Privacy Policy
Last updated: June 23, 2026
1. Introduction
NookScan Protocol™ (“NookScan,” “we,” “our,” or “us”) is operated by Notary Nook of Chicago, LLC, a limited liability company organized under the laws of the State of Illinois. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our compliance analysis platform at getnookscan.com or through our NookScan Protocol mobile application (collectively, the “Service”).
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of the Service immediately.
2. Information We Collect
We collect the following categories of information:
- Account Information: Name, email address, and profile photo provided by your Google or Apple sign-in provider at the time of account creation.
- Uploaded Documents: PDF files you submit for compliance analysis. These may include immigration documents (such as EB-5 petitions and related filings), notarized instruments, loan signing packages, and other legal documents. Document content—including extracted text and rendered page images—is processed solely to produce your compliance report.
- Usage Data: Scan history, compliance scores, subscription status, feature usage, timestamps, and interaction data within the platform.
- Payment Information: Billing details processed securely through Stripe. We do not store, access, or retain credit card numbers, bank account numbers, or other sensitive financial data on our servers.
- Device & Technical Data: Browser type, operating system, IP address, and general location data used for security monitoring and service optimization.
3. How We Use Your Data
Your data is used exclusively for the following purposes:
- Compliance Analysis: Processing uploaded documents through our 14 proprietary compliance engines to generate compliance reports, correction recommendations, and risk assessments.
- Account Management: Maintaining your user profile, scan history, subscription status, and billing records.
- Service Improvement: Understanding aggregate, anonymized usage patterns to improve our analysis engines, user experience, and platform reliability.
- Communication: Sending account-related notifications including subscription confirmations, payment receipts, service updates, and security alerts.
- Security & Fraud Prevention: Monitoring for unauthorized access, abuse, or fraudulent activity on the platform.
We do not sell, rent, trade, or share your personal information with third parties for marketing or advertising purposes. Your uploaded documents are never used to train AI models and are never shared with AI model providers for the purpose of model training or improvement.
4. AI & Technology Data Practices
NookScan Protocol uses artificial intelligence services and deterministic rule-based engines to process your documents. We disclose the following AI and technology services involved in document analysis:
- Google Gemini AI: Uploaded document images and extracted text are processed by Google Gemini AI (gemini-2.5-flash), operated by Google LLC, to perform visual and textual compliance analysis including signature detection, field identification, and notarial execution review. This processing occurs on Google Cloud infrastructure. Google's use of data submitted via the API is governed by Google's Generative AI Prohibited Use Policy and applicable API Terms of Service. Document data is not used by Google to train or improve their AI models under our enterprise API agreement.
- Google Cloud Vision OCR: For scanned or image-based PDFs, individual page images are transmitted to the Google Cloud Vision API for optical character recognition (OCR) to extract text content. This service is operated by Google LLC and governed by the Google Cloud Terms of Service. Extracted text is used solely to perform compliance analysis and is not retained by Google beyond the API request lifecycle.
- Proprietary Compliance Engines: Our 14 proprietary compliance engines run on Firebase Cloud Functions (Google Cloud infrastructure) and apply deterministic rule-based analysis to produce compliance scores, risk tiers, and correction recommendations. These engines do not involve third-party AI services beyond those named above.
Analysis results are deterministic—identical inputs always produce identical outputs. Document data is not shared with AI model providers for training, fine-tuning, or model improvement purposes. Analysis outputs are not shared with any external systems beyond what is necessary to deliver your compliance report.
5. Document Handling & Storage
Uploaded PDF documents are stored in Firebase Cloud Storage (Google Cloud) for the duration of the scan job. Once analysis is complete and your compliance report is generated—typically within minutes—the original uploaded document file is no longer needed for active processing. Completed compliance reports (structured JSON output containing extracted findings, scores, and recommendations) are stored in your account history in Firebase Firestore for as long as your account remains active.
You may delete individual scan reports at any time from your dashboard. When you delete your account, all associated personal data, scan history, uploaded documents, and compliance reports are permanently and irreversibly removed within 30 days of your deletion request.
To request deletion of your data without closing your account, contact us at support@notarynookhub.com. We will confirm and complete your request within 30 days.
6. Data Security
We implement industry-standard security measures to protect your information, including:
- Encryption of data in transit using TLS/SSL protocols.
- Encryption of data at rest on Google Cloud infrastructure (Firebase Storage and Firestore).
- Firebase Security Rules restricting access to documents and scan data to the authenticated account owner only.
- Access controls limiting employee and system access to personal data on a need-to-know basis.
