal data with third parties under specific circumstances and subject to appropriate safeguards:

Prop Firm Partners: When you interact with prop firms through our Platform, we may share relevant information to facilitate your evaluation, application, or funding processes, subject to the specific privacy policies of those firms and your explicit consent.

Service Providers: We engage reputable third-party vendors for payment processing, cloud hosting, data analytics, customer support, marketing services, fraud prevention, and other business functions. These providers are contractually bound to protect your data and use it solely for specified purposes.

Legal Authorities: We disclose data when required by law, court order, regulatory investigation, tax authority request, law enforcement inquiry, national security demand, or to protect our legal rights, property, or safety, or that of our users or the public.

Business Transactions: In the event of merger, acquisition, asset sale, bankruptcy, or other business rePlatform, your personal data may be transferred to the acquiring entity, subject to appropriate data protection commitments and user notification.

Professional Advisors: We may share data with lawyers, accountants, auditors, consultants, and other professional advisors who require access to provide services to our Company, subject to appropriate confidentiality obligations.

7. INTERNATIONAL DATA TRANSFERS

Given our global operations, your personal data may be transferred to, processed in, and stored in countries other than your country of residence, including jurisdictions that may not provide the same level of data protection as your home country.

Transfer Mechanisms: We implement appropriate safeguards for international transfers, including Standard Contractual Clauses approved by relevant data protection authorities, adequacy decisions, binding corporate rules, and other legally recognized transfer mechanisms.

Security Measures: All international transfers are protected by technical and organizational measures, including encryption, access controls, data minimization, and contractual obligations to ensure data security and compliance with applicable privacy laws.

Third Country Processing: We may utilize service providers and partners located in various countries, including the United States, European Union member states, and other jurisdictions, always ensuring appropriate data protection standards are maintained.

8. DATA RETENTION AND DELETION

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and as required by applicable law:

Active Account Data: Personal data associated with active accounts is retained for the duration of your relationship with our Platform and for a reasonable period thereafter to address potential issues, disputes, or legal obligations.

Inactive Account Data: Data from inactive accounts may be retained for up to twenty-four (24) months before deletion, unless extended retention is required for legal, regulatory, or legitimate business purposes.

Legal Retention Requirements: Certain data types are subject to mandatory retention periods under applicable laws, including financial records (typically 7 years), tax documentation, anti-money laundering records, and other regulatory requirements.

Deletion Procedures: Upon expiration of applicable retention periods, personal data is securely deleted or anonymized using industry-standard methods to ensure complete removal from our systems, backups, and archives.

9. DATA SUBJECT RIGHTS

Depending on your jurisdiction, you may have various rights regarding your personal data:

Access and Portability: You have the right to request access to your personal data, obtain copies of the information we hold about you, and receive your data in a structured, commonly used, and machine-readable format for transfer to another controller.

Rectification and Correction: You may request correction of inaccurate or incomplete personal data, and we will promptly update our records upon verification of the correct information.

Erasure and Deletion: Under certain circumstances, you may request deletion of your personal data, including when the data is no longer necessary for the original purposes, you withdraw consent, or the processing is unlawful.

Restriction and Objection: You may request restriction of processing or object to certain types of data processing, particularly for direct marketing purposes or processing based on legitimate interests.

Withdrawal of Consent: Where processing is based on consent, you may withdraw such consent at any time, though this will not affect the lawfulness of processing conducted prior to withdrawal.

To exercise these rights, please contact us using the information provided in Section 14. We will respond to valid requests within the timeframes required by applicable law, typically within one month, and may request additional information to verify your identity.

10. SECURITY MEASURES AND DATA PROTECTION

We implement comprehensive technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards: Advanced encryption protocols for data in transit and at rest, secure socket layer (SSL) technology, multi-factor authentication, regular security testing, vulnerability assessments, intrusion detection systems, and secure data center facilities with physical access controls.

Organizational Measures: Employee data protection training, access control policies, confidentiality agreements, regular security audits, incident response procedures, data breach notification protocols, and appointment of a Data Protection Officer where required by law.

