ScrubLayer

Legal

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how ScrubLayer (“we,” “us,” or “our”), Lansdale, Pennsylvania 19446, USA, collects, uses, and protects your information when you use our website and services.

Table of Contents

  1. 1. Data We Collect
  2. 2. How We Use Your Data
  3. 3. Student Data Policy
  4. 4. Data Retention
  5. 5. Third-Party Services
  6. 6. Your Rights (GDPR & CCPA)
  7. 7. Cookies
  8. 8. Security
  9. 9. Children's Privacy
  10. 10. Changes to This Policy
  11. 11. Contact

1. Data We Collect

  • Email address — required to create an account.
  • Content submitted for analysis — processed to generate your audit report, then retained per the schedule in Section 4 (30 days for free accounts, 1 year for Pro, 2 years for Agency). We do not store raw input content beyond what is displayed in your report.
  • Payment information — processed entirely by Stripe. ScrubLayer never stores card numbers, CVV codes, or bank account details on its servers.
  • Usage data — pages visited, features used, audit scores (anonymized for aggregate analysis).
  • Technical data — IP address, browser type, device type, operating system, and referring URL collected via server logs.

2. How We Use Your Data

  • To provide and improve the service.
  • To send transactional emails: audit complete notifications, receipts, and password resets.
  • To detect and prevent fraud and abuse.
  • To generate anonymized aggregate statistics about service usage.
  • We do NOT sell your personal data to any third party.
  • We do NOT use your data for advertising targeting.
  • We do NOT share your submitted content with any third party.

3. Student Data Policy

ScrubLayer does not collect or store student educational records as defined by FERPA. We do not use any submitted content including student papers for advertising, marketing, or profiling. We do not build profiles of students. We comply with COPPA for users under 13 by requiring parental consent. Educational institutions using ScrubLayer are responsible for obtaining appropriate consents from students and parents before submitting any student work for analysis.

See also: Section 7 of our Terms of Service for the Academic Integrity Disclaimer.

4. Data Retention

Account / Data TypeRetention Period
Free accounts — audit reports & content30 days
Pro accounts — audit reports1 year
Agency accounts — audit reports2 years
Account deletion requestAll personal data deleted within 30 days
Payment records7 years (legal/tax obligation)
Server logs90 days

Some data may be retained longer if required by law. To request account deletion, email support@scrublayer.com.

5. Third-Party Services

We share data with these services only as necessary to provide the Service:

StripePayments · stripe.com/privacy

Payment card data is handled exclusively by Stripe. We receive only payment status and a customer ID.

SupabaseDatabase & Auth · supabase.com/privacy

Account data, audit reports, and session tokens are stored in Supabase-hosted PostgreSQL.

AnthropicAI Processing · anthropic.com/privacy

Submitted content is sent to Anthropic's Claude API to generate audit results. Anthropic does not use API inputs to train models by default.

ResendEmail · resend.com/privacy

Your email address is shared with Resend solely to deliver transactional emails.

VercelHosting · vercel.com/legal/privacy-policy

Our application is hosted on Vercel's infrastructure. Request logs pass through Vercel's edge network.

6. Your Rights (GDPR & CCPA)

You have the right to:

  • Access your personal data.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Data portability — receive your data in a machine-readable format.
  • Opt out of marketing emails at any time via the unsubscribe link in any email.

To exercise any right, email support@scrublayer.com. We will respond within 30 days (45 days for CCPA requests). We do not sell personal information and do not discriminate against users who exercise their privacy rights.

7. Cookies

We use only essential cookies for authentication and session management. We do not use advertising or tracking cookies.

CookiePurposeDuration
sb-auth-tokenAuthentication sessionSession / 1 week
stripe_midStripe fraud prevention1 year

8. Security

  • All data encrypted in transit using TLS 1.2+.
  • Data encrypted at rest in Supabase (AES-256 via AWS).
  • Row Level Security (RLS) enabled on all database tables.
  • Payment data handled exclusively by Stripe's PCI-compliant infrastructure.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact support@scrublayer.com immediately.

9. Children's Privacy

ScrubLayer is not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe a child under 13 has submitted personal information to ScrubLayer, contact support@scrublayer.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy at any time. We will post the updated policy on this page with a revised date. For material changes, we will notify active users by email at least 14 days before the change takes effect. Continued use after the effective date constitutes acceptance.

11. Contact

ScrubLayer — Privacy

Lansdale, PA 19446, United States

Email: support@scrublayer.com

Last updated: April 2026

Terms of ServiceRun an Audit

© 2026 ScrubLayer. All rights reserved.