SCIS is in Beta — We're actively building and looking for early partners.Get in Touch
SCIS
Sign In

Privacy Policy

Last updated: March 2026

1. Who We Are

SCIS (Supply Chain Integration Suite) is operated from Austria. We provide an AI-powered supply chain management platform for small and medium-sized enterprises.

For privacy-related inquiries, contact us at contact@scis-app.com.

2. What Data We Collect

Account Data

When you sign up, we collect your name, email address, and authentication details (managed by Clerk, our identity provider). If you sign in with Google or GitHub, we receive your name and email from those services.

Organization Data

You may provide company name, address, VAT number, and trade preferences. This data is entered by you and stored to provide the service.

Operational Data

Data you create in the platform: products, partners, orders, shipments, documents, scenarios, and tenders. This is your business data and is stored to provide the service you signed up for.

AI-Processed Data

When you use AI features (document scanning, product classification, partner screening, chat), relevant data is sent to Anthropic for processing. Anthropic does not retain this data or use it for model training.

Payment Data

Payment processing is handled entirely by Stripe. We never see, store, or process your credit card details. We only store a Stripe Customer ID and Subscription ID for reference.

Usage Data

We collect basic usage logs (page visits, feature usage) to maintain and improve the service. Server-side request logs (IP address, URL, timestamp) are retained by our hosting provider (Vercel) for 30 days.

3. How We Use Your Data

We use your data to:

  • Provide and operate the SCIS platform
  • Process AI requests (document scanning, classification, screening)
  • Manage your subscription and billing
  • Send transactional emails (invitations, notifications)
  • Maintain platform security and prevent abuse
  • Comply with legal obligations

We do not use your data for marketing, advertising, profiling, or AI model training.

4. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contractual necessity — processing required to provide the service you signed up for (account management, data storage, AI features).
  • Legitimate interest — platform security, fraud prevention, and service improvement.
  • Legal obligation — where required by applicable law (e.g., tax records for billing).

5. Data Sharing

We share data only with service providers necessary to operate the platform:

  • Anthropic — AI processing (not retained after processing)
  • Stripe — payment processing (PCI-DSS Level 1)
  • Clerk — authentication and identity management
  • Supabase (PostgreSQL) — database hosting (EU, Frankfurt)
  • Cloudflare / AWS — file storage (EU)
  • Vercel — application hosting
  • Resend — transactional email delivery

We do not sell, rent, or share your data with third parties for marketing or advertising purposes. We do not share data with government agencies unless required by law.

6. Data Storage and Security

Your data is primarily stored in the EU (Frankfurt, Germany). All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). See our Security page for full details.

Each organization's data is logically isolated at the database level. No user can access another organization's data.

7. Data Retention

  • Active accounts: Data is retained for as long as your account is active. You can delete individual records at any time.
  • Subscription cancellation: Data remains accessible. You transition to the free tier with continued access.
  • Account deletion: All data permanently deleted within 5 business days upon request. Backups purged within 30 days.
  • Screening audit logs: Retained for 5 years from the screening date for regulatory compliance.
  • Server logs: Retained by Vercel for 30 days.

8. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access — view all your data in the platform or request an export
  • Rectification — edit your records directly in the platform
  • Erasure — delete records or request full account deletion
  • Data portability — export your data via API (JSON) or request a bulk export
  • Restriction — request restriction of processing for specific data
  • Objection — object to specific processing activities

To exercise any of these rights, contact contact@scis-app.com. We respond to all requests within 30 days.

9. Cookies

SCIS uses only essential cookies required for authentication and session management (provided by Clerk). We do not use marketing, advertising, or analytics cookies.

10. Children

SCIS is a business platform not intended for use by individuals under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related inquiries, data export requests, or deletion requests:

Email: contact@scis-app.com
Website: scis-app.com/contact

Security DetailsTerms of Service