🔒

Privacy Policy

How we collect, use, and protect your personal data (GDPR compliant)

Last updated: January 19, 2026

1. Introduction

This Privacy Policy explains how AI AUDIT SCAN ("we", "us", "our") collects, uses, and protects your personal data when you use our website and services (the "Service").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).

2. Data We Collect

2.1 Data You Provide Directly

When you use the Service, we may collect:

  • Email address (account creation, login, report delivery)
  • Authentication credentials (stored as securely hashed passwords)
  • User-generated inputs (website URLs submitted for analysis)

2.2 Automatically Collected Data

We automatically collect limited technical data required for service operation:

  • IP address (used for rate limiting and abuse prevention)
  • Session identifiers (for authentication and quota enforcement)
  • Scan metadata (timestamp, domain, industry classification, scores)
  • Usage counters (scans, PDF downloads)

⚠️ We do not use advertising trackers or third-party analytics.

3. Purpose of Data Processing

Your data is processed solely for:

  • Providing and operating the Service
  • Generating audit results and reports
  • Enforcing usage limits and quotas
  • Preventing abuse and ensuring platform security
  • Communicating essential service-related information

We do not sell, rent, or monetize personal data.

4. Legal Basis (GDPR – Article 6)

We process personal data under the following legal bases:

  • Contractual necessity – to deliver the Service you request
  • Legitimate interest – security, fraud prevention, service improvement
  • Consent – when explicitly provided (e.g., email communications)

5. Cookies & Sessions

We use strictly necessary cookies and session storage to:

  • Maintain authentication state
  • Protect against CSRF attacks
  • Enforce quotas and access controls

No marketing or tracking cookies are used.

6. Data Storage & Security

  • Passwords are stored using strong cryptographic hashing
  • Databases are hosted on EU-based infrastructure
  • Access is restricted and monitored

We implement reasonable technical and organizational measures to protect data against unauthorized access, loss, or misuse.

7. Data Retention

We retain personal data only for as long as necessary to:

  • Provide the Service
  • Comply with legal obligations
  • Maintain security and operational integrity

You may request account deletion at any time.

8. Data Sharing

We do not share personal data with third parties, except:

  • When legally required
  • When necessary to operate essential infrastructure (e.g., hosting provider)

No data is transferred outside the European Economic Area without appropriate safeguards.

9. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request data deletion
  • Restrict or object to processing
  • Request data portability

📧 To exercise these rights, contact us at: [email protected]

10. Children's Data

The Service is not intended for individuals under the age of 16. We do not knowingly collect data from minors.

11. Policy Updates

We may update this Privacy Policy from time to time. The latest version will always be available on this page.

12. Contact

For privacy-related inquiries:

📧 [email protected]

← Back to audit