Third-Party Security: All service providers and business partners are required to maintain equivalent security standards through contractual obligations, security certifications, regular assessments, and compliance with industry best practices.

Incident Response: In the event of a data breach, we maintain comprehensive incident response procedures, including immediate containment, impact assessment, regulatory notification within required timeframes, and affected individual notification when legally required.

11. COOKIES AND TRACKING TECHNOLOGIES

Our Platform utilizes various tracking technologies to enhance functionality and user experience:

Essential Cookies: Strictly necessary cookies that enable core Platform functionality, including session management, security features, and basic navigation. These cookies cannot be disabled without affecting Platform operation.

Performance and Analytics Cookies: Cookies that collect information about Platform usage, performance metrics, error reporting, and user behavior to help us improve our services and understand user preferences.

Functional Cookies: Cookies that remember your preferences, settings, and choices to provide personalized experiences and enhanced functionality during your Platform visits.

Marketing and Advertising Cookies: Cookies used to deliver relevant advertisements, measure campaign effectiveness, and understand your interests for targeted marketing purposes, subject to your consent where required by law.

You may manage cookie preferences through your browser settings or our cookie management tool, though disabling certain cookies may affect Platform functionality and user experience.

12. THIRD-PARTY LINKS AND SERVICES

Our Platform may contain links to third-party websites, services, or applications that are not controlled or operated by us:

External Links: We are not responsible for the privacy practices or content of external websites and services. We recommend reviewing the privacy policies of any third-party sites you visit through our Platform.

Integrated Services: Some Platform features may integrate with third-party services, such as payment processors or social media platforms. Your interactions with these services are governed by their respective privacy policies.

Prop Firm Services: When you engage with prop firms through our Platform, your relationship with those firms is separate from your relationship with us, and their data processing activities are governed by their own privacy policies.

13. CHILDREN'S PRIVACY PROTECTION

Our Platform is not intended for individuals under the age of eighteen (18) years, and we do not knowingly collect personal data from minors:

Age Verification: We implement age verification measures during account registration and require users to confirm they meet minimum age requirements in their jurisdiction.

Parental Notification: If we become aware that we have collected personal data from a minor without appropriate parental consent, we will take immediate steps to delete such information and terminate the associated account.

Compliance Obligations: We comply with applicable children's privacy laws, including the Children's Online Privacy Protection Act (COPPA) in the United States and similar regulations in other jurisdictions.

14. CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us through the following channels:

Privacy matters: [email protected]

General support: [email protected]

Business Hours (Estonia Time Zone)

Monday – Friday: 10:00 – 18:00 (EET / UTC+2, Tallinn Time)

Saturday: Closed

Sunday: Closed

Public holidays may affect our business hours.

Regulatory Complaints: You have the right to lodge complaints with relevant data protection authorities in your jurisdiction if you believe our processing of your personal data violates applicable law.

15. POLICY UPDATES AND AMENDMENTS

We reserve the right to modify this Privacy Policy to reflect changes in our practices, applicable law, or business requirements:

Notification Procedures: Material changes will be communicated through prominent Platform notices, email notifications to registered users, and updates to the "Last Updated" date at the top of this Policy.

Continued Use: Your continued use of the Platform following notification of changes constitutes acceptance of the updated Privacy Policy, unless you opt-out or terminate your account within the specified notice period.

Version Control: We maintain records of previous Policy versions and will provide access to historical versions upon reasonable request for transparency and compliance purposes.

16. GOVERNING LAW AND JURISDICTION

This Privacy Policy is governed by and construed in accordance with the laws of Estonia, without regard to conflict of law principles. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts located in Talinn, Estonia, provided that this does not limit our right to seek injunctive relief in any competent jurisdiction.

By using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any provision of this Policy, you must discontinue use of our Platform immediately.

This Privacy Policy does not create any third-party beneficiary rights and does not constitute legal advice. Users should consult with qualified legal counsel regarding their specific privacy rights and obligations in their jurisdiction.