Privacy Policy
Last updated: March 2025
1. What we collect
Account information (e.g. email, name, profile identifier). Payment processing is handled by Stripe; we do not store full card numbers on our servers. We process scan data including target URLs, scan configuration, results, and detected technologies. We may collect usage and technical data such as IP address, browser type, and device information for security and operational purposes.
2. How we use data
To provide and improve the service, process payments, send transactional emails, protect against abuse, and comply with law. We do not sell your personal data.
3. Storage and security
Data is stored in Supabase (PostgreSQL) with row-level security where applicable. We use TLS in transit and industry-standard protections at rest. Extracted credentials and sensitive scan artifacts are handled according to our security policy and minimized where possible.
4. Retention
Scan results and account data are retained while your account is active unless you delete them or request deletion. Export and deletion requests may be subject to a short grace period for processing. Audit and security logs may be retained for a limited period for abuse prevention.
5. Your rights (GDPR)
Depending on your location, you may have rights to access, rectify, delete, or port your data. You can use in-app tools such as POST /api/gdpr/export-data and POST /api/gdpr/delete-account where available, or contact us at the email below.
6. Subprocessors
We may use vendors including Supabase (database/auth), Stripe (payments), Vercel (hosting), Cloudflare, Resend (email), and Sentry (error monitoring). We configure these services to limit unnecessary personal data exposure.
7. Cookies
We use essential cookies for authentication and session management. We do not use advertising cookies for third-party tracking.