Privacy Policy
Last updated: March 2026
Introduction
Alertoscan.io ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website alertoscan.io and use our services.
By using Alertoscan, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Website Security Scans
When you use our scanning tools, we collect:
- URLs submitted for scanning: The domains and URLs you enter are processed through our security analysis engine
- Scan results: Security analysis results (antivirus findings, regulatory checks, SSL status, etc.) are stored and may be published as public scan pages
- Scan metadata: IP address and timestamp for rate limiting purposes
Scan results may become publicly available as scan pages at alertoscan.io/scan/{domain}. These pages contain information about the scanned website, not about the user who initiated the scan.
Account Registration
When you create an account, we collect:
- Email address: Used for authentication and communication
- Display name: Shown alongside your community feedback
- Authentication data: Managed securely by our authentication provider (Supabase)
Community Feedback
When you submit feedback on a website's report page, we collect:
- Feedback content: Your rating (1-5), comment, title, and experience type
- Account information: Your user ID, display name, and email (linked to your account)
- Technical data: IP address and user-agent for spam detection and moderation
Published feedback is publicly visible and displays your chosen display name.
Contact Form
When you contact us, we collect:
- Contact information: Your name and email address
- Message content: Subject, inquiry type, and message body
Newsletter
When you subscribe to our newsletter, we collect your email address only. You can unsubscribe at any time.
Revision Requests
Website owners or users can request corrections to report pages. We collect:
- Contact email: To follow up on the request
- Request details: Domain, type of correction, message, and supporting evidence URLs
Automatically Collected Information
When you visit our website, we automatically collect:
- Analytics data: Page views, interactions, and browsing behavior via Google Analytics 4 and Microsoft Clarity (see our Cookie Policy)
- Performance data: Web vitals and page load metrics via Vercel Speed Insights
- Technical data: IP address, browser type, device type, and operating system (collected by analytics services)
How We Use Your Information
We use the information we collect to:
- Provide our services: Process scans, generate report pages, and publish community feedback
- Communicate with you: Respond to contact form submissions, send newsletter updates, and notify you about your account
- Prevent abuse: Rate limit excessive usage, detect spam (via Akismet), and protect against automated abuse
- Improve our services: Analyze usage patterns to improve our tools and user experience
- Ensure security: Log security-sensitive actions for audit purposes
Data Sharing with Third Parties
We share your data with the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Analytics 4 | Website analytics | Page views, interactions, IP address, device info |
| Microsoft Clarity | Heatmaps and session analytics | User interactions, clicks, scrolls, device info |
| Resend | Transactional emails | Email addresses, names, message content |
| Akismet | Spam detection for community feedback | IP address, user-agent, feedback content, email |
| Supabase | Database and authentication | All stored data (encrypted at rest) |
| Vercel | Hosting and performance | Performance metrics, request logs |
We do not sell your personal data to third parties.
Data Retention
| Data Type | Retention Period |
|---|---|
| Scan results and report pages | Indefinite (public content) |
| Community feedback | Indefinite (can be removed on request) |
| Contact form submissions | 12 months |
| Newsletter subscriptions | Until you unsubscribe |
| Rate limiting records | Automatically reset hourly |
| Audit logs | 12 months |
| Account data | Until account deletion |
Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption in transit: All connections use HTTPS/TLS
- Encryption at rest: Database encryption provided by Supabase
- Input validation: All form inputs are validated and sanitized using Zod schemas
- CSRF protection: All form submissions require CSRF tokens
- Rate limiting: Per-IP limits on all forms to prevent abuse
- Security headers: CSP, HSTS, and other protective headers configured
- Access control: Admin-only access to sensitive data, role-based permissions
Your Rights
Under applicable data protection laws (including GDPR), you have the right to:
- Access your personal data: Request a copy of the information we hold about you
- Rectification: Request correction of inaccurate personal data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Object: Object to processing of your personal data
- Data portability: Request your data in a structured, machine-readable format
- Withdraw consent: Withdraw consent for analytics tracking at any time (see Cookie Policy)
To exercise any of these rights, contact us at contact@alertoscan.io or through our contact form. We will respond within 30 days.
Children's Privacy
Alertoscan is not intended for use by children under the age of 18. We do not knowingly collect personal information from minors. If you believe we have collected data from a minor, please contact us immediately.
International Data Transfers
Your information may be processed in countries other than your country of residence. Our service providers (Google, Microsoft, Supabase, Resend, Vercel) may process data in various jurisdictions. We ensure appropriate safeguards are in place for any international data transfers.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: contact@alertoscan.io
- Web: Contact Form
- Response time: Within 30 days for data rights requests