Privacy Policy

1 Information We Collect

1.1 Personal Information

We collect minimal personal information necessary to provide our service:

• Email address - for account creation and communication
• Name - optional, for account personalization
• Usage metrics - scan counts, plan usage, feature utilization

1.2 Website Scan Data

• Page load times and Core Web Vitals
• SEO scores and technical issues
• Security header analysis
• Public website structure (titles, meta descriptions)

1.3 Cookies and Analytics

We use both essential and optional cookies:

• Essential cookies: Session management, authentication, CSRF protection
• Optional analytics: Google Analytics (with your consent) for website usage insights

2 How We Use Your Information

We use your information to:

• Provide and maintain our website auditing service
• Process payments and manage your subscription
• Send important service notifications and updates
• Improve our service based on usage patterns (anonymized)
• Comply with legal obligations

3 Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract performance: To provide the service you've subscribed to
• Legitimate interest: To improve our service and prevent fraud
• Consent: For optional analytics and marketing communications
• Legal obligation: To comply with applicable laws

4 Data Sharing and Third Parties

We share your data only with trusted service providers:

5 Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a structured format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for optional processing

6 Data Retention

We retain your data for:

• Account data: Until you delete your account or request deletion
• Usage metrics: 24 months for service improvement
• Payment records: 7 years (legal requirement)
• Website scan data: 30 days (technical metrics only)

7 Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit and at rest
• Regular security assessments
• Access controls and authentication
• Secure data centers within the EU

8 International Transfers

Your data is primarily processed within the EU. When we transfer data outside the EU (e.g., to Stripe in the US), we ensure adequate protection through:

• EU-US Data Privacy Framework certification
• Standard Contractual Clauses (SCCs)
• Other appropriate safeguards as required by GDPR

9 Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

10 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our service. Your continued use of the service after changes constitutes acceptance of the updated policy.

11 Contact Information

For any questions about this Privacy Policy or our data practices, contact us: