Privacy Policy

1. Introduction

This Privacy Policy describes how WebScan Audit ("we", "our", or "us"), a free website accessibility scanning service, collects, uses, and protects your personal information when you use our website accessibility scanning service (the "Service").

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

3. Information We Collect

3.1 Personal Information

• Email address (only if you create an account for scan history)
• Name (optional, for personalization)
• Website URLs you submit for scanning

3.2 Technical Information

• IP address
• Browser type and version
• Operating system
• Device information
• Usage data and analytics

3.3 Cookies and Tracking

We use cookies and similar tracking technologies. You can control cookie settings through our cookie consent banner and your browser settings. See our Cookie Policy for details.

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Service Provision (Legal basis: Contract)

• Performing website accessibility scans
• Generating and delivering scan reports
• Managing your account and subscriptions
• Processing payments

4.2 Communication (Legal basis: Contract/Legitimate Interest)

• Sending service-related notifications
• Responding to customer support inquiries
• Sending important updates about our service

4.3 Improvement (Legal basis: Legitimate Interest)

• Analyzing usage patterns to improve our service
• Developing new features
• Ensuring service security and reliability

4.4 Marketing (Legal basis: Consent)

• Sending promotional emails (only with your consent)
• Displaying relevant advertisements

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

5.1 Service Providers

• Self-hosted infrastructure: All data is processed on our own servers
• NextAuth: Authentication services (if you choose to create an account)
• Let's Encrypt: SSL certificate provisioning

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government authority.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data transmission
• Encrypted data storage
• Regular security assessments
• Access controls and authentication
• Employee training on data protection

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Account data: Until account deletion or 3 years of inactivity
• Scan results: 24 months or until account deletion
• Technical logs: 12 months
• Anonymous usage statistics: Aggregated data kept indefinitely

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

To exercise these rights, contact us at privacy@webscan-audit.eu. We will respond within 30 days.

9. International Data Transfers

Your data may be processed outside the European Economic Area (EEA). We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Binding Corporate Rules where applicable

10. Children's Privacy

Our service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email and/or prominent notice on our website. The "Last updated" date indicates when the policy was last revised.

12. Contact Information

If you have questions about this Privacy Policy or our data practices, contact us:

You also have the right to lodge a complaint with your local data protection authority.