Privacy Policy

What we collect

When you sign up, we collect your email address, name, and (for email accounts) a bcrypt-hashed password. If you sign in with Google, we additionally store your Google profile picture URL.

When you use the scanner, we store the URLs/IPs you submit as scan targets, the scan results (findings, open ports, exposed endpoints, etc.), and the timestamps of scans.

If you subscribe to a paid plan, we use Stripe as our payment processor. We store your Stripe customer ID but never your card details — those are handled entirely by Stripe.

What we do NOT collect

• We do not track you across the web with cookies or analytics scripts
• We do not sell or share your scan data with third parties
• We do not store the content of your target websites — only the metadata of what we found

How we use your data

• To run security scans you request and show results back to you
• To send transactional emails (verification, weekly summaries for subscribers)
• To bill you if you're on a paid plan (via Stripe)
• To send your scan data to Anthropic's Claude API for AI-powered analysis when you request it (scan findings are sent; no other user data)

Data retention

Scan results are kept for as long as your account is active. You can delete your account at any time by emailing us; all your data will be deleted within 30 days.

Third parties

• Stripe — payment processing
• Resend — transactional email delivery
• Anthropic (Claude) — AI analysis of scan findings (only when you request it)
• Google — OAuth sign-in (only if you choose Google login)
• AWS — where our scanner infrastructure runs
• Cloudflare — our DNS provider and TLS termination

Your rights

You can export all your data via the API, delete your account, or revoke API keys at any time. Email [email protected] with any requests.

Scanning ethics

You must only scan targets you own or have explicit permission to test. Unauthorized scanning violates our terms and may be illegal in your jurisdiction. We log all scans against the authenticated user.

Contact

Security Scanner is operated by Stefan Lederer. Questions? [email protected]