Privacy Policy
Last updated: March 2026
Introduction
Alertoscan.io ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website alertoscan.io and use our services.
By using Alertoscan, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Website Security Scans
When you use our scanning tools, we collect:
- URLs submitted for scanning — The domains and URLs you enter are processed through our security analysis engine
- Scan results — Security analysis results (antivirus findings, regulatory checks, SSL status, etc.) are stored and may be published as public review pages
- Scan metadata — IP address and timestamp for rate limiting purposes
Scan results may become publicly available as review pages at alertoscan.io/review/{domain}. These pages contain information about the scanned website, not about the user who initiated the scan.
Account Registration
When you create an account, we collect:
- Email address — Used for authentication and communication
- Display name — Shown alongside your community reviews
- Authentication data — Managed securely by our authentication provider (Supabase)
Community Reviews
When you submit a review on a website's review page, we collect:
- Review content — Your rating (1-5), comment, title, and experience type
- Account information — Your user ID, display name, and email (linked to your account)
- Technical data — IP address and user-agent for spam detection and moderation
Published reviews are publicly visible and display your chosen display name.
Contact Form
When you contact us, we collect:
- Contact information — Your name and email address
- Message content — Subject, inquiry type, and message body
Fraud Investigation Referral Form
On our Fraud Protection page, we offer a referral form connecting fraud victims with our investigation partner (CNC Intelligence Inc.). When you submit this form, we collect:
- Personal information — First name, last name, email address, phone number (with country code)
- Case details — Estimated amount lost, description of the fraud, and optionally the scam website name
- Consent — Whether you agree to be contacted by SMS
Important: This data is transmitted to our partner CNC Intelligence Inc. for the purpose of fraud investigation. By submitting this form, you acknowledge that your information will be shared with CNC Intelligence under their own privacy policy.
Newsletter
When you subscribe to our newsletter, we collect your email address only. You can unsubscribe at any time.
Revision Requests
Website owners or users can request corrections to review pages. We collect:
- Contact email — To follow up on the request
- Request details — Domain, type of correction, message, and supporting evidence URLs
Automatically Collected Information
When you visit our website, we automatically collect:
- Analytics data — Page views, interactions, and browsing behavior via Google Analytics 4 and Microsoft Clarity (see our Cookie Policy)
- Performance data — Web vitals and page load metrics via Vercel Speed Insights
- Technical data — IP address, browser type, device type, and operating system (collected by analytics services)
How We Use Your Information
We use the information we collect to:
- Provide our services — Process scans, generate review pages, and publish community reviews
- Communicate with you — Respond to contact form submissions, send newsletter updates, and notify you about your account
- Prevent abuse — Rate limit excessive usage, detect spam (via Akismet), and protect against automated abuse
- Improve our services — Analyze usage patterns to improve our tools and user experience
- Ensure security — Log security-sensitive actions for audit purposes
- Facilitate partner services — Transmit fraud investigation referrals to CNC Intelligence Inc.
Data Sharing with Third Parties
We share your data with the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Analytics 4 | Website analytics | Page views, interactions, IP address, device info |
| Microsoft Clarity | Heatmaps and session analytics | User interactions, clicks, scrolls, device info |
| Resend | Transactional emails | Email addresses, names, message content |
| Akismet | Spam detection for reviews | IP address, user-agent, review content, email |
| CNC Intelligence Inc. | Fraud investigation referrals | Name, email, phone, case details (partner lead form only) |
| Supabase | Database and authentication | All stored data (encrypted at rest) |
| Vercel | Hosting and performance | Performance metrics, request logs |
We do not sell your personal data to third parties.
Data Retention
| Data Type | Retention Period |
|---|---|
| Scan results and review pages | Indefinite (public content) |
| Community reviews | Indefinite (can be removed on request) |
| Contact form submissions | 12 months |
| Newsletter subscriptions | Until you unsubscribe |
| Partner lead form data | Governed by CNC Intelligence's retention policy after transmission |
| Rate limiting records | Automatically reset hourly |
| Audit logs | 12 months |
| Account data | Until account deletion |
Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption in transit — All connections use HTTPS/TLS
- Encryption at rest — Database encryption provided by Supabase
- Input validation — All form inputs are validated and sanitized using Zod schemas
- CSRF protection — All form submissions require CSRF tokens
- Rate limiting — Per-IP limits on all forms to prevent abuse
- Security headers — CSP, HSTS, and other protective headers configured
- Access control — Admin-only access to sensitive data, role-based permissions
Your Rights
Under applicable data protection laws (including GDPR), you have the right to:
- Access your personal data — Request a copy of the information we hold about you
- Rectification — Request correction of inaccurate personal data
- Erasure — Request deletion of your personal data ("right to be forgotten")
- Object — Object to processing of your personal data
- Data portability — Request your data in a structured, machine-readable format
- Withdraw consent — Withdraw consent for analytics tracking at any time (see Cookie Policy)
To exercise any of these rights, contact us at contact@alertoscan.io or through our contact form. We will respond within 30 days.
Children's Privacy
Alertoscan is not intended for use by children under the age of 18. We do not knowingly collect personal information from minors. If you believe we have collected data from a minor, please contact us immediately.
International Data Transfers
Your information may be processed in countries other than your country of residence. Our service providers (Google, Microsoft, Supabase, Resend, Vercel) may process data in various jurisdictions. We ensure appropriate safeguards are in place for any international data transfers.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: contact@alertoscan.io
- Web: Contact Form
- Response time: Within 30 days for data rights requests