Privacy Policy

Name: RailScanPro
Rating: 4.9 (127 reviews)
Author: Winsit LLC

Last updated: April 24, 2026

1. Overview

RailScanPro, operated by Winsit LLC ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our model railroad inventory management platform and related services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect personal information you provide directly to us, including:

Account information (name, email address, password)
Profile information (railroad name, location, preferences)
Billing information (payment methods, billing address)
Communication data (support messages, feedback)
User-generated content (inventory data, photos, descriptions)

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

Device information (IP address, browser type, operating system)
Usage data (pages visited, features used, time spent)
Log data (access times, error messages, referral URLs)
Location data (approximate location based on IP address)

2.3 AI Analysis Data

Our AI vision service analyzes uploaded photos to extract inventory information. We process image data and metadata to provide automated cataloging features.

2.4 AI Assistant Interactions

When you interact with Casey, our AI assistant, we collect:

Conversation messages and queries you send to Casey
Context about your collection and layouts used to personalize responses
Token usage and processing metrics for service improvement

Casey's hardware setup guidance is generated using knowledge derived from open-source community documentation (primarily the JMRI project, licensed under GPL v2, and the DCC-EX project, licensed under GPL v3), combined with RailScanPro team expertise. Casey does not access, store, or redistribute proprietary manufacturer documentation. Your conversations with Casey are stored in your account and are not shared with third parties or used to train external AI models.

3. How We Use Your Information

We use collected information for the following purposes:

Service Provision: Provide, maintain, and improve our inventory management platform
Account Management: Create and manage your account, process subscriptions
AI Features: Analyze photos to provide automated inventory cataloging
Communication: Send service updates, support responses, and marketing communications
Security: Detect and prevent fraud, abuse, and security incidents
Analytics: Understand usage patterns and improve our services
Legal Compliance: Comply with applicable laws and regulations
Business Operations: Process payments, provide customer support
Community Database Enhancement: Contribute anonymized inventory metadata to our shared reference database (see Section 3.1)

3.1 Community Data Enhancement Program

RailScanPro maintains a community reference database to improve product identification and AI recognition for all users:

Free Tier Users (Starter Plan):

Participation is mandatory as a condition of the free service
Anonymized inventory metadata (manufacturer, model numbers, descriptions) is contributed to the community database
Photos may be used for AI training with identifying information removed
Personal data, valuations, and private notes are never included

Paid Tier Users (Collector, Family, Pro, Club, Museum):

Participation is optional and can be disabled in Account Settings
You benefit from the community database regardless of participation
Your privacy preference is respected immediately upon opt-out

For complete details, see Section 5.5 of our Terms of Service.

We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers:

Microsoft Azure: Cloud hosting, database services, and infrastructure
Azure OpenAI: AI-powered inventory analysis and natural language processing
Azure AI Vision: Photo analysis and automated product identification
Azure SignalR: Real-time communication for live updates
Stripe: Payment processing and subscription management
SendGrid: Transactional email delivery

4.2 Legal Requirements

We may disclose information when required by law or to:

Comply with legal process or government requests
Protect our rights, property, or safety
Investigate potential violations of our Terms of Service
Prevent fraud or security incidents

4.3 Business Transfers

In connection with any merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to this Privacy Policy.

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption: Data encrypted in transit and at rest using AES-256
Access Controls: Role-based access with multi-factor authentication
Infrastructure: Secure cloud hosting with regular security updates
Monitoring: Continuous monitoring for security threats and vulnerabilities
Compliance: SOC 2 Type II and ISO 27001 certified service providers

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any material breaches as required by law.

6. Data Retention

We retain your information for the following periods:

Account Data: Until account deletion or 3 years of inactivity
Inventory Data: Until user deletion or account termination
Payment Data: 7 years for tax and accounting purposes
Usage Logs: 2 years for security and analytics purposes
Support Communications: 3 years for quality assurance

After the retention period, we securely delete or anonymize your information. Some data may be retained longer if required by law or legitimate business interests.

7. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your personal data
Portability: Receive your data in a structured format
Restriction: Limit processing of your data
Objection: Object to processing for legitimate interests
Withdraw Consent: Withdraw consent for data processing

7.2 CCPA Rights (California Residents)

Know: Request disclosure of data collection and sharing practices
Delete: Request deletion of personal information
Opt-Out: Opt-out of the sale of personal information (we don't sell data)
Non-Discrimination: Equal service regardless of privacy choices

To exercise your rights, please contact us at legal@railscanpro.com or use our Data Deletion Request form.

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie usage, please see our Cookie Policy.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) with service providers
Data processing agreements with enhanced privacy protections
Regular audits of international data handling practices

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information immediately.

If you believe we have collected information from a child under 13, please contact us at legal@railscanpro.com.

11. RailCommand Desktop Application Data

11.1 Local Data Storage

RailCommand stores the following data locally on your computer:

Credential cache: Login tokens stored in platform-native secure storage (Windows DPAPI, macOS Keychain). Deleted on sign-out.
Offline packages (.rspkg): Encrypted layout data cached at {AppData}/RailScanPro/Packages/. Contains your layout graph, roster, calibrations, and a time-limited license token. Encrypted with AES-256-GCM.
Settings: User preferences (startup action, display options) stored in INI configuration files.
Session logs: Local diagnostic logs for troubleshooting. Not transmitted unless you share them with support.

11.2 Hardware Connection Data

When you connect RailCommand to model railroad hardware, the following data is processed locally:

Hardware connection parameters (IP addresses, serial ports, baud rates)
DCC addresses and function states
Sensor states (block occupancy)
Transponder/RFID data (locomotive and car identification)
Communication traffic logs (protocol-level diagnostic data)

This hardware data is processed locally on your computer and is not transmitted to our servers unless you explicitly share it (e.g., via the operations session sync feature).

11.3 Telemetry

RailCommand may collect anonymous usage telemetry including:

Feature usage statistics (which screens are used, session duration)
Error reports (crash data, exception logs)
Hardware compatibility data (which driver types are connected)

You may opt out of telemetry in Settings. Telemetry data does not include layout content, roster data, or hardware addresses.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes by:

Posting the updated policy on our website
Sending email notifications to registered users
Displaying prominent notices in our application

Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Winsit LLC
RailScanPro Privacy Team
Email: legal@railscanpro.com
Website: https://railscanpro.com

For EU/UK residents, you also have the right to lodge a complaint with your local data protection authority.