Last Updated: June 2, 2026
B Scanned Inc. ("BSCANNED", "we", "us", or "our") operates the website bscanned.com and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.
1. Information We Collect
Information You Provide
- Contact Information: Name, email address, phone number, business name, and mailing address when you fill out forms, request quotes, or sign up for our services.
- Account Information: Login credentials when you create an account on our platform.
- Business Information: Industry, target audience, brand colors, social media accounts, website URLs, and other business details provided for service delivery.
- Payment Information: Billing details processed through our third-party payment processors (Stripe). We do not store credit card numbers on our servers.
- Communications: Messages, chat transcripts, and correspondence sent through our platform or via email.
- Content: Images, logos, text, videos, and other materials you upload or provide for design and marketing services.
Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on pages, and interaction patterns within our platform.
- Device Information: Browser type, operating system, device type, and screen resolution.
- Log Data: IP address, access times, and referring URLs.
- Cookies: We use cookies and similar technologies to maintain sessions, remember preferences, and improve user experience.
Information from Third Parties
- Social Media Platforms: When you authorize us to manage your social media accounts (Facebook, Instagram, LinkedIn, TikTok), we receive page access tokens, page IDs, and posting permissions as authorized through OAuth.
- Lead Generation Forms: Lead data from LinkedIn Lead Gen Forms, Facebook Lead Ads, and other advertising platforms, as authorized by you.
- Google: Authentication information when you sign in using Google OAuth.
2. How We Use Your Information
- To provide, maintain, and improve our services including web development, mobile apps, AI automation, social media management, and marketing.
- To create and manage your account on our platform.
- To process transactions and send billing-related communications.
- To generate and publish social media content on your behalf, as authorized.
- To generate AI-powered designs, videos, and marketing materials using your provided business information.
- To sync and manage leads from connected advertising platforms into our CRM system.
- To send notifications about new leads, project updates, and service communications.
- To respond to your inquiries and provide customer support.
- To analyze usage patterns and improve our platform's features and performance.
- To comply with legal obligations and protect our rights.
3. How We Share Your Information
We do not sell your personal information. We may share information in the following circumstances:
- Service Providers: We use third-party services to operate our platform, including Supabase (database), Netlify (hosting), Anthropic Claude (AI), fal.ai (image generation), Stripe (payments), and n8n (workflow automation). These providers only access data necessary to perform their functions.
- Social Media Platforms: When you authorize us to post on your behalf, we transmit content to Facebook, Instagram, LinkedIn, and TikTok through their official APIs.
- Team Members: Your business information may be accessed by our team members (Brandon Thomas, Brieanna Thomas, Dajae Williams) as necessary to deliver services.
- Legal Requirements: We may disclose information if required by law, court order, or governmental regulation.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
4. Data Storage and Security
Your data is stored on secure cloud infrastructure provided by Supabase (hosted in North America) and Netlify. We implement appropriate technical and organizational measures to protect your information, including:
- Encryption in transit (HTTPS/TLS) and at rest.
- Role-based access controls for team members.
- Row Level Security (RLS) policies on our database.
- Secure API key management through server-side proxy functions.
- Regular security reviews and updates.
5. Social Media Account Authorization
When you connect your Facebook, Instagram, LinkedIn, YouTube, TikTok, X (Twitter), Threads, or other social media accounts to our platform:
- We use OAuth 2.0 authorization to obtain access tokens with only the permissions necessary for our services (posting, page management, analytics).
- We store access tokens securely in our encrypted database (Supabase Postgres with row-level security and HTTPS/TLS in transit).
- We never access your personal social media accounts — only the business pages, channels, or accounts you explicitly authorize.
- You can revoke access at any time through the social media platform's settings or through our admin portal.
- Access tokens are used solely for the purpose of creating, scheduling, and publishing content on your behalf, as directed by you, and for retrieving the analytics you have asked us to surface.
- We do not sell, rent, or otherwise transfer authorized social account data to any third party for advertising, model training, or profiling purposes.
