AppScan Studio is operated by QUICKSYNC, UNIPESSOAL LDA, registered in Portugal with tax identification number 518210596 ("we", "us", or "AppScan"). For privacy-related enquiries, contact us at [email protected].

1. What We Collect

We collect only what is strictly necessary to provide the service. When you register and use AppScan Studio, we collect the following:

1.1 Account Information

• Your name — collected at registration.
• Your email address — collected at registration and used as your login identifier. We do not send marketing emails.
• Your password — stored as a one-way bcrypt hash. We never store or have access to your password in plain text.
• Your company or organisation name — collected at registration to identify your account.

1.2 Session Data

We maintain a session to keep you logged in. This consists solely of a session identifier stored server-side. No personal information is embedded in the session token itself.

1.3 Scan Results

When you run a scan, AppScan Studio processes structural data about your OutSystems application — module names, dependencies, and architectural patterns. This data belongs to you and is stored in your isolated account. It does not contain personal data from your application's end users.

2. What We Do Not Collect

We want to be explicit about what we do not do:

• No marketing emails, newsletters, or promotional communications of any kind.
• No analytics, usage tracking, or behavioural data collection.
• No third-party advertising or ad-targeting data.
• No personal data from the applications you scan — our analysis is structural and architectural only.
• No cookies beyond the strictly necessary cookie described in Section 6.

3. How We Use Your Data

The data we collect is used exclusively to:

• Create and authenticate your account.
• Deliver scan results and maintain your access to them during your subscription.
• Generate AI-assisted changelogs (see Section 5 for details on how this works).
• Respond to support requests you initiate.

The legal basis for processing your personal data is the performance of a contract: your account registration is necessary to provide the service you have subscribed to (Article 6(1)(b) GDPR; Article 7(V) LGPD).

4. Data Retention and Deletion

We retain your data for as long as your subscription is active. When your subscription ends or is cancelled, all data associated with your account is permanently and immediately deleted. This includes your scan results, user accounts, and all associated records. We do not anonymise data for continued use, archive it, or retain any portion of it.

5. Third-Party Services

We use one external service: the OpenAI API, for generating AI-assisted changelogs. When this feature is used, we send anonymised structural data about your OutSystems application modules to OpenAI. This data describes module architecture only and contains no account data, no user credentials, and no personal information of any kind.

OpenAI processes this data under its Data Processing Agreement (DPA), and data transfers to OpenAI outside the EU/EEA are covered by standard contractual clauses in accordance with Article 46 GDPR.

No other third parties receive any of your data.

6. Cookies

AppScan Studio uses exactly one cookie: a session cookie, which is strictly necessary for login and to keep you authenticated while you use the application. This cookie is not used for tracking, analytics, or advertising.

Because this cookie is strictly necessary, no cookie consent banner is required under the ePrivacy Directive. No other cookies are set by AppScan Studio.

7. Your Rights (GDPR and LGPD)

Depending on your location, you have the following rights regarding your personal data:

7.1 Rights under GDPR (EU/EEA users, including Portugal)

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can ask us to correct inaccurate data.
• Right to erasure — you can request deletion of your personal data (note: cancelling your subscription triggers immediate deletion automatically).
• Right to data portability — you can request your data in a structured, machine-readable format.
• Right to object — you can object to processing in certain circumstances.

7.2 Rights under LGPD (Brazilian users)

• Right to confirmation and access to your data.
• Right to correction of incomplete, inaccurate, or outdated data.
• Right to anonymisation, blocking, or deletion of unnecessary or excessive data.
• Right to portability of your data.
• Right to information about the entities with which your data has been shared.

7.3 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law (30 days under GDPR; 15 days under LGPD).

8. International Data Transfers

Your personal account data (name, email, company) is stored within the EU/EEA. The only transfer of data outside the EU/EEA is to OpenAI for AI changelog generation, as described in Section 5, and is covered by appropriate safeguards under Article 46 GDPR. No other international transfers of personal data take place.

9. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

• Company: QUICKSYNC, UNIPESSOAL LDA
• Tax ID (NIF): 518210596
• Email: [email protected]

This Privacy Policy may be updated from time to time. We will notify active subscribers of any material changes. The current version will always be available within the AppScan Studio platform.