Back to Home

Privacy Policy

Last updated: November 26, 2025

1. Overview

RailScanPro, operated by Winsit LLC ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our model railroad inventory management platform and related services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect personal information you provide directly to us, including:

  • Account information (name, email address, password)
  • Profile information (railroad name, location, preferences)
  • Billing information (payment methods, billing address)
  • Communication data (support messages, feedback)
  • User-generated content (inventory data, photos, descriptions)

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • Log data (access times, error messages, referral URLs)
  • Location data (approximate location based on IP address)

2.3 AI Analysis Data

Our AI vision service analyzes uploaded photos to extract inventory information. We process image data and metadata to provide automated cataloging features.

3. How We Use Your Information

We use collected information for the following purposes:

  • Service Provision: Provide, maintain, and improve our inventory management platform
  • Account Management: Create and manage your account, process subscriptions
  • AI Features: Analyze photos to provide automated inventory cataloging
  • Communication: Send service updates, support responses, and marketing communications
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Analytics: Understand usage patterns and improve our services
  • Legal Compliance: Comply with applicable laws and regulations
  • Business Operations: Process payments, provide customer support
  • Community Database Enhancement: Contribute anonymized inventory metadata to our shared reference database (see Section 3.1)

3.1 Community Data Enhancement Program

RailScanPro maintains a community reference database to improve product identification and AI recognition for all users:

Free Tier Users (Starter Plan):

  • Participation is mandatory as a condition of the free service
  • Anonymized inventory metadata (manufacturer, model numbers, descriptions) is contributed to the community database
  • Photos may be used for AI training with identifying information removed
  • Personal data, valuations, and private notes are never included

Paid Tier Users (Collector, Family, Pro, Club, Museum):

  • Participation is optional and can be disabled in Account Settings
  • You benefit from the community database regardless of participation
  • Your privacy preference is respected immediately upon opt-out

For complete details, see Section 5.5 of our Terms of Service.

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers:

  • Microsoft Azure: Cloud hosting, database services, and infrastructure
  • Azure OpenAI: AI-powered inventory analysis and natural language processing
  • Azure AI Vision: Photo analysis and automated product identification
  • Azure SignalR: Real-time communication for live updates
  • Stripe: Payment processing and subscription management
  • SendGrid: Transactional email delivery

We may disclose information when required by law or to:

  • Comply with legal process or government requests
  • Protect our rights, property, or safety
  • Investigate potential violations of our Terms of Service
  • Prevent fraud or security incidents

4.3 Business Transfers

In connection with any merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to this Privacy Policy.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit and at rest using AES-256
  • Access Controls: Role-based access with multi-factor authentication
  • Infrastructure: Secure cloud hosting with regular security updates
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Compliance: SOC 2 Type II and ISO 27001 certified service providers

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any material breaches as required by law.

6. Data Retention

We retain your information for the following periods:

  • Account Data: Until account deletion or 3 years of inactivity
  • Inventory Data: Until user deletion or account termination
  • Payment Data: 7 years for tax and accounting purposes
  • Usage Logs: 2 years for security and analytics purposes
  • Support Communications: 3 years for quality assurance

After the retention period, we securely delete or anonymize your information. Some data may be retained longer if required by law or legitimate business interests.

7. Your Rights

Depending on your location, you may have the following rights:

7.1 GDPR Rights (EU/UK Residents)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured format
  • Restriction: Limit processing of your data
  • Objection: Object to processing for legitimate interests
  • Withdraw Consent: Withdraw consent for data processing

7.2 CCPA Rights (California Residents)

  • Know: Request disclosure of data collection and sharing practices
  • Delete: Request deletion of personal information
  • Opt-Out: Opt-out of the sale of personal information (we don't sell data)
  • Non-Discrimination: Equal service regardless of privacy choices

To exercise your rights, please contact us at legal@railscanpro.com or use our Data Deletion Request form.

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie usage, please see our Cookie Policy.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) with service providers
  • Data processing agreements with enhanced privacy protections
  • Regular audits of international data handling practices

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information immediately.

If you believe we have collected information from a child under 13, please contact us at legal@railscanpro.com.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Displaying prominent notices in our application

Your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Winsit LLC
RailScanPro Privacy Team
Email: legal@railscanpro.com
Website: https://railscanpro.com

For EU/UK residents, you also have the right to lodge a complaint with your local data protection authority.

Questions about this document? Contact us

View all legal documents