Privacy Policy

Last updated: June 24, 2025

1. Introduction

This Privacy Policy explains how Downscanner ("we", "our", "the website") collects, uses, stores, and protects your information when you use our community-driven platform for reporting and monitoring the status of online services. By accessing or using our website, you agree to the terms described in this policy.

2. Information We Collect

We collect the following information:

• IP Address: Your IP address is temporarily collected for geolocation purposes, security, and rate limiting. We do not store your IP address in our database.
• Geographic Location: We use your IP address to determine your approximate geographic location (city and coordinates) for mapping purposes. This data is anonymized for privacy protection.
• Vote Data: When you report an issue, we store your vote along with the reason you selected and your approximate location.
• Timestamp: We record when your vote was submitted to track the timing of issues.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Status Tracking: To monitor and display the current status of various online services based on user reports.
• Geographic Visualization: To show the geographic distribution of user reports on an interactive map, helping users understand if issues are localized or widespread.
• Analytics: To analyze trends and patterns in service outages and issues.
• Security: To prevent abuse and ensure the integrity of our voting system.
• Rate Limiting: To prevent spam and abuse by limiting the number of votes per IP address to ensure fair usage of our platform.

4. Geolocation and IP Address Processing

MaxMind GeoLite2-City Database: We use the MaxMind GeoLite2-City database to convert IP addresses into approximate geographic locations. This process involves:

• IP Address Processing: Your IP address is temporarily processed to determine your approximate location.
• Privacy Protection: We apply additional anonymization to the geographic coordinates to further protect your privacy.
• No IP Storage: Your actual IP address is never stored in our database - only the derived geographic information.

Legal Basis: This processing is based on our legitimate interest in providing geographic visualization of service issues, which helps users understand the scope and location of reported problems.

MaxMind Attribution: This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

4.1 Rate Limiting and IP Address Processing

Rate Limiting System: To prevent spam and ensure fair usage of our voting system, we implement rate limiting based on IP addresses:

• Temporary IP Storage: Your IP address is temporarily stored in server memory for the duration of the rate limiting window (1 hour) to track voting frequency.
• No Persistent Storage: IP addresses used for rate limiting are never stored in our database or written to disk - they are only kept in temporary server memory.
• Automatic Cleanup: Rate limiting data is automatically cleared after the time window expires, ensuring no long-term storage of IP addresses.
• Security Purpose: This processing is necessary to prevent automated bots, spam, and abuse that could compromise the accuracy of our community-driven status reports.

Legal Basis: This processing is based on our legitimate interest in maintaining the integrity and reliability of our community-driven platform, preventing abuse, and ensuring fair usage for all users.

4.2 Geolocation for Analytics Consent Management

Google Analytics Consent Management: We also use geolocation to determine if you are located in the European Union (EU), European Economic Area (EEA), or Switzerland for the purpose of managing Google Analytics consent:

• Purpose: To comply with GDPR requirements by automatically enabling analytics for users outside the EU/EEA/Switzerland, while requiring explicit consent for EU/EEA/Switzerland users.
• Process: Your IP address is temporarily processed to determine your country of residence. Only the country name (e.g., "Germany", "United States") is used - your IP address is never stored or transmitted.
• EU/EEA/Switzerland Users: If you are located in these regions, Google Analytics remains blocked until you provide explicit consent through Google's Privacy Messaging system.
• Non-EU/EEA/Switzerland Users: If you are located outside these regions, Google Analytics is automatically enabled as GDPR consent requirements do not apply.
• Privacy Protection: This geolocation check is performed server-side and does not create any cookies or store any personal data. Your IP address is used only for the immediate country determination and is immediately discarded.

Legal Basis: This processing is based on our legitimate interest in complying with GDPR requirements and providing an optimal user experience by avoiding unnecessary consent prompts for users not subject to GDPR.

5. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Analytics: To understand how users interact with our site and to improve our services. We may use third-party analytics tools (such as Google Analytics) that collect anonymized usage data.
• Advertising: We may display ads or ad placeholders. If third-party ads are enabled in the future, those providers may set their own cookies (see their privacy policies for details).
• Essential Features: To enable core site functionality.

