Privacy Policy
Last updated: June 24, 2026
1. What data we process
We process your email and account data (for authentication and billing), the URLs you scan, and the results of each scan (findings, score, technical evidence). Anonymous scans are stored temporarily and expire automatically.
2. Data processors
We use providers that process data on our behalf: Supabase (database and authentication), Vercel (hosting), OpenRouter (routing to AI models to generate remediation prompts on demand; it may direct the request to different model providers), Polar.sh (payments), Resend (transactional email), and Upstash (rate limiting). Each one only processes the data needed for its function. Some of these providers are located outside your country, so certain data may be processed through international transfers with the applicable safeguards.
3. What we use it for
To provide the service: run scans, display results, manage your plan, and send you transactional notices (for example, when a report is ready). We do not sell your data or use it for third-party advertising.
4. Your rights
You can access, correct, or delete your personal data and request the closure of your account. In accordance with Ley 21.719 (Chile), the LGPD (Brazil), and other data-protection regulations applicable in your country, exercise your rights by writing to [email protected].