Back to SiteAuditLab

Privacy Policy

Effective date: January 1, 2025

1. Overview

SiteAuditLab ("we", "our", or "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

2. Information We Collect

Account information: When you sign in with Google or GitHub OAuth, we receive your name, email address, and profile photo from the OAuth provider. We store only your name, email, and avatar URL.

Scan data: We store the URLs you scan along with the results, grades, and timestamps. Authenticated users have scans linked to their account. Anonymous scans are stored without user association.

Scheduled scans: If you set up scheduled monitoring, we store the target URL, frequency, email address, and scan categories.

Usage data: We collect minimal usage data including IP addresses (for rate limiting only) and HTTP request logs. IP addresses used for rate limiting are automatically purged after 1 hour.

3. How We Use Your Information

  • To provide and improve the scanning service
  • To authenticate you and maintain your account
  • To send scheduled scan reports to your specified email address
  • To enforce rate limits and prevent abuse
  • To generate aggregated, anonymized statistics about scan patterns

We do not sell your personal information to third parties. We do not use your data for advertising.

4. Data Retention

Scan reports are retained indefinitely for authenticated users (accessible via your scan history). Anonymous scan reports are retained for 30 days and then permanently deleted.

If you delete your account, all associated scan history, scheduled scans, and personal data will be permanently deleted within 30 days.

5. Third-Party Services

We use the following third-party services:

  • Google OAuth & GitHub OAuth — for account authentication. Subject to their respective privacy policies.
  • PostgreSQL database — for storing scan results and account data.
  • SMTP email provider — for delivering scheduled scan reports.

We do not share your personal data with any other third parties.

6. Cookies

We use a single session cookie to maintain your authenticated state. This cookie is essential for the Service to function and cannot be disabled for authenticated users. We do not use tracking cookies or advertising cookies.

7. Security

We implement industry-standard security measures including HTTPS encryption for all data in transit, secure password storage (we never store OAuth passwords), and access controls on all data stores.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your scan history data

To exercise these rights, contact us at privacy@siteauditlab.dev.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests, contact us at privacy@siteauditlab.dev.