U.S. Executive Order domestic sourcing requirements are live — verify your supply chain compliance now for $20. Check your supply chain now →
Our team is on parental leave through early April 2026. All tools remain operational. Support may be delayed. hello@sustainable207.com
FutureScan

Privacy Policy

Last Updated: March 2026

FutureScan (“the Platform”), operated by Renew EcoMe LLC, is committed to transparent and ethical data practices. Our data governance aligns with UN Sustainable Development Goal 16 (Peace, Justice & Strong Institutions) through responsible stewardship of your information.

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, subscribe to a paid plan, or contact customer support. This may include your name, email address, and billing information (processed securely by our payment providers). We also collect the URLs you submit for auditing.

URLs submitted for audit are used solely to perform the requested accessibility analysis. We scan only publicly accessible pages and never store credentials or personally identifiable information (PII) discovered during scans.

2. How We Use Your Information

We use the information we collect to operate, maintain, and provide the features and functionality of the Service, as well as to process your transactions and send you related information, including confirmations and receipts.

3. AI-Powered Analysis

3a. Accessibility Analysis (Anthropic Claude)

We use Anthropic’s Claude AI to analyze website screenshots and page structures for WCAG 2.2 compliance violations. When you run a checkout audit:

  • Screenshots are sent to the Anthropic API for visual analysis
  • Anthropic processes these images in real-time and does not retain them for training
  • No personal data from your account is included in the AI analysis request
  • AI-generated assessments are stored in your audit history for your reference

3b. Supply Chain & Disaster Risk Analysis (Google Gemini)

We use Google Gemini AI to analyze supply chain transparency and assess disaster and climate risk exposure. When you run a supply chain or disaster risk scan:

  • Publicly available web content from the URL you submit is sent to Google Gemini for analysis
  • Google Search grounding is used to retrieve real-time information about natural disasters, geopolitical events, tariff changes, and climate conditions relevant to the supply chain nodes identified in your scan
  • Geographic locations (city/country names) of supply chain nodes are processed to estimate coordinates for map visualization — no personal location data is used
  • Google Maps grounding is used for the Nearby Logistics Finder feature, which discovers ports, warehouses, and freight corridors near supply chain nodes. No personal location data is shared with Google for this feature
  • Google processes this data in real-time via their API and does not retain it for model training

3c. In-App Chatbot (Google Gemini)

Our in-app chatbot assistant is powered by Google Gemini. Conversations are processed in real-time; no personal data from your account is included in chatbot requests.

Our SDG impact scores are calculated using a deterministic mapping methodology on your device and do not involve any external API calls.

4. Third-Party Services & Sub-Processors

We use the following third-party services to operate the Platform:

  • Supabase — Authentication, database, and file storage. Data is hosted in the United States.
  • Vercel — Application hosting and edge delivery.
  • Stripe — Subscription billing and payment processing for credit/debit card payments. Stripe handles all card data directly and is PCI DSS Level 1 compliant.
  • Anthropic (Claude AI) — Accessibility analysis engine. Website screenshots are processed via API and not stored by Anthropic.
  • Heap Analytics — Anonymized usage analytics (page views, feature interactions). Loaded only after you accept our cookie consent banner. User IDs are hashed before transmission.
  • Google Ads (Google Tag) — Conversion tracking to measure the effectiveness of our advertising. Loaded only after cookie consent acceptance. No personal data is shared with Google for ad personalization.
  • Google Gemini (via Google AI) — Powers supply chain compliance analysis, disaster and climate risk assessment, and the in-app chatbot assistant. Uses Google Search grounding for real-time disaster, geopolitical, and regulatory data retrieval. Uses Google Maps grounding for nearby logistics discovery. No personal data from your account is included in AI requests.
  • Mapbox — Interactive map rendering for supply chain node visualization and disaster risk geographic display. No personal data is shared with Mapbox.
  • Google Cloud Platform — Backend compute (Cloud Run) for audit processing. Data is processed in the United States.

International Data Transfers: For users in the EU/EEA, personal data transferred to the United States is protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, or other legally recognized transfer mechanisms. Our sub-processors maintain their own SCCs and data protection agreements. If you require a copy of the applicable SCCs, please contact us.

5. Data Sharing and Disclosure

We do not sell your personal data. We share your information with the third-party service providers listed above solely for the purpose of providing the Service. These providers are bound by their respective data processing agreements and privacy policies.

6. Data Security

We implement reasonable security measures to protect the security of your personal information both online and offline, including encryption in transit (TLS) and at rest. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

7. Data Retention

We retain your data according to the following schedule:

  • Account data (email, profile) — retained while your account is active, deleted within 30 days of account deletion request
  • Audit results — retained for 12 months after account deletion, then permanently removed
  • Billing records — retained for 7 years after last transaction as required by U.S. tax law (IRS record-keeping requirements)
  • Anonymous, aggregated analytics — may be retained indefinitely as this data cannot be linked to individual users
  • Server logs — automatically purged after 90 days

You may delete your account and associated data at any time through your profile settings or by contacting us.

8. Your Rights (GDPR & CCPA)

Depending on your location, you may have the right to access, correct, delete, or restrict the use of your personal data. If you wish to exercise these rights, please contact us. You can delete your account and associated data directly from your profile settings or by contacting our support team.

For EU/EEA residents: our legal basis for processing personal data is contract performance (providing the audit service you requested) and legitimate interest (improving the Platform). Analytics processing is based on your consent.

8.1 CCPA — Categories of Personal Information

Under the California Consumer Privacy Act (CCPA), we collect the following categories of personal information:

  • Identifiers — Name, email address, IP address, account ID
  • Commercial information — Subscription plan, billing history, transaction records
  • Internet or electronic network activity — Pages visited, feature usage, audit URLs submitted, browser type, referring URL
  • Geolocation data — Approximate location derived from IP address (city/region level only)
  • Inferences — Subscription tier eligibility, usage patterns for product improvement

We do not sell or share personal information for cross-context behavioral advertising. California residents may request disclosure, deletion, or correction of their data by contacting us at hello@sustainable207.com or via our Do Not Sell My Personal Information page.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery via the email address associated with your account and a prominent notice on the Platform. We will also notify relevant supervisory authorities as required by applicable law, including but not limited to the GDPR (Article 33) and applicable U.S. state breach notification laws.

The notification will include: a description of the nature of the breach, the categories and approximate number of users affected, the likely consequences of the breach, and the measures taken or proposed to address the breach.

10. Data Processing Agreement (DPA)

For EU/EEA customers and enterprise clients who require a Data Processing Agreement under GDPR Article 28, we offer a standard DPA that covers our obligations as a data processor. To request a DPA, please contact us at hello@sustainable207.com.

11. SDG Alignment

Our privacy practices reflect our commitment to the UN Sustainable Development Goals. Specifically, transparent data governance supports SDG 16 (Peace, Justice & Strong Institutions), and accessible, privacy-respecting digital services advance SDG 10 (Reduced Inequalities).

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at hello@sustainable207.com.