Privacy Policy

Account and authentication data

When you create an account with GuardianScan, we collect:

• Email address (used for login and communications)
• Full name (optional, for personalised communications)
• Password (encrypted and hashed, never stored in plain text)
• Multi-factor authentication (MFA) settings (if enabled)
• Email verification status

Legal basis: Contractual necessity (UK GDPR Article 6(1)(b)) – required to provide the service and secure your account.

Email subscriptions (pre-launch and free scans)

When you subscribe for product updates or request a free scan, we collect your email address.

Legal basis: Consent (UK GDPR Article 6(1)(a)) – you explicitly provide your email and consent to receive communications.

Payment and billing data

When you subscribe to a paid plan, we process payment data via Stripe. This includes:

• Billing name and email address
• Payment method details (last 4 digits, expiry date, card brand)
• Billing address
• Transaction history and invoice records
• Stripe Customer ID (unique identifier for your payment account)

Important: We do not store full payment card details. Stripe securely stores your payment information. We only store transaction metadata and references to Stripe records.

Legal basis: Contractual necessity (UK GDPR Article 6(1)(b)) – required to process payments and fulfil your subscription.

Website scan data

When you scan a website using GuardianScan, we collect and analyse:

• Website URL you submit for scanning
• Page screenshot (viewport/visible area only, not full page)
• HTTP response headers (for security analysis)
• Performance metrics (Core Web Vitals: LCP, CLS, TBT, FCP, Speed Index)
• Console errors and warnings (up to 100 each, error messages only)
• HTTP error responses (4xx/5xx status codes, up to 100)
• Accessibility issues detected (WCAG 2.2 violations)
• SEO findings (missing tags, structured data)
• Security header analysis results
• Scan metadata (timestamp, duration, status)

We do NOT collect: Full HTML source code, cookies, form inputs, authentication tokens, user session data, or full-page screenshots.

Legal basis: Contractual necessity (UK GDPR Article 6(1)(b)) – required to provide the scanning service you requested.

Usage and technical data

To improve our service and prevent abuse, we collect:

• IP address (used temporarily for rate limiting, not stored)
• Scan request history (frequency, timestamps)
• Error logs and debugging information (via Sentry)
• Feature usage statistics (which features you use)

Legal basis: Legitimate interest (UK GDPR Article 6(1)(f)) – preventing abuse, ensuring service stability, and improving product features.

Analytics and usage data

We use multiple analytics providers to understand how visitors use this site and improve user experience:

Google Analytics 4:

• Pages visited and time spent on each page
• Device type, browser, and screen resolution
• Approximate location (city/region level, derived from anonymised IP)
• Referral source (how you found our site)
• User interactions (button clicks, scroll depth, form engagement)
• Attribution data (UTM parameters, client ID, session ID)
• Landing page and referrer tracking

Microsoft Clarity: Session replay and heatmap analytics

• Session recordings (cursor movements, clicks, scroll behaviour)
• Heatmaps showing where users click and scroll
• Form interaction analytics
• Page performance metrics

LinkedIn Insight Tag: B2B audience analytics and conversion tracking

• Professional demographic data (job titles, industries, company size)
• LinkedIn ad conversion tracking
• Website visitor analytics matched to LinkedIn profiles (aggregated)

HubSpot Analytics: Marketing automation and lead tracking

• Page views and user journey tracking
• Form submissions and lead capture
• Email engagement metrics (opens, clicks)
• CRM integration data

Vercel Analytics: Cookieless and privacy-first. Collects aggregated, anonymised page view data without tracking individual users or using cookies.

Legal basis: Consent (UK GDPR Article 6(1)(a)) for analytics cookies, or legitimate interest (UK GDPR Article 6(1)(f)) where cookieless. We provide a cookie consent banner allowing you to accept or reject analytics tracking.

Advertising and conversion tracking

We use Google Ads and LinkedIn Ads to promote GuardianScan. These services collect:

• Whether you clicked on one of our ads
• Ad conversion data (if you sign up after clicking an ad)
• Cookie identifiers for ad personalisation
• Remarketing audience data

Enhanced Conversions (Google Ads and GA4):

When you submit forms (signup, contact, free scan), we may send hashed versions of your data to Google to improve conversion attribution and ad targeting accuracy. Data is hashed using SHA-256 before transmission (one-way encryption that cannot be reversed).

Data hashed and sent to Google:

• Email address (SHA-256 hashed)
• First and last name (SHA-256 hashed)
• Phone number (SHA-256 hashed, E.164 format)
• Address data if provided (street, city, region, postal code, country - all SHA-256 hashed)

Important: Enhanced Conversions use SHA-256 hashing as a pseudonymisation technique under UK GDPR Article 4(5). While hashing provides security during transmission, hashed data remains personal data because Google can match it to existing accounts for attribution purposes. This is pseudonymisation, not anonymisation, and the data continues to be processed in accordance with UK GDPR requirements.

