Privacy Policy

In connection with your use of the Services, we process limited categories of information necessary to provide the functionality of the Compliance Checker and to maintain the security and reliability of the Services.

When you use the Services, you may provide information by entering a website URL and selecting the type of checks or scan parameters to be performed. This information is used solely for the purpose of initiating and carrying out the requested scan.

As part of providing the Services, we generate and process data derived from the scanning activity. This includes scan results, reports, and technical observations relating to the analysed website, such as information about cookies, consent banners, network requests, storage usage, and other related technical indicators. Each scan is associated with a unique scan identifier (scan ID), which is used to retrieve and display the results.

We also process limited technical data to ensure the proper functioning and security of the Services. This includes the processing of IP addresses for the purpose of enforcing rate limiting, preventing misuse, and maintaining the integrity and availability of the Services. This processing is limited to what is necessary for these purposes and is not used for tracking or profiling.

In addition, we process certain operational data generated by the Services, such as request-related information and system logs, which are used for debugging, error handling, and maintaining the performance and stability of the Services.

While we do not intentionally collect personal data, certain information processed through the Services, such as IP addresses or URLs submitted by users, may in some cases constitute personal data under applicable law. Where this is the case, such data is processed in accordance with this Privacy Policy.

We use the information collected and generated through the Services for specific and limited purposes necessary to provide, operate, and maintain the Compliance Checker. The information you provide, including the website URL and selected scan parameters, is used to initiate and perform the requested analysis and to generate the corresponding scan results and reports.

We use the information generated by the Services, including scan outputs and technical observations, to present results to you and to enable access to those results through the Services, including through the use of scan identifiers and shared result links where applicable.

We also process technical and operational data, including IP addresses and request-related information, to ensure the security, integrity, and availability of the Services. This includes enforcing rate limiting, detecting and preventing misuse, maintaining system performance, and diagnosing and resolving technical issues.

Where applicable, we may use information in an aggregated or non-identifiable form to understand how the Services are used and to improve their functionality, performance, and reliability. We do not use the information processed through the Services for marketing, advertising, or profiling purposes.

We process personal data only where we have a valid legal basis to do so under applicable data protection laws. The specific legal basis that applies may vary depending on the jurisdiction in which you are located and the legal requirements applicable in that jurisdiction. In jurisdictions such as the United Kingdom, the European Union, and the European Economic Area, data protection laws require us to identify a lawful basis for each processing activity. In other jurisdictions, similar principles may apply under different legal frameworks. This section explains the legal bases on which we rely where such requirements apply and reflects the standards we generally follow in processing personal data.

The primary legal bases on which we rely are as follows:

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including providing the Services, maintaining security, and complying with applicable legal obligations.

Information provided by you, including website URLs and selected scan parameters, and the data generated through the Services, including scan results and reports, are retained for a period of up to ninety (90) days from the time of the scan. This retention period enables users to access previously generated results, supports operational continuity, and allows us to investigate technical issues or misuse of the Services where necessary.

Technical and operational data, including request-related information and system logs, is retained for a period of up to ninety (90) days. This retention is necessary to maintain system performance, ensure security, detect and prevent misuse, and support troubleshooting and incident investigation.

IP addresses processed for rate limiting and abuse prevention are retained only for as long as necessary to enforce such controls and are not stored beyond the defined retention period for technical and operational data. We may retain certain data for longer periods where necessary to comply with legal obligations, resolve disputes, enforce our agreements, or protect our legal rights. Where data is no longer required for the purposes described above, we take reasonable steps to ensure that it is securely deleted or irreversibly anonymised.

We do not sell, rent, or otherwise disclose personal data to third parties for their own independent marketing or commercial purposes.

We may share personal data with third-party service providers that support the operation, hosting, and maintenance of the Services. These providers act on our behalf and are authorised to process personal data only to the extent necessary to provide their services to us and in accordance with our instructions.

In particular, we use infrastructure and hosting providers, including Amazon Web Services (AWS) for data storage and backend services, and Vercel for hosting and delivery of the frontend application. These providers may process technical data, including request-related information and IP addresses, as part of providing their services.

We may also disclose personal data where necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests, or where disclosure is required to protect our legal rights, prevent fraud or misuse, or ensure the safety and security of the Services.

Scan results generated through the Services may be accessed via unique links. Any person who has access to such a link may be able to view the corresponding results. You are responsible for controlling how such links are shared. We do not otherwise share personal data with third parties except as described in this Privacy Policy.

Personal data processed through the Services is primarily stored and processed within the European Economic Area (EEA), including in data centres located in Ireland.

We do not intentionally transfer personal data outside the United Kingdom or the EEA. However, certain third-party service providers that support the operation of the Services, such as infrastructure and hosting providers, may process personal data in jurisdictions outside the UK or EEA as part of their global operations.

Where personal data is transferred outside the UK or EEA, we take appropriate measures to ensure that such transfers comply with applicable data protection laws. This may include relying on adequacy decisions, standard contractual clauses, or other legally recognised safeguards designed to ensure that personal data is protected to an equivalent standard.

By using the Services, you acknowledge that your personal data may be processed in accordance with these safeguards where such transfers occur.

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. Data transmitted between your device and the Services is encrypted in transit using industry-standard security protocols to ensure confidentiality and integrity during transmission. Data stored within our systems is encrypted at rest using industry-standard encryption mechanisms provided by our infrastructure providers, including AWS RDS. This is intended to protect stored data against unauthorised access at the storage level, including in the event of infrastructure compromise.

We restrict access to personal data to authorised personnel and service providers who require such access for operational purposes and who are subject to appropriate confidentiality and security obligations. We also implement measures to maintain the security and reliability of the Services, including monitoring, rate limiting, and controls designed to detect and prevent misuse or unauthorised activity. While we take reasonable steps to protect personal data, no system can be completely secure, and we cannot guarantee absolute security of information processed through the Services.

We do not currently use cookies or similar technologies for tracking or analytics purposes in connection with the Services. However, certain infrastructure and service providers that support the operation and delivery of the Services, such as content delivery networks (CDNs), may use cookies or similar technologies where necessary to enable core functionality, security, and performance. These technologies are limited to what is strictly necessary for the operation of the Services.

We may introduce additional cookies or similar technologies in the future to support functionality, security, or performance. Where such technologies are subject to applicable legal requirements, we will provide appropriate notice and, where required, obtain your consent before using them.

You can control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality or availability of the Services.

The Services are not intended for use by children, and we do not knowingly collect or process personal data relating to children.

Due to the nature of the Services, we may not always be able to determine whether information submitted through the Services relates to a child. If you believe that personal data relating to a child has been submitted to us or processed through the Services, please contact us using the contact details provided in this Privacy Policy.

Where we become aware that personal data relating to a child has been collected or processed in a manner inconsistent with applicable law, we will take reasonable steps to investigate and, where appropriate, delete such data.

We may update or modify this Privacy Policy from time to time to reflect changes to the Services, applicable laws, regulatory requirements, security practices, or our data processing activities. Any updates to this Privacy Policy will be made available through the Services, and the “last updated” date at the top of this Privacy Policy will be revised accordingly.

As the Services do not require account registration and we do not generally maintain direct contact information for users, we may not be able to provide direct notice of changes to this Privacy Policy. We encourage you to review this Privacy Policy periodically to remain informed about how personal data is processed in connection with the Services. Your continued access to or use of the Services after any updates to this Privacy Policy become effective constitutes acknowledgement of the updated Privacy Policy.

If you have any questions, queries, or concerns relating to this privacy policy or processing of personal data in connection with the services, you may please contact us at [email protected]