Article 1 — Overview
This Privacy Policy explains how X6 Geo Plus IKE (through its development department Noetic Lab) collects, uses, stores, and protects your personal data when you use the ScanAnalyzer application, the website noetic-lab.com, and related services (collectively, "Services").
We are committed to protecting your data in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and Greek law (Law 4624/2019).
Article 2 — Data Controller
- Company: X6 Geo Plus IKE
- Department: Noetic Lab
- HQ: Mesogeion Ave & Thermopylon 2, P.C. 15341, Agia Paraskevi, Athens, Greece
- Email: grdetectors@yahoo.com
- Phone: +30 211 0010316
Article 3 — Data We Collect
3.1 Account Data
- Email address
- Name / Company name
- Billing information (if you purchase tokens)
3.2 Technical Data
- IP address
- Device type, operating system, browser
- Access logs
- Cookies and similar technologies (see Cookie Policy)
3.3 Communication Data
- Information you provide via the contact form (phone, country, city, company, message)
3.4 Application Usage Data
- Usage statistics (number of scans, AI queries)
- Token consumption
- Application errors (crash logs)
3.5 Geophysical & Local Data
According to our "Local-First" philosophy, the following data is not transmitted to our servers:
- GPS coordinates and geolocation
- Scan files (CSV, TXT, XML, JSON)
- AI reports and analyses
- Visual material from your device
These remain exclusively on your device (Android Tablet/Smartphone). See Article 12.
Article 4 — Legal Bases for Processing
| Basis (GDPR Art. 6) | Example |
|---|---|
| Contract (6.1.b) | Service delivery after registration |
| Legal obligation (6.1.c) | Issuing receipts, tax compliance |
| Consent (6.1.a) | Marketing emails, optional cookies |
| Legitimate interest (6.1.f) | Network security, fraud prevention |
Article 5 — Processing Purposes
- Provision and improvement of Services
- User account management
- Payment processing for tokens
- Technical support and troubleshooting
- System security and fraud prevention
- Compliance with legal obligations
- Statistical usage analysis (anonymized)
Article 6 — Disclosure to Third Parties
We do not sell your personal data. We may share it with:
- Hosting providers: Hostinger (DPA upon request)
- Payments: Stripe / PayPal (if you purchase tokens)
- Email: Sendgrid / WP Mail SMTP
- Analytics: Google Analytics (anonymized IP)
- Legal authorities: upon court order or lawful demand
All of the above are Data Processors (GDPR Art. 28) bound by data processing agreements.
Article 7 — International Transfers
Some providers may process data outside the EEA (e.g., Google in the US). In such cases we use:
- Standard Contractual Clauses (SCCs) from the European Commission
- Adequacy decisions where applicable (e.g., EU-US Data Privacy Framework)
Article 8 — Retention Period
| Data Type | Retention |
|---|---|
| Account data | Active account + 6 months |
| Payment receipts | 10 years (tax obligation) |
| Logs / IP | 12 months |
| Cookies | See Cookie Policy |
| Geophysical data | Not stored by us (Local-First) |
Article 9 — Your Rights (GDPR)
Under the GDPR, you have the following rights:
- Access (Art. 15): Know what data we hold about you
- Rectification (Art. 16): Request correction of inaccurate data
- Erasure / "Right to be forgotten" (Art. 17): Request deletion under specific conditions
- Restriction (Art. 18): Restrict processing
- Portability (Art. 20): Receive your data in machine-readable format
- Objection (Art. 21): To processing based on legitimate interest
- Withdraw consent: At any time, without retroactive effect
- Lodge a complaint: With the Hellenic Data Protection Authority (HDPA) — www.dpa.gr
Article 10 — Exercising Your Rights
Submit your request via email to grdetectors@yahoo.com with the subject line "GDPR Request".
We will respond within 30 days (extendable to 60 days for complex cases, with notice). Identity verification is required before processing the request.
Article 11 — AI and Automated Decision-Making
In accordance with the EU AI Act and GDPR Article 22:
- We do not use your data for automated decision-making with legal consequences without human intervention
- AI models (Automatic Target Recognition, AI Reports) operate locally on your device
- We commit to algorithmic transparency and human oversight
Article 12 — Local-First Processing
The ScanAnalyzer application operates with a "Local-First" philosophy:
- All geophysical data (GPS, scans, reports) is processed and stored exclusively locally on your device
- We have no access and maintain no copies
- The security of this data (device theft, unauthorized access) is your responsibility
- We recommend using device locks, biometrics, and disk encryption
Article 13 — Data Security
We implement technical and organizational measures (GDPR Art. 32):
- Encryption: TLS 1.3 for all transmission, AES-256 for storage
- Access control: Role-based, MFA for administrators
- Audit logs: Monitoring access to personal data
- Backups: Encrypted, geo-redundant
- Regular security audits and penetration tests
Article 14 — Data Breach
In case of a breach likely to result in high risk to your rights:
- We notify the HDPA within 72 hours (GDPR Art. 33)
- We inform you without undue delay (GDPR Art. 34)
Article 15 — Minors
The Services are intended for individuals aged 18 and over. We do not knowingly collect data from minors. If we discover such data, we will delete it immediately.
Article 16 — Cookies
We use cookies in accordance with the e-Privacy Directive (2002/58/EC). See our detailed Cookie Policy.
Article 17 — Changes to this Policy
We may update this Policy. Material changes will be announced via email or prominent banner at least 30 days in advance. Continued use after changes implies acceptance.
Article 18 — Contact
For questions about your data or this Policy:
- DPO Email: grdetectors@yahoo.com
- Phone: +30 211 0010316
- Address: Mesogeion Ave & Thermopylon 2, P.C. 15341, Agia Paraskevi, Athens, Greece
- Supervisory Authority: HDPA — www.dpa.gr