Legal basis: Consent (UK GDPR Article 6(1)(a)) – you consent to advertising cookies via our cookie banner, which includes Enhanced Conversions. While data is hashed (SHA-256) before transmission to Google, it remains personal data under UK GDPR as Google may match it to existing accounts for attribution purposes. You can withdraw consent by rejecting advertising cookies in our cookie banner, via Google Ads Settings, or by contacting privacy@guardianscan.ai.

We use your account data to provide the GuardianScan service, including processing scan requests, generating reports, managing your account, and providing customer support. This includes authenticating your identity, maintaining your scan history, and delivering scan results via email or dashboard.

We process payment data to handle subscription payments, generate invoices, process refunds, and manage your billing preferences. Payment data is processed by Stripe in accordance with their privacy policy and PCI DSS standards.

When you submit a website for scanning, we use the URL and collected data to perform security, performance, accessibility, and SEO audits. Scan results are stored in your account and, for free scans, delivered via email with a PDF report attached.

We use your IP address temporarily (not stored) to enforce rate limits (60 scans per minute) and prevent service abuse. This protects our infrastructure and ensures fair access for all users.

We use Sentry to track application errors and performance issues. Error logs may include anonymised user IDs (hashed), error messages, and technical metadata. This helps us identify and fix bugs quickly.

We send transactional emails (password resets, scan completion, payment confirmations) as part of service delivery. We may also send product updates and announcements, but you can unsubscribe at any time via the link in every email. We will never sell, rent, or share your email address with third parties for their marketing purposes.

We analyse site usage and feature adoption to identify popular features, fix bugs, and improve navigation. This helps us build a better product for developers.

We measure which ads and campaigns work so we can allocate our marketing budget effectively and reach the right audience.

We may use your data to comply with legal obligations, enforce our Terms of Service, detect and prevent fraud, respond to legal requests, and protect our rights and the rights of our users.

Account data

• Storage: Supabase (PostgreSQL database, London region, UK)
• Security: Industry-standard AES-256 encryption at rest and TLS 1.3 in transit. Passwords hashed using bcrypt. Multi-factor authentication (MFA) available.
• Retention: Retained for the duration of your account. Deleted within 30 days of account deletion request, except where we have a legal obligation to retain certain records (e.g., financial data for HMRC compliance - retained for 7 years).
• Data location: UK only (ensures UK GDPR compliance and data sovereignty)

Email subscriptions (pre-launch and free scans)

• Storage: Supabase (PostgreSQL database, London region, UK)
• Retention: Pre-launch subscriptions stored until you unsubscribe or request deletion. Free scan email addresses are removed after 30 days. Following the 30-day retention period, scan data undergoes a comprehensive anonymisation process that includes:
  • Removal of all direct identifiers (email addresses, user IDs, IP addresses)
  • Suppression of small cell counts (websites with fewer than 5 scans)
  • Aggregation of temporal data to monthly periods
  • URL domain generalisation (removal of specific paths, parameters, and subdomains)
  • Addition of statistical noise to metric values

  This anonymisation process has been assessed to ensure re-identification is not reasonably likely, in accordance with ICO guidance. Once anonymised, the data is no longer personal data under UK GDPR and is retained indefinitely for service improvement and industry benchmarking. You may request deletion of your free scan data before the anonymisation process by contacting privacy@guardianscan.ai.

• Data location: UK only

Payment and billing data

• Processor: Stripe Inc. (PCI DSS Level 1 certified payment processor)
• Data location: EU and US (Stripe operates under EU-US Data Privacy Framework with Standard Contractual Clauses)
• Security: Full payment card details stored by Stripe only. We store only transaction metadata (invoice records, last 4 digits, payment status).
• Retention: Transaction records retained for 7 years for UK tax compliance (HMRC requirements). Payment methods retained until removed by you or subscription cancelled.

