Privacy Policy
Last updated: May 5, 2025
1. Who we are
PrivacyAudit (“we”, “our”, “us”) provides a GDPR compliance toolset for small websites, freelancers, and agencies. We are the data controller for information collected through this service.
2. What data we collect
- Account data: your name, email address, and hashed password when you register.
- Project data: domain names and notes you add for websites you track.
- Scan data: HTML snippets and findings from automated scans of your listed websites.
- Usage data: standard server logs (IP address, browser, pages visited) for security and debugging.
- Payment data: if you subscribe, payment is handled entirely by Stripe — we never store card details.
3. How we use your data
- To operate and improve the PrivacyAudit service.
- To send account and subscription-related emails (e.g. receipts, weekly digests).
- To detect abuse and enforce our terms of service.
We do not sell your data or share it with third parties for marketing purposes.
4. Legal basis (GDPR)
We process your data under the following legal bases:
- Contract: processing necessary to provide the service you signed up for.
- Legitimate interests: security logging and fraud prevention.
- Consent: optional marketing emails (you may opt out at any time).
5. Data retention
We retain your account data for as long as your account is active. Scan data is retained for 12 months and then automatically deleted. You may request deletion of your account and all associated data at any time by contacting us.
6. Your rights
Under GDPR and UK GDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data.
- Object to or restrict certain processing.
- Data portability — receive your data in a structured format.
- Lodge a complaint with your local supervisory authority (e.g. ICO in the UK).
To exercise any right, contact us at the address below.
7. Cookies
We use a single session cookie required for authentication. We do not use advertising or tracking cookies. No third-party analytics scripts are loaded on this site.
8. Third-party services
- Stripe — payment processing. See Stripe's privacy policy.
- Resend — transactional email delivery. See Resend's privacy policy.
9. Contact
For privacy enquiries or data subject requests, please contact us at privacy@privacyaudit.app.