CleanScan
Trust Center

Security and privacy information for facility review

CleanScan creates a shared operational record for cleaning contractors and the facilities they serve. This page summarizes how we approach member reporting, data custody, photo proof, physical tag placement, and security review.

Review Summary

Facility-approved placement

CleanScan tags are intended to be placed only where the facility, operator, brand, or corporate reviewer approves the location, copy, and use case.

Scoped member reporting

Anonymous reporters can submit feedback tied to the tag they scanned. They do not get dashboard access or the ability to browse facility records.

Role-based access

Facility, contractor, worker, and portal views are separated by account roles, organization membership, and location-level authority.

Sensitive-area review

Locker rooms, restrooms, showers, changing areas, pools, schools, and healthcare areas require extra review before tags or photo workflows are enabled.

Data Custody Model

CleanScan is designed around a facility-level operational record. Tags, zones, reports, cleaning activity, and proof are tied to the relevant facility and are visible only through configured organization, contractor, worker, and portal access.

A contractor can operate inside a client facility when it has scoped authority to do so. A facility can review the records it is authorized to see. CleanScan hosts and processes the service so those records can be routed, secured, retained, and made available to approved users.

What a Member Scan Can Collect

Tag and zoneUsed to route the report to the correct facility area.
Issue category or ratingUsed to summarize what needs attention.
Optional descriptionUsed only when the reporter adds context.
Optional contact informationUsed for acknowledgements or follow-up when provided.
Device and request dataUsed for security, diagnostics, rate limiting, and abuse prevention.

Public reporters do not need to create an account. Public reporting can be enabled only for facility-approved zones and should not be used as an emergency, life-safety, harassment, or general member-monitoring channel.

Sensitive Areas and Photos

CleanScan is not designed to collect images of people, nudity, minors, medical information, private activity, or other sensitive personal content. Facilities should disable or avoid photo workflows in locker rooms, restrooms, showers, changing areas, saunas, pools, healthcare areas, schools, and any location with heightened privacy expectations.

Facility teams can review which zones are approved for member reporting, which zones are staff-only, and whether proof should be a note, scan event, or photo. For sensitive spaces, tags can be placed outside the area, inside only where approved, or omitted entirely.

Security Controls

  • Role-based dashboard and portal access
  • Location-level contractor and facility authority
  • Database row-level security for tenant isolation
  • Anonymous scan flows routed through scoped public endpoints
  • Encrypted transmission over HTTPS
  • Managed authentication, database, storage, and hosting infrastructure
  • SMS opt-in and opt-out handling for operational alerts
  • Security and legal review contact paths for facilities

Subprocessors

SupabaseAuthentication, Postgres database, storage, Edge Functions, and real-time infrastructure.
VercelHosting, deployment, and application delivery for CleanScan web properties.
StripeSubscription billing, payment processing, and customer billing portal.
TelnyxOperational SMS alerts and SMS webhook handling for opted-in recipients.
Supabase Auth SMS providerPhone one-time passcodes for authentication.
FormsparkMarketing and support form submissions.
SentryOptional application error monitoring when enabled for an environment.

Certifications

SOC 2Not certified today. CleanScan is building toward SOC 2 readiness before pursuing a formal audit.
ISO 27001Not certified today. ISO may be evaluated later if enterprise or international demand requires it.
Security reviewAvailable for facility, corporate, and risk teams through direct review with CleanScan.

Related Review Pages

Facility Approval

Tag placement, member reporting, and sensitive-area review.

Privacy Policy

How CleanScan collects, uses, shares, and retains information.

Terms of Service

Facility deployment, user content, and customer responsibilities.

Security or facility review questions?

For security review, facility approval, privacy requests, or data custody questions, contact privacy@cleanscan.io.