Skip to main content

Scanova | Data Security Practices

  • Updated

This guide is relevant to the customers of Scanova and outlines the data security practices that Scanova implements to prevent attacks.

At Scanova, we aim to follow the most recommended data security measures to ensure that the data of our customers is secure and prevented from unauthorised access.

Data collected by Scanova can be divided into three categories:

  1. Customer Data: This means the personal data entered by the customer to use Scanova's services—first name, email address, password, billing information, and payment information

  2. QR Code Data: This means the data entered by the Customer to generate the QR Codes—URL, map location, vcard details, PDF, image, audio, etc.

  3. End-User Data: This means the data that Scanova collects on behalf of the customer when end-users scan the QR Codes generated by the customer—lead generation data (name, email, phone, etc.), browsing activity (scan time, date, city, country, device, etc.)

Here are the security measures employed by Scanova to ensure data security:

  • Google reCAPTCHA is enabled on Sign-up page to protect Scanova from bots and scripts

  • All forms including Sign-up and Login are protected with CSRF (Cross-Site Request Forgery). This prevents attackers from using brute force attack on both these pages

  • Passwords are encrypted using PBKDF2 algorithm with a SHA256 hash (a password stretching mechanism recommended by NIST)

  • All data in transit is secured via SSL encryption (HTTPS)

  • All data is stored in our encrypted Amazon Web Service database (RDS) servers in Oregon, United States

  • All data at rest is secured via AES256 encryption

  • We use Cloudflare as a proxy, with extra layer of protection, including DDoS attacks

  • All billing and payment information is securely stored by Stripe and 2Checkout, Scanova's payment gateway service providers. Both Stripe and 2Checkout are PCI Level 1 certified - the highest level certification possible. 

  • Data is accessible to select technical staff only, who resolve customer issues when a request is raised by the customer. There are robust internal security processes and protocols (multi-factor authentication, logging, etc.) that ensure only authorized personnel can access the data

  • We've added a layer of registered email verification that ensures only real customers use our products and services, enhancing data protection of end users

  • We've added a layer of verification of URLs encoded into QR Codes using Google SafeBrowsing API to restrict the use of infected URLs, enhancing data protection of end users

If you still have questions related to data security, please reach out to us at privacy@scanova.io