PRIVACY POLICY

MomoScan is a stock market scanning service operated as a sole trader business based in the United Kingdom. We operate the website at momoscan.com.

For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), we are the data controller for personal data collected through this website.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at info@momoscan.com.

We collect the following personal data when you use MomoScan:

• Email address — collected when you register for an account. Used to authenticate you and communicate important service updates.
• Password — stored in hashed form by Supabase. We never have access to your plain text password.
• Donation payment data — if you choose to make a voluntary donation, your payment card details are collected and processed securely by Stripe. We do not store or have access to your full card details. We only receive confirmation that a payment was made and the amount.
• Account activity data — we store your login count, last login date, and terms acceptance timestamp to manage your account and comply with our legal obligations.
• Disclaimer and T&C acceptance timestamp — we record when you accepted our terms of use and privacy policy.
• Usage data — server logs may record your IP address, browser type and pages visited for security and performance monitoring purposes.

We use your personal data for the following purposes:

• To provide the service — your email and account status are used to authenticate you and grant access to the scanner.
• To process donations — if you choose to donate, your payment information is passed to Stripe to process the one-time payment. We retain a record that a donation was made.
• To communicate with you — we may use your email address to send important service updates, account notifications, or respond to your support enquiries.
• To comply with legal obligations — we may retain certain data as required by UK law, including records of any financial transactions.
• To protect against fraud and abuse — server logs and access records help us identify and prevent unauthorised use of the service.

We do not use your data for marketing purposes or sell your data to third parties.

Under UK GDPR, we rely on the following legal bases for processing your personal data:

• Legitimate interests — providing a free service, maintaining account security, and server log monitoring to protect the integrity of our service.
• Consent — where you have explicitly accepted our disclaimer and terms before using the service.
• Contract performance — where you make a voluntary donation, processing is necessary to complete that transaction.
• Legal obligation — we may retain financial records as required by HMRC and UK law.

We use the following third party services to operate MomoScan. Each has their own privacy policy and data processing terms.

• Supabase — we use Supabase to manage user authentication and store account data (email, subscription status). Supabase is hosted on infrastructure within the EU. Their privacy policy is available at supabase.com/privacy.
• Stripe — if you make a voluntary donation, you are directed to Stripe's secure checkout where your payment details are collected and processed. We do not store your card details. Stripe is PCI DSS compliant. Their privacy policy is available at stripe.com/gb/privacy.
• Hetzner — our web server and database are hosted on Hetzner infrastructure located in Helsinki, Finland (EU). Their privacy policy is available at hetzner.com/legal/privacy-policy.

We retain your personal data for as long as your account is active or as needed to provide you with the service.

• Account data — retained for the duration of your account and for up to 12 months after account deletion.
• Donation payment records — retained for 7 years in accordance with HMRC requirements.
• Server logs — retained for up to 90 days for security monitoring purposes.

If you request deletion of your account, we will delete your personal data except where we are required to retain it for legal or financial compliance purposes.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can ask us to correct inaccurate or incomplete data.
• Right to erasure — you can ask us to delete your personal data, subject to legal retention requirements.
• Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
• Right to data portability — you can request your data in a structured, machine-readable format.
• Right to object — you can object to processing based on legitimate interests.

To exercise any of these rights, please contact us at info@momoscan.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully.

MomoScan uses browser local storage and cookies to maintain your login session. These are technically necessary for the service to function and do not require separate consent under the cookie exception for essential functionality.

• Authentication tokens — stored in local storage by Supabase to keep you logged in across sessions.
• Session preferences — we may store minor preferences (such as your active ticker selection) in local storage to improve your experience.
• Disclaimer acceptance — stored in session storage to avoid showing the disclaimer modal repeatedly during a single session.

We do not use advertising cookies, tracking pixels, or third party analytics cookies.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss or misuse. These include:

• All data transmitted between your browser and our server is encrypted via HTTPS/TLS.
• Authentication is managed by Supabase with industry-standard JWT tokens.
• Payment processing is handled entirely by Stripe — we never handle raw card data.
• Server access is restricted and monitored.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. Continued use of MomoScan after changes are posted constitutes your acceptance of the updated policy.

For significant changes, we will notify you via the email address associated with your account.

For any questions, data requests or concerns regarding this Privacy Policy, please contact:

• Email: info@momoscan.com
• Response time: Within 24 hours on business days (Mon–Fri, 09:00–17:00 GMT)
• Website: momoscan.com