- Regular security monitoring and logging for unauthorized access attempts.
- Secure authentication through Google and Apple sign-in providers (Firebase Authentication).
- Payment processing handled entirely by Stripe, which is PCI DSS Level 1 certified. We never receive, store, or process raw payment card data.
While we implement reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.
7. Third-Party Services
We use the following third-party services to operate NookScan Protocol. Each service receives only the minimum data necessary for its function:
- Firebase Authentication (Google LLC): Manages user account creation and sign-in via Google and Apple identity providers. Governed by the Google Privacy Policy.
- Firebase Firestore & Firebase Storage (Google LLC): Cloud database and file storage for scan reports, user account data, and uploaded documents. Governed by the Google Cloud Privacy Notice.
- Google Cloud Vision API (Google LLC): Optical character recognition (OCR) for scanned documents. Page images are transmitted to and processed by this service. Governed by the Google Cloud Privacy Notice.
- Google Gemini AI API (Google LLC): AI-powered document analysis for compliance review. Document text and images are transmitted to and processed by this service. Governed by the Gemini API Terms of Service.
- Firebase Cloud Functions (Google LLC): Serverless compute infrastructure that executes our compliance analysis engines. Governed by the Google Cloud Privacy Notice.
- Stripe, Inc.: Subscription billing and payment processing (Starter $24/mo, Pro $39/mo, Enterprise plans). Stripe receives billing information directly from you and is PCI DSS Level 1 certified. Governed by the Stripe Privacy Policy.
- Google Sign-In / Apple Sign-In: OAuth identity providers for account creation and login. Governed by the respective Google Privacy Policy and Apple Privacy Policy.
8. Cookies & Local Storage
NookScan Protocol uses essential cookies and local storage required for authentication and session management. We do not use advertising cookies, third-party tracking cookies, or analytics cookies that track you across other websites. Firebase Authentication uses local storage and session cookies to maintain your signed-in state. Our platform does not respond to “Do Not Track” browser signals, as we do not engage in cross-site tracking.
9. Your Rights
You have the right to:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete personal information.
- Deletion: Request deletion of your personal information and account data. You may delete individual scans from your dashboard at any time. To request full account deletion, email us at support@notarynookhub.com.
- Data Portability: Request an export of your scan history and compliance reports in a structured format.
- Withdraw Consent: Withdraw consent for data processing at any time by discontinuing use of the Service and requesting account deletion.
- Object to Processing: Object to processing of your personal information for specific purposes.
- Lodge a Complaint: File a complaint with a relevant data protection supervisory authority in your jurisdiction.
To exercise any of these rights, contact us at support@notarynookhub.com. We will respond to your request within 30 days.
10. California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you in the preceding 12 months.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell your personal information. We have not sold personal information in the preceding 12 months and do not intend to do so.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To submit a California privacy request, email support@notarynookhub.com with the subject line “CCPA Request.”
11. Children's Privacy (COPPA)
NookScan Protocol is a professional compliance analysis tool intended solely for use by adults. The Service is not directed at children under the age of 13, and we do not knowingly collect, store, or process personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).
If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our systems. If you believe that a child under 13 has provided us with personal data, please contact us immediately at support@notarynookhub.com.
Additionally, the Service is designed for professional use and is not suitable for users under 18. By using the Service, you represent that you are at least 18 years of age.
12. International Users
NookScan Protocol is operated from the United States. If you access the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using the Service, you consent to the transfer and processing of your data in the United States in accordance with this Privacy Policy.
13. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach, to the extent practicable. Notification will be sent to the email address associated with your account. The notification will describe the nature of the breach, the types of data affected, the steps we are taking to address it, and recommended actions you can take to protect yourself.
14. Governing Law
This Privacy Policy and any disputes arising from or related to your use of the Service shall be governed by and construed in accordance with the laws of the State of Illinois, without regard to its conflict of law principles. Any legal action or proceeding relating to this Privacy Policy shall be brought exclusively in the state or federal courts located in Cook County, Illinois, and you consent to the personal jurisdiction of such courts.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. Material changes will be communicated via email to the address on your account or via a prominent notice on the Service at least 14 days before taking effect. The “Last updated” date at the top of this page reflects the most recent revision. Your continued use of NookScan Protocol after changes take effect constitutes your acceptance of the revised policy.
16. Contact Us
If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our data practices, please contact us:
Email: support@notarynookhub.com
Company: Notary Nook of Chicago, LLC
Location: Chicago, Illinois
Website: getnookscan.com