Privacy Policy

Last Updated: 5 January 2026

Scan and Review is a service owned and operated by GB Systems UG (haftungsbeschränkt) (“GB Systems UG”, “we”, “our”, or “us”).

This Privacy Policy explains how we collect, use, store, and disclose personal data when you access our website https://scanandreview.com or use the Scan and Review platform and related services (the “Service”), including when you connect third-party platforms such as Google Business Profile and Meta (Facebook) Pages through their respective APIs.

Certain technical, operational, or support services may be provided to GB Systems UG by Scan and Review LTD (United Kingdom) acting strictly as a data processor or service provider on our behalf.

By using our website or the Service, you acknowledge and agree to this Privacy Policy.

1. Data Controller Information

1.1 Data Controller

GB Systems UG (haftungsbeschränkt)
Passau, Germany
Registered with the District Court of Passau
Commercial Register Number: HRB 13047

GB Systems UG determines the purposes and means of processing personal data in accordance with Article 4(7) GDPR.

1.2 Data Processor / Service Provider

Scan and Review LTD
United Kingdom

Scan and Review LTD may provide infrastructure, development, billing, analytics, or customer support services and acts solely on documented instructions from GB Systems UG in accordance with Article 28 GDPR.

2. Legal Basis and Applicability

This Privacy Policy is intended to comply with:

  • EU General Data Protection Regulation (GDPR)
  • UK GDPR
  • Meta (Facebook) Platform Terms and Developer Policies
  • Google API Services User Data Policy

If you are located in the European Economic Area (EEA) or the United Kingdom, your personal data is processed in accordance with applicable data protection laws.

3. Information We Collect

3.1 Personal Information You Provide

We collect personal data that you voluntarily provide when you:

  • Create an account
  • Subscribe to our services
  • Contact us
  • Use features of the Service

This may include:

  • Full name
  • Email address
  • Business or company information
  • Billing and invoicing details

Payment data is processed securely by third-party payment providers. We do not store full credit card numbers or sensitive payment credentials on our servers.

3.2 Google OAuth 2.0 and Google Business Profile Data

When you connect your Google Business Profile to Scan and Review, we use Google OAuth 2.0 and the Google Business Profile APIs.

OAuth Scope Requested

  • https://www.googleapis.com/auth/business.manage

Data Accessed

With your explicit authorization, we may access and process:

  • Google Business account and location identifiers
  • Business profile information (e.g., business name, address, categories)
  • Customer reviews and ratings
  • Review metadata (review text, rating, date, author name as provided by Google)
  • Business performance and analytics data available through Google APIs
  • Permissions required to publish responses to customer reviews on your behalf

We do not access personal Google account data unrelated to your business profile.

3.3 Purpose of Google API Data Processing

Google Business Profile data is accessed solely to provide the core functionality of the Service, including:

  • Displaying and managing customer reviews
  • Responding to reviews on behalf of authorized users
  • Analyzing reviews to identify trends and insights
  • Generating reports and recommendations

Google API Limited Use Compliance

Information received from Google APIs is:

  • Used only for the purposes described in this Privacy Policy
  • Not sold, rented, or used for advertising
  • Not shared with third parties except service providers acting on our behalf or where legally required
  • Retained only while the business account remains connected or as required by law

Scan and Review’s use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Google data is not used to develop, improve, or train generalized artificial intelligence or machine learning models.

3.4 Meta (Facebook) API and Facebook Page Data

When you connect your Facebook Page to Scan and Review, we access Facebook data through the Meta Graph API only after you explicitly authorize our application.

Permissions Requested

We request only the permissions necessary to provide our services, including:

  • pages_read_engagement
  • pages_manage_engagement
  • pages_show_list
  • pages_read_user_content

3.5 Data Accessed from Facebook

With your authorization as a Facebook Page administrator, we may access and process:

  • Facebook Page identifiers and metadata
  • Public Page information (e.g., Page name, category)
  • Customer reviews, ratings, and recommendations posted on your Page
  • Review content, timestamps, and publicly visible author names
  • Permissions required to publish replies to reviews on behalf of the Page

We do not access private Facebook profile data beyond what is publicly associated with Page reviews.

3.6 Purpose of Facebook Data Processing

Facebook Page data is accessed solely to provide the core functionality of the Service, including:

  • Importing and displaying Facebook Page reviews
  • Analyzing reviews to identify trends, sentiment, and improvement areas
  • Generating AI-assisted insights and reports for business users
  • Assisting Page administrators in drafting responses to reviews
  • Publishing replies to reviews only after explicit user action

3.7 Artificial Intelligence and Human Oversight

Scan and Review uses artificial intelligence to assist users with review analysis and suggested responses.

Safeguards include:

  • AI-generated replies are never posted automatically
  • Users must explicitly initiate, review, and confirm any response before publication
  • Users may edit or reject AI-generated content at any time
  • AI-generated insights are advisory and do not constitute professional or legal advice

3.8 Data Use and Sharing Restrictions (Meta & Google Compliance)

  • Data from Facebook and Google is used only for the purposes disclosed in this Privacy Policy
  • Platform data is not sold, licensed, or used for advertising or marketing
  • Platform data is not used to profile individuals
  • Data is shared only with secure infrastructure providers acting on our behalf or where legally required

3.9 Data Retention and Deletion

  • Platform data is retained only while the relevant account or Page remains connected to the Service
  • Users may disconnect their Google Business Profile or Facebook Page at any time
  • Upon disconnection, associated platform data is deleted or anonymized unless retention is legally required

4. User Rights

Users have the right to:

  • Access their personal data
  • Request correction or deletion
  • Withdraw consent
  • Disconnect third-party integrations

Requests can be submitted using the contact details below.

5. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, and secure hosting environments.

6. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date.

7. Contact Information

For privacy-related inquiries or to exercise your data protection rights, contact:

GB Systems UG (haftungsbeschränkt)
Email: support@scanandreview.com
Phone: +44 7878 984669

Platform Compliance Statements

Meta (Facebook)

Scan and Review’s use of information received from Meta (Facebook) APIs complies with the Meta Platform Terms, Developer Policies, and Data Protection Requirements.

Google

Scan and Review’s use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.