Privacy Policy

Effective date: April 1, 2026

1. What we collect

  • Account data: If you register, we collect your email address and a hashed password.
  • Scan data: The URLs you submit, the scan results (scores and check details), and the timestamp of each scan.
  • Usage logs: Server logs including IP address, user agent, and request paths. Logs are retained for 30 days.

2. What we do not collect

We do not collect payment information (handled by Stripe when billing is enabled). We do not collect data from the sites you scan beyond what is needed to produce scan results. We do not track you across other websites.

3. How we use your data

  • To operate the scan service and return your results.
  • To improve detection accuracy and fix false positives.
  • To send product update emails — only if you opt in explicitly.
  • To detect and prevent abuse (rate limiting, spam scanning).

4. Third-party services

  • Railway — hosts our API, scanner workers, and PostgreSQL database (US region).
  • Vercel — serves our frontend and CDN.
  • Stripe — processes payments when billing is enabled. We never see your card details.
  • Resend — sends transactional emails when configured. Email sending is currently disabled.

5. Data retention

Anonymous scan results are deleted after 30 days. Logged-in users retain their scan history until they delete their account. Account data is deleted within 30 days of account deletion.

6. Your rights

You can request deletion of your account and all associated data at any time via the contact form. We will process deletion requests within 30 days.

7. Changes to this policy

We will update the effective date at the top of this page if we make material changes. For significant changes, we will send a notice to registered users by email.

8. Contact

Questions about this policy? Use our contact form.