You can control cookies through your browser settings. Disabling cookies may affect your experience on the site.

5.1 Google Privacy Messaging and Consent Management

Google Privacy Messaging: For users located in the European Union (EU), European Economic Area (EEA), or Switzerland, we use Google's Privacy Messaging system to manage consent for Google Analytics and advertising cookies:

• Automatic Detection: Google's Privacy Messaging automatically appears for EU/EEA/Switzerland users to request consent for analytics and advertising cookies.
• Consent Management: This system allows you to grant or deny consent for specific types of cookies (analytics, advertising, functionality).
• No Custom Banner: We do not use custom cookie banners as Google's Privacy Messaging provides comprehensive consent management for all Google services.
• Consent Withdrawal: You can withdraw your consent at any time through your browser settings or by clearing your cookies.
• Non-EU Users: Users outside the EU/EEA/Switzerland do not see consent prompts as GDPR requirements do not apply to their location.

Legal Compliance: This approach ensures full compliance with GDPR requirements while providing an optimal user experience by avoiding unnecessary consent prompts for users not subject to GDPR regulations.

6. Third-Party Services and Attributions

We use the following third-party services and libraries to enhance our website functionality:

• MaxMind GeoLite2-City: We use the MaxMind GeoLite2-City database for IP geolocation. This is a local database that does not transmit your IP address to MaxMind's servers. The database is used to convert IP addresses into approximate geographic locations for mapping purposes.
• Cloudflare: Content delivery network (CDN) and security services that help improve website performance, security, and reliability. Cloudflare may collect certain technical information including IP addresses, browser information, and request data to provide these services.
• Chart.js: Data visualization library for displaying statistics and charts about service status and user reports.
• Google Analytics: Website analytics to understand user behavior and improve our services (requires your consent).
• Google Ads: Advertising services that may display relevant ads on our website. These services may use cookies and tracking technologies to deliver personalized advertisements (requires your consent).

These third-party services have their own privacy policies. We recommend reviewing their policies for more information about how they handle your data.

6.1 Open Source Libraries and Attributions

Our website uses the following open source libraries and data sources:

• OpenStreetMap: Map data © OpenStreetMap contributors and is licensed under the Open Database License (ODbL).
• Chart.js: Data visualization library powered by Chart.js (MIT License).
• Leaflet: Interactive map library by Leaflet (BSD 2-Clause License).
• MaxMind GeoLite2: Geolocation data © MaxMind (Creative Commons Attribution-ShareAlike 4.0 International License).

7. Data Sharing and Disclosure

• We do not sell, rent, or trade your personal information to third parties.
• We do not share your IP address with any third parties.
• Aggregated, non-identifiable data may be displayed publicly or shared for research/statistical purposes.
• We may share information with service providers who assist us in operating the website (e.g., analytics, hosting), subject to confidentiality agreements.
• We may disclose information if required by law or to protect our rights, users, or the public.

8. Data Security

We implement reasonable technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction. This includes:

• IP Address Protection: Your IP address is never stored in our database.
• Rate Limiting Security: IP addresses used for rate limiting are only stored in temporary server memory and are automatically cleared after 1 hour.
• Geographic Data Anonymization: All geographic coordinates are anonymized for privacy protection.
• Secure Data Transmission: All data is transmitted using secure protocols.

However, no online service can guarantee absolute security.

9. Data Retention

We retain technical and usage data as long as necessary for the purposes described in this policy:

• Vote Data: Individual user reports (votes) are automatically deleted after 24 hours to ensure that only recent data is displayed and to protect user privacy.
• Geographic Data: Approximate location data is retained for the same 24-hour period as vote data.
• IP Addresses: IP addresses are never stored in our database.
• Rate Limiting Data: IP addresses used for rate limiting are temporarily stored in server memory for 1 hour maximum and are automatically cleared after this period.
• Aggregated Data: Aggregated statistical data, which is not personally identifiable, may be retained for longer periods for historical analysis.