5a. YouTube API Services & Google User Data
The BSCANNED platform uses YouTube API Services to let you connect a YouTube channel and publish videos to it on your authorization. By connecting your YouTube channel you agree to be bound by the YouTube Terms of Service.
Google's privacy practices are described in the Google Privacy Policy. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, BSCANNED:
- Only requests the YouTube scopes required to fetch your channel identity and upload videos you have explicitly chosen to publish (
youtube.upload, youtube.readonly) plus standard OpenID Connect scopes (openid, email, profile) to identify your account.
- Stores the OAuth access token, refresh token, channel ID, and channel name securely. We do not store, download, or analyze your video catalogue, viewer data, comments, watch history, or any other YouTube account content beyond the metadata of videos you publish through BSCANNED.
- Does not use YouTube data for advertising, sell or transfer it to third parties, or use it to train AI / ML models.
- Refreshes the YouTube access token automatically using the stored refresh token when it expires (Google access tokens are valid for one hour).
To revoke BSCANNED's access to your YouTube / Google account at any time: visit Google's Apps with access to your account page and remove "BSCANNED" (or "bscanned.com"). Revocation takes effect immediately. You may also email us at brandon.thomas@bscanned.com to request that we delete the stored tokens and channel metadata from our database; deletion is processed within 7 business days.
5b. TikTok & TikTok Login Kit / Content Posting API
The BSCANNED platform uses TikTok Login Kit and the TikTok Content Posting API to let you connect a TikTok account and publish videos to it on your authorization. By connecting your TikTok account you agree to be bound by the TikTok Terms of Service and the TikTok Privacy Policy.
Specifically, BSCANNED:
- Only requests the TikTok scopes required to identify your account and publish videos you have explicitly chosen to publish (
user.info.basic, video.upload, video.publish).
- Stores the OAuth access token, refresh token, TikTok open_id, and display name securely. We do not store, download, or analyze the videos in your existing TikTok library, your followers, your direct messages, or your private account data.
- Does not use TikTok data for advertising on third-party networks, sell or transfer it, or use it to train AI / ML models.
- Refreshes the TikTok access token automatically using the stored refresh token when it expires.
To revoke BSCANNED's access to your TikTok account at any time: open TikTok → Settings & privacy → Security and login → Manage apps, and remove "BSCANNED". You may also email us at brandon.thomas@bscanned.com to request immediate deletion of the stored tokens and account metadata from our database; deletion is processed within 7 business days.
5c. Account Data Deletion
You may request full deletion of your BSCANNED account and all associated data — including OAuth tokens, social account metadata, uploaded content, generated assets, and message history — at any time by emailing brandon.thomas@bscanned.com from the email address associated with your account, or by submitting a deletion request through the in-app settings panel. Deletion requests are processed within 7 business days. Aggregated, anonymized analytics that no longer identify you may be retained as described in Section 6.
6. Data Retention
We retain your information for as long as your account is active or as needed to provide services. Upon termination of services:
- Account data is retained for 90 days to allow for reactivation.
- Social media access tokens are revoked immediately upon request.
- Client files and generated content are available for download for 30 days after service termination.
- We may retain anonymized usage data for analytics purposes.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Portability: Request your data in a structured, machine-readable format.
- Opt-Out: Opt out of marketing communications at any time.
- Revoke Consent: Withdraw consent for social media account access or data processing.
To exercise any of these rights, contact us at brandon.thomas@bscanned.com.
8. Cookies
We use cookies for:
- Essential Cookies: Session management, authentication, and security.
- Functional Cookies: Remembering preferences and settings.
- Analytics Cookies: Understanding how users interact with our platform.
You can control cookies through your browser settings. Disabling cookies may affect the functionality of our platform.
9. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
10. Canadian Privacy Compliance
As a Canadian company based in Alberta, we comply with the Personal Information Protection Act (PIPA) of Alberta and the Personal Information Protection and Electronic Documents Act (PIPEDA). Your personal information is primarily stored and processed in Canada.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last Updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: