Scan Hero — Cookie Statement
Last updated: 30 May 2026
This Cookie Statement explains how AIz Serviços de Inteligência Artificial Ltda. ("Scan Hero", "we", "us") uses cookies and similar technologies on scanheroai.com and its subdomains (the "Service"). It supplements our Privacy Notice.
This statement is written to satisfy the transparency and consent requirements of the EU ePrivacy Directive (2002/58/EC, as amended) and national implementations, the UK PECR, the Brazilian LGPD and ANPD guidance on cookies, and the California CCPA/CPRA (for sale/sharing disclosures).
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. They are used to recognise your device, remember your preferences, keep you signed in, secure the site and measure how it is used. "Similar technologies" include local storage, session storage, pixels, SDKs and device fingerprinting. In this Statement, "cookies" covers all of them, even when they are not strictly cookies.
A cookie is first-party when it is set by the website you are visiting (scanheroai.com) and third-party when it is set by a different domain (e.g. Google, Stripe). A session cookie is deleted when you close your browser; a persistent cookie has an expiry date.
2. What we do and do not use
We do not set our own marketing or advertising cookies. We do not use Meta Pixel, LinkedIn Insight, Hotjar, Mouseflow, Crisp, Intercom or similar tracking tools. We use a small number of cookies in two categories:
- Strictly necessary — required to make the Service work (authentication, payment, security). Cannot be switched off.
- Analytics — Google Analytics 4, used to understand traffic and improve the Service. Loaded only with your consent in jurisdictions where consent is required (EEA, UK, Brazil, parts of the U.S.).
There are no marketing, advertising or social-media cookies on the Service today. If we introduce any in the future, we will update this Statement and ask for your consent.
3. Cookies we use
The list below is accurate as of the "Last updated" date above. Names, providers and durations may change as providers update their software; this Statement is updated when changes are material.
3.1 Strictly necessary cookies
| Name / pattern | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
__session, firebase-*, FIREBASE-* (Firebase Authentication / Google Identity Platform session cookies) |
Google (Firebase) | Keep you signed in, secure the session, prevent CSRF | First-party / Third-party (google.com, firebaseapp.com) | Session and up to 1 year |
__stripe_mid, __stripe_sid, m (Stripe Checkout) |
Stripe | Process payments, fraud prevention, billing portal | Third-party (stripe.com, js.stripe.com) | Session to 1 year |
Consent record (set by Cookiebot, ID aa69e430-351e-4dc0-b998-ce4835aa0cbb) |
First-party | Remember your cookie choices | First-party | 6 to 12 months |
| Load-balancer / CSRF tokens | Google Cloud / Scan Hero | Routing, anti-CSRF, anti-abuse | First-party | Session |
These cookies cannot be switched off, because without them the Service does not work (you cannot sign in, pay or be protected against abuse). The legal basis for them is performance of a contract / our legitimate interest in delivering the Service securely (GDPR art. 6(1)(b) and (f); LGPD art. 7, V and IX). Consent is not required for strictly necessary cookies under the ePrivacy Directive (art. 5(3)) or ANPD guidance.
3.2 Analytics cookies — Google Analytics 4
| Name / pattern | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
_ga, _ga_R2QGQCKL3S |
Google Analytics 4 (measurement ID G-R2QGQCKL3S) |
Aggregated traffic measurement, page views, retention, debugging | Third-party (google-analytics.com) | Up to 2 years |
_gid |
Google Analytics 4 | Distinguish users (where used) | Third-party | 24 hours |
We use Google Analytics 4 with IP anonymisation enabled by default, no Google Signals, and no advertising features. Data is processed in the United States by Google LLC under the European Commission's Standard Contractual Clauses (see Privacy Notice § 8).
- Legal basis (EEA/UK/CH): Consent (GDPR art. 6(1)(a); ePrivacy Directive art. 5(3)). Cookies are not loaded until you click "Accept" in our cookie banner.
- Legal basis (Brazil): Consent (LGPD art. 7, I). Cookies are not loaded until you accept.
- Legal basis (U.S.): Legitimate business purpose; you can opt out at any time through the banner or browser settings. We honour Global Privacy Control signals where state law requires it.
You can opt out of Google Analytics globally by installing the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout.
4. Managing your choices
4.1 Through our cookie banner
The first time you visit scanheroai.com from the EEA, the UK, Switzerland or Brazil, a consent banner appears with three options: "Accept all", "Reject all (non-essential)" and "Customise". You can change your decision at any time by clicking the small "Cookie settings" link in our website footer.
If we update the categories of cookies in use, we will ask for your consent again.
4.2 Through your browser
Most browsers let you block or delete cookies. Instructions:
- Chrome: https://support.google.com/chrome/answer/95647
- Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Edge: https://support.microsoft.com/microsoft-edge
Note that blocking strictly necessary cookies will prevent you from signing in or paying.
4.3 Global Privacy Control
We honour the Global Privacy Control (GPC) signal as an opt-out of analytics for users in U.S. states where law requires it (California, Colorado, Connecticut and similar).
4.4 "Do Not Track"
There is no industry consensus on how to honour the "Do Not Track" header, so we do not respond to it. We instead rely on the cookie banner and the GPC signal.
5. Storage outside of cookies
The Service uses local storage (localStorage) and session storage (sessionStorage) in your browser to keep small amounts of information that improve the user experience: UI state, the latest task ID viewed, draft templates, and the cookie-consent record itself. This information stays in your browser and is not transmitted to us unless required to perform an action you initiated. You can clear it from your browser's developer tools or by clearing site data.
6. Children
The Service is restricted to users 18 and over. We do not knowingly process the personal data of minors and we do not target advertising at minors.
7. Changes to this Statement
We may update this Cookie Statement when we change the cookies we use. Material changes will be announced through the cookie banner or by an in-app notice. The "Last updated" date at the top of this Statement always reflects the current version.
8. Contact
Questions about cookies or this Statement: admin@scanheroai.com.
AIz Serviços de Inteligência Artificial Ltda. — Av. Marechal Floriano, 399 – Rio de Janeiro, RJ, Brazil — CNPJ 66.955.511/0001-75.