Privacy Policy
This Privacy Policy describes how Opportunity Scanner ("we", "us", or "our") collects, uses, and shares information about you when you use our web application at this domain (the "Service").
§1 Information We Collect
We collect information you provide directly, including:
- Account information (email address, invite code) when you sign in or register.
- Scan inputs (topics, role descriptions) that you enter into the scanner.
- Contact information (name, email, message) submitted through "Get It Built" or feedback forms.
- API keys you supply in BYOK mode — these are stored only in your browser's localStorage and are never transmitted to our servers.
We also collect information automatically, including:
- Session data stored in a server-side session cookie.
- Browser localStorage values used to save your scan history, preferences, and theme selection.
- Standard server request logs (IP address, user-agent, timestamp) for security and debugging purposes.
§2 How We Use Your Information
- To provide, operate, and improve the Service.
- To respond to requests submitted through "Get It Built" and feedback forms.
- To enforce usage limits, detect abuse, and maintain security.
- To send transactional communications (e.g., replies to your inquiries).
We do not sell your personal information. We do not use your scan inputs to train AI models.
§3 AI Processing
Scan inputs (topic, role) are sent to third-party AI providers (Google Gemini, OpenAI, Anthropic, or Kimi, depending on the mode you select) to generate results. These providers process your inputs under their own terms and privacy policies. In hosted mode, requests go through our server using our API credentials. In BYOK mode, your API key is sent directly from your browser to the provider's API.
§4 Cookies and Local Storage
We use a session cookie to maintain your login session. We use browser localStorage to save your scan history, preferences (theme, sort mode, billing mode), and BYOK API keys (BYOK mode only). No advertising or cross-site tracking cookies are used.
§5 Data Retention
Scan data and account information are retained for 12 months for scan results; 24 months for quote requests and feedback after account inactivity or deletion request, unless we are required to retain it by law. You may request deletion of your account data at any time by contacting us.
§6 Contact Us
For privacy-related requests or questions, contact us at: legal@1mil.app
§7 Third-Party Services
The Service may use the following third-party processors:
- Google Gemini API — AI inference (hosted mode default)
- OpenAI API — AI inference (BYOK optional)
- Anthropic API — AI inference (BYOK optional)
- Kimi API — AI inference (BYOK optional)
- Vercel — hosting and serverless infrastructure
- PostgreSQL database provider (if configured) — scan and account data storage
§8 Security
We implement reasonable technical and organizational measures to protect your information. However, no system is completely secure. BYOK API keys are stored only in your browser and are never transmitted to our servers. You are responsible for protecting your own browser environment. Contact us at legal@1mil.app to report any security concerns.
§9 Children
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.
§10 California Residents (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete — You may request deletion of personal information we have collected, subject to certain exceptions.
- Right to Opt-Out — We do not sell personal information. There is nothing to opt out of.
- Right to Non-Discrimination — We will not discriminate against you for exercising any CCPA rights.
To exercise these rights, contact us at legal@1mil.app. We will respond within 45 days.
§11 European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following applies:
- Legal basis for processing — We process session and scan data on the basis of legitimate interests (operating and securing the Service). We process quote and feedback requests on the basis of contract performance (responding to your inquiry). Where required, we rely on your consent.
- Your rights — You have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. You also have the right to lodge a complaint with your local supervisory authority.
- Data transfers — Your data may be processed in the United States. Where we transfer data outside the EEA, we rely on standard contractual clauses or other lawful transfer mechanisms.
- Retention — We retain personal data only as long as necessary for the purposes described in this policy or as required by law.
To exercise your rights or ask questions about our GDPR practices, contact us at legal@1mil.app.
§12 Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be noted by updating the "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance of the updated policy. For questions, contact legal@1mil.app at Million Opportunities LLC.