Privacy Policy

Last updated: May 5, 2025

1. Who we are

PrivacyAudit (“we”, “our”, “us”) provides a GDPR compliance toolset for small websites, freelancers, and agencies. We are the data controller for information collected through this service.

2. What data we collect

  • Account data: your name, email address, and hashed password when you register.
  • Project data: domain names and notes you add for websites you track.
  • Scan data: HTML snippets and findings from automated scans of your listed websites.
  • Usage data: standard server logs (IP address, browser, pages visited) for security and debugging.
  • Payment data: if you subscribe, payment is handled entirely by Stripe — we never store card details.

3. How we use your data

  • To operate and improve the PrivacyAudit service.
  • To send account and subscription-related emails (e.g. receipts, weekly digests).
  • To detect abuse and enforce our terms of service.

We do not sell your data or share it with third parties for marketing purposes.

4. Legal basis (GDPR)

We process your data under the following legal bases:

  • Contract: processing necessary to provide the service you signed up for.
  • Legitimate interests: security logging and fraud prevention.
  • Consent: optional marketing emails (you may opt out at any time).

5. Data retention

We retain your account data for as long as your account is active. Scan data is retained for 12 months and then automatically deleted. You may request deletion of your account and all associated data at any time by contacting us.

6. Your rights

Under GDPR and UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Data portability — receive your data in a structured format.
  • Lodge a complaint with your local supervisory authority (e.g. ICO in the UK).

To exercise any right, contact us at the address below.

7. Cookies

We use a single session cookie required for authentication. We do not use advertising or tracking cookies. No third-party analytics scripts are loaded on this site.

8. Third-party services

9. Contact

For privacy enquiries or data subject requests, please contact us at privacy@privacyaudit.app.