Scan results and screenshots

• Storage: Supabase PostgreSQL (scan metadata) and Supabase Storage (screenshots), London region, UK
• Security: Row-Level Security (RLS) policies ensure you can only access your own scans. Screenshots stored in encrypted blob storage with access control.
• Retention: Authenticated users: retained until account deletion or manual deletion from your dashboard. Free scans: email addresses removed after 30 days. Following the 30-day retention period, scan data undergoes a comprehensive anonymisation process that includes:
  • Removal of all direct identifiers (email addresses, user IDs, IP addresses)
  • Suppression of small cell counts (websites with fewer than 5 scans)
  • Aggregation of temporal data to monthly periods
  • URL domain generalisation (removal of specific paths, parameters, and subdomains)
  • Addition of statistical noise to metric values

  This anonymisation process has been assessed to ensure re-identification is not reasonably likely, in accordance with ICO guidance. Once anonymised, the data is no longer personal data under UK GDPR and is retained indefinitely for service improvement and industry benchmarking. You may request deletion of free scan data before anonymisation by contacting privacy@guardianscan.ai.

• Data location: UK only

Error logs and debugging data

• Processor: Functional Software Inc. (Sentry)
• Data location: Germany (EU)
• Security: User IDs anonymised via SHA-256 hashing before transmission. Cannot be reversed.
• Retention: 90 days for error events, 30 days for performance traces

Rate limiting data (IP addresses)

• Processor: Upstash Inc. (Redis)
• Purpose: Enforce rate limits (60 scans per minute) to prevent abuse
• Retention: Ephemeral - automatically expires after 60 seconds (sliding window). Not permanently stored.
• Data location: Global (US and EU regions)

Analytics data

• Processor: Google LLC (Google Analytics 4)
• Data location: EU and US (Google operates under EU-US Data Privacy Framework and UK-US Data Bridge)
• IP anonymisation: Enabled – last octet of IP addresses removed before storage
• Retention: 26 months (Google's default), after which data is automatically deleted
• Transfer safeguards: Google's Standard Contractual Clauses (SCCs) ensure GDPR compliance for international transfers

Advertising data

• Processor: Google LLC (Google Ads)
• Data location: EU and US (same safeguards as Analytics)
• Retention: Up to 540 days for conversion tracking, 90 days for most ad cookies
• Transfer safeguards: Standard Contractual Clauses (SCCs)

These are required for the site to function and cannot be disabled:

• cookie-consent (browser localStorage) – stores your cookie consent preferences (permanent until cleared by browser or user)

Privacy-first, cookieless analytics that tracks page views and performance:

• No cookies stored – uses ephemeral session tracking
• Privacy-first – no personal data collected
• Processed under legitimate interests (UK GDPR Article 6(1)(f)) for performance monitoring and service improvement
• You have the right to object to this processing under UK GDPR Article 21 by contacting privacy@guardianscan.ai

Learn more: Vercel Analytics Privacy Policy

These track page views and user behaviour (requires consent):

• _ga (cookie) – unique user identification (2 years)
• _gid (cookie) – session identification (24 hours)
• _gat (cookie) – throttles request rate (1 minute)
• analytics_client_id (localStorage) – cross-session client tracking (permanent)
• analytics_session_id (sessionStorage) – current session ID (30-minute timeout)
• analytics_session_timestamp (sessionStorage) – session activity timestamp
• utm_params (sessionStorage) – UTM campaign parameters for attribution
• utm_timestamp (sessionStorage) – UTM capture timestamp
• landing_page (sessionStorage) – first page visited in session

Opt out: Google Analytics Opt-out Browser Add-on

Session replay and heatmap tracking (requires consent):

• _clck – unique user identification (1 year)
• _clsk – session identification (1 day)
• CLID – correlates sessions across domains (1 year)
• ANONCHK – anonymous user verification (10 minutes)
• MR – session replay indicator (90 days)
• SM – synchronization marker (session)

Opt out: Microsoft Clarity Opt-out

These measure ad performance and enable remarketing:

• _gcl_au – stores ad click information (90 days)
• IDE – ad personalisation (2 years)
• DSID – links activity across devices (2 weeks)
• _gcl_aw – conversion tracking (90 days)

Manage preferences: Google Ads Settings

B2B audience analytics and conversion tracking:

• li_gc – stores consent choices (180 days)
• li_mc – LinkedIn Insight Tag identifier (180 days)
• lidc – routing and load balancing (1 day)
• UserMatchHistory – LinkedIn Ads ID syncing (30 days)
• bcookie – browser identification (2 years)

Opt out: LinkedIn Privacy Settings

Marketing automation and lead tracking:

• __hstc – visitor identification and session tracking (13 months)
• hubspotutk – tracks visitor identity for form submissions (13 months)
• __hssc – session identification (30 minutes)
• __hssrc – session restart indicator (session)
• messagesUtk – chat widget visitor recognition (13 months)

Opt out: HubSpot Cookie Policy

Request a copy of all personal data we hold about you. We'll provide this within 30 days, free of charge.

Correct any inaccurate or incomplete personal data (e.g., if your email address changes).

