← Back to Home

Privacy Policy

Last updated: April 23, 2026

1. Information We Collect

We collect the following types of information:

  • Account Data: Name, email address, and authentication provider info
  • Scan Data: Target URLs, scan results, vulnerability findings, and generated reports
  • Email Data: SMTP configuration (encrypted), sent email metadata, and delivery status
  • Usage Data: Browser type, IP address, pages visited, and feature usage analytics
  • Payment Data: Processed securely by PayPal; we do not store full credit card numbers

2. How We Use Your Data

  • Provide and improve the scanning and reporting services
  • Process payments and manage subscriptions
  • Send transactional emails (scan results, account notifications)
  • Analyze usage patterns to improve product experience
  • Prevent fraud and ensure platform security

3. Data Retention

Scan data and reports are retained for the duration of your account. Email metadata is retained for 90 days after sending. SMTP credentials are encrypted at rest using AES-256. You may request data deletion at any time.

4. GDPR Rights (EU/EEA Users)

Under the General Data Protection Regulation, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your personal data
  • Portability — Receive your data in a machine-readable format
  • Restriction — Restrict processing of your data
  • Objection — Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@issafesite.com. We will respond within 30 days.

5. CAN-SPAM Compliance

All emails sent through IsSafeSite include a clear unsubscribe mechanism. Recipients can opt out of further communications by clicking the unsubscribe link in any email. We process opt-out requests within 10 business days.

6. Data Security

We implement industry-standard security measures including: encryption in transit (TLS), encryption at rest (AES-256 for sensitive data), secure authentication (OAuth 2.0), and regular security audits. SMTP passwords are encrypted before storage.

7. Third-Party Services

  • PayPal — Payment processing
  • Neon — Database hosting (PostgreSQL)
  • Vercel — Application hosting
  • OpenAI — AI analysis engine

Each provider maintains their own privacy policies and data handling practices.

8. Cookies

We use essential cookies for authentication and session management. No third-party tracking cookies are used. Analytics are privacy-first and do not track individual users across sites.

9. Contact

Data Protection Officer: privacy@issafesite.com