10. Children's Privacy

Our website is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us for removal.

11. International Users

Our website is accessible worldwide. By using our service, you consent to the transfer and processing of your information in accordance with this policy, including in countries outside your own.

12. Your Rights

• You have the right to access, correct, or request deletion of your personal data.
• You may object to or restrict certain processing activities.
• To exercise your rights, contact us through our website or social media channels.

13. General Data Protection Regulation (GDPR) Rights

If you are located in the European Union (EU), European Economic Area (EEA), or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR):

• Right of Access: You have the right to obtain confirmation of whether we process your personal data and, where we do, access to the personal data and information about the processing.
• Right to Rectification: You have the right to have inaccurate personal data rectified and incomplete personal data completed.
• Right to Erasure (Right to be Forgotten): You have the right to have your personal data erased in specific circumstances.
• Right to Restrict Processing: You have the right to restrict the processing of your personal data in specific circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
• Right to Object: You have the right to object to the processing of your personal data in specific circumstances.
• Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA.

To exercise your GDPR rights, please contact us through our website or social media channels. We will respond to your request within one month (30 days) of receipt. We may extend this period by two further months where necessary, taking into account the complexity and number of requests.

14. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Legitimate Interest: Processing is necessary for our legitimate interests in providing and improving our services, ensuring security, preventing fraud, and providing geographic visualization of service issues.
• Consent: Where you have given clear consent for specific processing activities (such as analytics cookies).
• Contract Performance: Processing is necessary for the performance of our service to you.
• Legal Obligation: Processing is necessary for compliance with legal obligations.

15. International Data Transfers (GDPR)

Your personal data may be transferred to and processed in countries outside the EU/EEA. We ensure that such transfers comply with GDPR requirements through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Other appropriate safeguards as required by GDPR

16. Data Protection Officer (GDPR)

For GDPR-related inquiries, you may contact us through our website or social media channels. While we do not have a dedicated Data Protection Officer, we are committed to ensuring GDPR compliance and will respond to all data protection inquiries.

17. California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request information about the personal information we collect, use, disclose, and sell about you.
• Right to Delete: You have the right to request deletion of your personal information that we have collected from you.
• Right to Opt-Out: You have the right to opt-out of the sale of your personal information. We do not sell your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Data Portability: You have the right to receive your personal information in a portable format.

To exercise your CCPA rights, please contact us through our website or social media channels. We will respond to your request within 45 days. We may need to verify your identity before processing your request.

18. California Privacy Rights Act (CPRA)

Under the California Privacy Rights Act (CPRA), California residents have additional rights:

• Right to Correction: You have the right to request correction of inaccurate personal information.
• Right to Limit Use and Disclosure: You have the right to limit the use and disclosure of sensitive personal information.
• Right to Know About Automated Decision-Making: You have the right to know about automated decision-making processes and their outcomes.

19. Nevada Privacy Law

Nevada residents have the right to opt-out of the sale of their personal information. We do not sell your personal information. If you are a Nevada resident and would like to make such a request, please contact us through our website or social media channels.

20. Virginia Consumer Data Protection Act (VCDPA)

If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act:

• Right to confirm whether we process your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to delete your personal data
• Right to obtain a copy of your personal data
• Right to opt-out of targeted advertising, sale of personal data, or profiling

21. Colorado Privacy Act (CPA)

Colorado residents have rights under the Colorado Privacy Act:

• Right to opt-out of targeted advertising, sale of personal data, or profiling
• Right to access, correct, or delete personal data
• Right to data portability
• Right to appeal our response to your request

22. Utah Consumer Privacy Act (UCPA)

Utah residents have rights under the Utah Consumer Privacy Act:

• Right to confirm whether we process your personal data
• Right to access your personal data
• Right to delete your personal data
• Right to data portability
• Right to opt-out of targeted advertising or sale of personal data

23. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

24. Contact Information