Privacy Policy

We design StackAudit to support EU sovereignty and privacy by default. This notice explains what we collect, why, and how we protect it.

1. Data We Collect

• Account data: email, name, authentication identifiers.
• Scan inputs: target URLs and optional metadata you provide.
• Scan outputs: detected vendors, requests, DNS/ASN lookups, classifications, and generated reports.
• Telemetry: basic product analytics (page views, feature usage) with IPs truncated or anonymized where feasible.
• Support: messages you send us for help or feedback.

2. Purpose & Legal Basis

• Service delivery: run scans, generate reports, and provide recommendations (contract).
• Security and abuse prevention: monitor misuse, protect infrastructure (legitimate interest).
• Product improvement: aggregate usage patterns to improve detectors and UX (legitimate interest, with minimization).
• Compliance: meet legal obligations (legal obligation).

3. Retention

• Account data: kept while your account is active, then deleted or anonymized within a reasonable period.
• Scan data: retained per product defaults; you may request deletion of specific scans where feasible.
• Logs/telemetry: short retention aligned to security and operations needs, then aggregated or deleted.

4. Sharing & Transfers

• Vendors: limited processors for hosting, storage, email/support. We prefer EU or adequate jurisdictions; standard safeguards apply otherwise.
• No selling of personal data. No ad-tech sharing.
• Legal: we may disclose if required by law or to protect rights, safety, or security.

5. Security

• Encryption in transit, least-privilege access, and monitored infrastructure.
• Segregated environments for scanning; controlled access to reports.

6. Your Rights

• Access, rectification, deletion, portability, and objection where applicable under GDPR.
• Opt-out of non-essential analytics when offered.

7. Contact

For privacy requests: privacy@stackaudit.eu. You may also contact your local data protection authority.