Privacy Policy

We collect information that you provide directly to us, as well as information collected automatically when you use the Service.

Information You Provide

• Account information: name, email address, company name, and password when you create an account.
• Billing information: payment card details and billing address (processed securely by our payment provider, Stripe).
• Website data: URLs and domains you submit for compliance auditing.
• Communications: messages you send to us via email, support tickets, or feedback forms.

Information Collected Automatically

• Usage data: pages visited, features used, audit frequency, and interaction patterns within the Service.
• Device and log data: IP address, browser type and version, operating system, referring URLs, and access timestamps.
• Cookies and similar technologies: see Section 8 (Cookies) for details.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process compliance audits and generate reports on your behalf.
• Process transactions and send related billing information.
• Send transactional communications (e.g., account verification, audit completion notifications, security alerts).
• Improve, personalize, and expand the Service based on usage patterns and feedback.
• Monitor and analyze trends, usage, and activities to detect and prevent fraud or abuse.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal data to third parties. We do not use your website audit data for any purpose other than providing the Service to you.

If you are located in the European Economic Area (EEA), our legal bases for processing your personal data under the General Data Protection Regulation (GDPR) are as follows:

• Performance of a contract (Art. 6(1)(b)): processing necessary to provide the Service under our Terms of Service, including account management, auditing, and billing.
• Legitimate interests (Art. 6(1)(f)): improving the Service, preventing fraud, ensuring network and information security, and marketing our services to existing customers (you may opt out at any time).
• Consent (Art. 6(1)(a)): where you have given explicit consent for specific processing activities, such as marketing communications or optional analytics cookies.
• Legal obligation (Art. 6(1)(c)): where processing is required to comply with applicable laws (e.g., tax, accounting, or anti-money laundering regulations).

We may share your personal data with the following categories of recipients:

• Service providers: trusted third-party vendors who assist us in operating the Service (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually obligated to protect your data and process it only as instructed by us.
• Legal requirements: when required by law, regulation, legal process, or enforceable governmental request.
• Business transfers: in connection with a merger, acquisition, or sale of all or a portion of our assets, with appropriate notice to you.
• With your consent: when you explicitly authorize sharing with a specific third party (e.g., integrations you enable).

Your data is primarily stored and processed within the European Union (Frankfurt, Germany). Where data is transferred outside the EEA, we ensure adequate protection through:

• EU Commission adequacy decisions (for countries deemed to provide adequate data protection).
• Standard Contractual Clauses (SCCs) approved by the EU Commission.
• Binding Corporate Rules where applicable.

You may request a copy of the safeguards we use for international transfers by contacting our Data Protection Officer.

We retain your personal data only as long as necessary for the purposes described in this policy:

• Account data: retained while your account is active and for 30 days after deletion request, to allow for recovery.
• Audit data: retained for 12 months after generation, unless you request earlier deletion.
• Billing records: retained for 7 years as required by applicable tax and accounting regulations.
• Log data: retained for 90 days for security and debugging purposes.

Upon expiry of the relevant retention period, data is securely deleted or anonymized.

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days.

We use cookies and similar tracking technologies to operate and improve the Service. The types of cookies we use include:

• Strictly necessary cookies: required for authentication, security, and core functionality. These cannot be disabled.
• Functional cookies: remember your preferences and settings (e.g., language, theme).
• Analytics cookies: help us understand how visitors interact with the Service. We use privacy-focused analytics that do not track individuals across websites.

We do not use advertising or third-party tracking cookies. You can manage cookie preferences through the cookie banner displayed on first visit, or through your browser settings.

We implement industry-standard technical and organizational measures to protect your data, including:

• Encryption at rest (AES-256) and in transit (TLS 1.3).
• Role-based access controls and multi-factor authentication for all internal systems.
• Regular penetration testing and vulnerability assessments.
• SOC 2 Type II certification (in progress) and GDPR compliance.

For full details on our security practices, please visit our Security page.

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16 without appropriate parental consent, we will take steps to delete such data promptly. If you believe we may have collected information from a child, please contact us at [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Notify you via email or an in-app notification at least 30 days before the changes take effect.
• Where required by law, obtain your consent for material changes to how we process your data.

If you have any questions about this Privacy Policy or our data practices, please contact us:

If you believe that we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

You can find your national supervisory authority on the European Data Protection Board website: