Privacy Policy
Last updated: 27 May 2025
Thank you for trusting ZeGuild SAS (“Company,” “we,” “our” or “us”). We operate the software-as-a-service platform available at ideascan.co (the “Service”), which allows customers to submit product or business ideas, automatically research competitive offerings, retrieve community feedback from Reddit, and generate a “frustration score” reflecting unmet market need.
This Privacy Policy explains how we collect, use, disclose, and safeguard Personal Data when you visit our website or use the Service, and describes the rights and choices available to you. Capitalized terms not defined here have the meaning given in our Terms of Service.
If you do not agree with any part of this Privacy Policy, please do not access or use the Service.
This Privacy Policy applies to Personal Data we process as a “controller” or, where applicable, as a “business” under the California Consumer Privacy Act (CCPA/CPRA). It does not apply to content that you choose to make public (e.g., posts you publish on Reddit or other third-party sites).
| Category | Examples | Source | Purpose |
|---|---|---|---|
| Account Information | Name, email address, password (hashed) | You | Create & administer your account; security |
| Idea Submissions | Textual descriptions, files, attachments | You | Perform competitive analysis & scoring |
| Encrypted Idea Content | AES-256 encryption of Idea Submissions prior to persistence | You | Confidential storage; only decrypted in volatile memory for processing |
| Usage Data | IP address, browser type, device ID, activity logs, referring URLs, cookies, analytics identifiers | Automated collection | Service provision, diagnostics, analytics, security |
| Support Data | Messages, tickets, call recordings | You | Respond to inquiries; improve support |
| Marketing Preferences | Opt-in/opt-out status | You | Respect communication choices |
We do not knowingly collect data from children under 13, nor do we use sensitive Personal Data (as defined under the CPRA) for inferring characteristics.
We process Personal Data only when we have a valid legal basis:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Provide, maintain & secure the Service; generate frustration scores | Performance of contract (Art. 6 (1)(b)) |
| Improve and develop new features; train algorithms on fully anonymised data | Legitimate interests (Art. 6 (1)(f)) |
| Send transactional emails & administrative messages | Performance of contract |
| Send marketing communications (newsletters, product updates) | Consent (Art. 6 (1)(a)) |
| Comply with legal obligations (tax, fraud prevention, court orders) | Legal obligation (Art. 6 (1)(c)) |
We do not sell or “share” Personal Data for cross-context behavioural advertising within the meaning of the CPRA.
We use strictly necessary cookies for authentication and session management, and optional cookies for analytics (e.g., Google Analytics, Plausible) and customer support chat. Where required, we request your consent via a cookie banner. You can withdraw consent or change preferences at any time through the “Cookie Settings” link in the footer or via your browser settings.
We disclose Personal Data only:
Service Providers – cloud hosting, database backups, analytics, payment processors, customer support platforms—each bound by confidentiality and data-processing agreements.
Legal & Safety – to courts, regulators, or law enforcement if required or to protect rights, safety, or property.
Corporate Transactions – in connection with a merger, acquisition, or sale of assets, provided the recipient agrees to safeguard the data.
Aggregated / De-identified Data – statistics that cannot reasonably be used to identify you.
We never grant service providers access to your unencrypted Idea Submissions; only encrypted blobs are stored at rest. Decryption occurs transiently within isolated compute environments during processing.
We are headquartered in France and may store or process data in jurisdictions that may not provide equivalent data-protection laws. When we transfer Personal Data from the European Economic Area (EEA), Switzerland, or the United Kingdom to a third country, we rely on any of the following:
Adequacy decisions of the European Commission;
European Commission–approved Standard Contractual Clauses (SCCs) with supplementary safeguards (e.g., encryption, access controls);
Your explicit consent (Art. 49 (1)(a)) when other mechanisms are unavailable.
| Data Category | Retention Period |
|---|---|
| Account & Idea Data | While account is active + 90 days (unless earlier deletion is requested) |
| Usage Logs | 180 days (aggregated thereafter) |
| Marketing Lists | Until you unsubscribe or request erasure |
| Legal/Financial Records | Seven (7) years or as required by law |
We may retain anonymised or aggregated data indefinitely for statistical or research purposes.
Encryption – TLS 1.3 in transit; AES-256 at rest; per-record encryption of Idea Submissions.
Access Controls – role-based access, MFA, least-privilege principles.
Network Security – firewalls, IDS/IPS, zero-trust architecture.
Application Security – automated dependency scanning, penetration testing, CI/CD code reviews.
Incident Response – documented plan including user notification within 72 hours of discovering a notifiable breach (GDPR Art. 33).
No internet transmission or storage system is 100 % secure; however, we follow industry standards to protect your data.
Depending on your location, you may have the right to:
| Right | Jurisdictions |
|---|---|
| Access and obtain a copy of Personal Data | GDPR, CCPA |
| Rectify inaccurate or incomplete data | GDPR |
| Erase (“right to be forgotten”) | GDPR |
| Restrict or object to processing | GDPR |
| Port data to another controller | GDPR |
| Opt-out of “sale” or “sharing” of data | CCPA/CPRA |
| Limit use of sensitive Personal Data | CPRA |
| Lodge a complaint with a supervisory authority | GDPR |
To exercise any right, email [email protected] or visit app.ideascan.co. We will respond within 30 days (GDPR) or 45 days (CCPA), subject to verification of identity.
Our algorithm analyses publicly available discussions (e.g., Reddit threads) and metadata about competing products to estimate a “Frustration Score.” The score is provided for informational purposes and is not used to make decisions that produce legal or similarly significant effects about a natural person. You may request human review of any automated output by emailing support@[domain].
The Service is not intended for persons under 13 (or under 16 in the EEA). We do not knowingly collect Personal Data from children. If we learn that a child has provided us with Personal Data, we will delete it immediately.
We may update this Privacy Policy from time to time. If we make material changes, we will:
post the updated version with a new “Last updated” date; and
where appropriate, provide prominent notice (e.g., email or in-app notification) and request consent if required by law.
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact:
ZeGuild SAS
8 rue de penthievres 75008 France
Email: [email protected]
