Privacy

What we store, in plain language

What we collect. The email address you submit, the URL you ask us to scan, and the crawl artifacts needed to build your report (public page content, scores, findings).

What we don't. No content behind logins, no trackers beyond a basic event log of product actions (scan submitted, report viewed), no selling or sharing of your email.

Cookies. We set no cookies and use no third-party analytics or advertising trackers. There is nothing to consent to.

Lawful basis. We process your email and scan request on the basis of our legitimate interest in providing the audit you asked for and following up about it, and — once you buy a report — to perform our contract with you. You can object at any time by emailing us.

How long we keep it. Scan artifacts and reports are retained for up to 12 months and then deleted on a rolling basis. Lead records (your email and the action that created it) are kept until you ask us to remove them. Payment records are retained as long as the law requires for tax and accounting.

Reports. Report pages live behind unguessable links and carry noindex headers — search engines are told to stay out. Anyone you forward a link to can read that report.

Who processes your data. We rely on a small number of named processors: Stripe for payments, Resend for the emails we send you, and Railway for hosting and database storage. They process data only to provide those services to us.

Deletion. Use our contact form (from the address you submitted) and we'll delete your scans, reports and lead record.

Payments. Card details are handled entirely by Stripe; we never see card numbers.