Privacy Policy

Short version: we collect the minimum needed to scan your sites and bill you. We don't sell your data. Scan results stay in your account. We use third-party providers for payments, transactional email, and offsite backups (named below in the sub-processor list). That's it.

What we collect

• Account info: email, password hash (bcrypt), display name, login timestamps.
• Sites you add: hostnames, environment labels, ownership-verification metadata.
• Scan results: HTML responses we fetched from your URLs, screenshots, finding records (check ID, severity, location, evidence). Secrets we find are stored as HMAC-SHA256 digests, never plaintext.
• Billing: subscription state via Stripe (we don't see your card number — Stripe handles that and gives us tokens).
• Operational telemetry: error reports (Sentry, EU region), aggregate request traces (Better Stack). No personal scan content goes to either; just exception classes, request URLs, and timing.

Where it lives

• Primary database on a server in the EU (Frankfurt region).
• Continuously replicated offsite for backups (encrypted at rest).
• User-uploaded files (avatars, scan screenshots, generated HTML reports) on the same offsite storage.
• Email through a transactional email provider (encrypted in transit).
• Payments through a PCI-DSS-compliant payment processor.

We do not sell, lease, or share customer data with third parties for marketing. The only data leaving our infrastructure is what's required to send you transactional email (Resend) or process your payment (Stripe).

How long we keep it

• Scan history: as long as your account is active. Delete an individual scan from the dashboard at any time.
• Account deletion: 30 days to fully purge from primary DB. R2 backup retention is 7 days, so a fully-purged account disappears from backups within 7 days of deletion.
• Billing/audit-log records: up to 7 years (legal requirement in most jurisdictions).

Your rights

You can:

• See all your data in the dashboard or via the JSON API.
• Export it anytime (we'll add a one-click export button if more than two of you ask for one — until then, email us and we'll generate it).
• Delete your account at any time from Settings.
• Object to specific processing or request access under GDPR — email [email protected]. We respond within 30 days.

Cookies & tracking

We use a single first-party cookie for session management (signed + encrypted, expires when you log out). No third-party tracking, no Google Analytics, no Facebook Pixel, no advertising cookies. We use Cloudflare's web analytics for aggregate traffic counts; if that's enabled, it's anonymous and respects "Do Not Track."

Sub-processors

The companies we share data with as part of running the service:

• Stripe — payment processing. stripe.com/privacy
• Resend — transactional email. resend.com/legal/privacy-policy
• Hetzner — server hosting (EU). hetzner.com/legal/privacy-policy
• Cloudflare — DNS, CDN, R2 storage. cloudflare.com/privacypolicy
• Sentry (EU region) — error reporting. sentry.io/privacy
• Better Stack — operational logs / traces. betterstack.com/privacy

We'll update this list if we add or remove any. If you're a EU customer needing a DPA (Data Processing Addendum), email [email protected].

Security

Passwords are bcrypt-hashed. API tokens are SHA-256-hashed at rest. Sensitive fields (webhook signing secrets, etc.) are encrypted at the application layer. All traffic is HTTPS. Database files at rest are encrypted by the storage provider when replicated offsite. We don't store credit card numbers.

If you find a security issue, email [email protected]. We aim to acknowledge within 24 hours.

Changes to this policy

Material changes get an email notification 14 days before they take effect. Minor changes (typo fixes, new sub-processor disclosures, etc.) are effective on publish.

Contact

[email protected] for privacy questions, [email protected] for everything else.