Privacy Policy

1. Information We Collect

We collect data to provide the Service, improve security, and manage user accounts. We distinguish between data you provide and data collected automatically.

1.1 Information You Provide

• Account Registration: If you register, we collect your Full Name and Email Address. Passwords are never stored in plain text; they are hashed using industry-standard encryption (bcrypt/argon2).
• Scan Data (New): When you use our scanning tools, we store the Target URL and the generated Security Report in a database linked to your User ID. This allows us to provide your "Scan History" feature.
• Support Communications: Data you provide when contacting us via email or chat.

1.2 Information Automatically Collected

• Access Logs: IP address, browser type, operating system, and timestamp of requests. This is used strictly for security monitoring (Rate Limiting, DDoS protection).
• Cookies & Analytics: We use aggregated, anonymized analytics (Google Analytics) to understand website performance.

2. How We Use Your Information

We use your data for specific, limited purposes:

3. Data Storage & Security

3.1 Encryption

We employ SSL/TLS encryption for all data in transit. Sensitive data at rest (such as your account credentials) is hashed and salted.

3.2 Data Retention

We retain your personal data and scan history only as long as your account is active or as necessary to comply with legal obligations.

• Active Accounts: History is kept indefinitely to provide historical trend analysis.
• Deleted Accounts: If you request deletion, your personal data and scan history are permanently removed from our active database within 30 days.

3.3 Security Incident Protocol

In accordance with Quebec Law 25, if a confidentiality incident occurs involving your personal information that presents a risk of serious injury, we will notify you and the Commission d'accès à l'information du Québec promptly.

4. Third-Party Sharing

We do not sell your data. We share data only with specific service providers required to operate the platform:

• Gumroad: Payment processing and subscription management.
• Vultr / Cloudflare: Hosting infrastructure and DDoS protection.
• Google Analytics: Anonymized usage statistics.
• Security APIs: When running a scan, the Target URL (not your personal info) is sent to services like NIST NVD or VirusTotal to check for threats.

5. International Data Transfers

Your personal information is primarily stored in Canada. However, some of our third-party service providers (e.g., Cloudflare, Google) may process data in the United States or other jurisdictions. By using the Service, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules.

6. Your Rights

Regardless of where you live, we extend these rights to all users:

• Right to Access: You can view your profile and scan history directly in your dashboard.
• Right to Rectification: You can update your email or name in settings.
• Right to Erasure ("Right to be Forgotten"): You may contact us to request the complete deletion of your account and all associated data.
• Right to Portability: You may request an export of your data in a structured, machine-readable format.

7. Cookies

We use cookies to maintain your login session (`auth_token`) and for security (CSRF protection). These are classified as "Essential" and cannot be disabled without breaking the Service. Analytics cookies are optional and require your consent.

8. Contact & Responsible Person

To exercise your rights, or if you have questions regarding this policy, please contact the Person Responsible for the Protection of Personal Information:

9. Changes to Policy

We may update this policy to reflect changes in our data practices. If we make material changes (e.g., sharing data with new parties), we will notify you via email or a dashboard alert. The date at the top of this policy indicates the last revision.