This translation is provided for information only. In case of any discrepancy, the French version prevails.
Suisse-Consult SA, Valais, Switzerland.
Contact: support@reviscan.ch
| Category | Data | Retention |
|---|---|---|
| Account | Email, password (hashed) | Lifetime of the account |
| Child profile | First name, school level and, if the parent provides it, the existence of a learning disorder (DYS) or ADHD (health data) | Lifetime of the account |
| Scanned documents | Uploaded photos/PDF, extracted OCR text | Photos/PDF: deleted immediately after the exercises are generated, or after 30 days if generation is never started · OCR text: lifetime of the account |
| Questions | Generated questions, scores, sessions | Lifetime of the account |
| Payment | Subscription status only · card data handled by Stripe | 10 years (legal obligation) |
| Technical | IP address, error logs | 90 days |
Reviscan does not sell any data. No targeted advertising. No personal data is used to train third-party AI models.
The questions generated by Reviscan are produced by our service. As soon as they are generated, an anonymised version (with no link to your account, your document or your identity) may be added to Reviscan's shared question bank. This bank is used to improve the service and to offer questions to other users.
Questions whose classification (subject, level) is not sufficiently certain are placed in an internal review queue before any addition to the shared bank.
You can object to this addition by contacting support@reviscan.ch.
| Purpose | Legal basis (GDPR) |
|---|---|
| Provision of the service (scan, OCR, question generation) | Performance of the contract (art. 6.1.b) |
| Adapting the journey to the child's profile (DYS, ADHD) | Explicit consent of the parent or guardian (art. 9.2.a GDPR · sensitive data under the Swiss FADP), revocable at any time |
| Account and subscription management | Performance of the contract (art. 6.1.b) |
| Transactional emails (confirmation, end of trial, payment) | Performance of the contract (art. 6.1.b) |
| Security and abuse prevention | Legitimate interest (art. 6.1.f) |
| Retention of billing data | Legal obligation: 10 years (art. 6.1.c) |
| Marketing emails (optional) | Consent (art. 6.1.a), revocable at any time |
For users under 16, the consent of a parent or guardian is required. Minors' data is never used for commercial purposes.
To adapt their child's journey, parents may indicate the existence of a learning disorder (DYS) or attention disorder (ADHD). This information is health data, which falls under the special categories within the meaning of art. 9 GDPR and sensitive data within the meaning of the Swiss FADP. It is processed solely on the basis of the parent's explicit consent, exclusively to personalise the learning sessions. It is never used for commercial purposes nor passed on to third parties, and can be deleted at any time from the personal area.
| Provider | Use | Data location |
|---|---|---|
| Supabase Inc. | Database and storage | Frankfurt, EU |
| Vercel Inc. | Application hosting | USA (logs only) |
| Stripe Inc. | Payments | EU (PCI DSS) |
| Anthropic PBC | OCR (reading the document) and AI question generation | USA |
| Resend Inc. | Transactional emails | USA |
Transfers outside the EU are governed by standard contractual clauses compliant with the GDPR.
In accordance with the Swiss FADP and the GDPR, you have the rights of access, rectification, erasure, portability and objection. These rights are exercised from your personal area or by email to support@reviscan.ch · response within 30 days.
You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).
| Cookie | Purpose | Duration |
|---|---|---|
| sb-auth-token | Authentication session (Supabase) | 7 days |
| reviscan-prefs | Interface preferences (language, theme) | 1 year |
No advertising cookies, no third-party trackers. No cookie consent is required because only strictly necessary cookies are used (ePrivacy Directive, functional exemption).
Reviscan makes no automated decision with legal or significant effects on users within the meaning of art. 22 GDPR. The generation of exercises by AI is an educational tool with no legal impact on the user.
Any substantial change will be notified by email 30 days before it takes effect.