Request deletion of your personal data by emailing privacy@guardianscan.ai. We will delete your data within 30 days unless we have a legal obligation to retain it (e.g., financial records for tax compliance). Note: To stop receiving marketing emails only (without deleting your data), click "unsubscribe" in any email.

Limit how we use your data while we investigate a complaint or accuracy issue.

Receive your data in a machine-readable format (CSV or JSON) to transfer to another service.

Object to processing based on legitimate interests (e.g., analytics or advertising). We'll stop processing unless we have compelling legitimate grounds.

Withdraw your email signup consent at any time via the unsubscribe link or by emailing us.

Data collected during scans (45+ automated checks)

• URL and page metadata: Target URL, final resolved URL (after redirects), page size, load time
• Performance metrics: Core Web Vitals (LCP, CLS, TBT, FCP, Speed Index), Lighthouse performance score, resource timing data
• Security analysis: HTTP security headers (HTTPS/TLS, CSP, HSTS, X-Frame-Options, etc.), mixed content detection
• Accessibility checks: WCAG 2.2 Level AA compliance (12 checks covering semantic HTML, ARIA labels, keyboard navigation, color contrast, screen reader compatibility, etc.)
• SEO analysis: Meta tags, Open Graph tags, structured data (JSON-LD), sitemap presence, robots.txt compliance, canonical URLs
• Modern web practices: Image optimization (WebP), lazy loading, font loading, code splitting, HTTP caching, compression (gzip/brotli)
• Code quality: Console errors (up to 100), console warnings (up to 100), HTTP error responses (4xx/5xx, up to 100), request count
• Screenshots: Viewport-only PNG screenshot (visible area, not full page)
• HTML/CSS analysis: Page structure and styling (parsed in real-time, NOT permanently stored)

Important: We do NOT collect or store: full HTML source code, cookies, form data, user input, authentication tokens, session data, full-page screenshots, or request/response bodies.

Legal basis

Contractual necessity (UK GDPR Article 6(1)(b)): Processing is necessary to provide the website scanning service you have requested. For free scans, the legal basis is consent (UK GDPR Article 6(1)(a)) when you submit your email and URL for scanning.

Authorization requirement

By submitting a URL for scanning, you confirm that you:

• Own the website, or
• Have explicit authorization from the website owner to audit it

Important: Scanning websites without authorization may violate the Computer Misuse Act 1990. We reserve the right to suspend accounts that abuse this service.

Data storage and retention

• Scan results (authenticated users): Stored in Supabase PostgreSQL (UK region) until you delete them or delete your account. You can manually delete scan results at any time from your dashboard.
• Scan results (free scans): Email addresses removed after 30 days. Following the 30-day retention period, scan data undergoes a comprehensive anonymisation process including removal of all direct identifiers, suppression of small cell counts, temporal aggregation, URL generalisation, and addition of statistical noise. This process has been assessed to ensure re-identification is not reasonably likely. Once anonymised, the data is no longer personal data under UK GDPR and is retained indefinitely for service improvement and industry benchmarking. You may request deletion before anonymisation by contacting privacy@guardianscan.ai
• Screenshots: Stored in Supabase Storage (UK-based), accessible only to the user who requested the scan. Path format: scans/[userId]/[timestamp].png (authenticated) or scans/free/[scanId]/[timestamp].png (free scans). Free scan screenshots subject to the same 30-day anonymisation policy.
• Security: Row-level security (RLS) policies ensure you can only access your own scan results. Screenshots encrypted at rest (AES-256).
• Data location: All scan data stored exclusively in UK (Supabase London region)

Our scanning bot

GuardianScan uses a headless Chrome browser (via Browserless.io) to visit websites and gather metrics. Our bot:

• User agent: Mozilla/5.0 (Linux; Android 11; Pixel 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36 (compatible; GuardianScan/1.0; +https://guardianscan.ai/bot)
• Device emulation: Google Pixel 5 (412x915 viewport) – matches Google's Core Web Vitals testing device
• Origin: UK-based cloud infrastructure (Browserless London region)
• Behaviour: On-demand only (no automated crawling, spidering, or indexing)
• Compliance: Respects robots.txt (RFC 9309) with owner override option
• Rate limiting: 60 scans per minute per user/IP address
• Duration: Typically 30-90 seconds per scan (60-second navigation timeout, plus analysis time)
• Stealth mode: Enabled by default to minimize detection by bot protection services

Learn more: GuardianScan Bot Documentation

Personal data in scan results

If a scanned website contains personal data (e.g., visible names, email addresses in screenshots):

• We only capture publicly accessible content
• Screenshots are stored securely and not shared with third parties
• Authenticated users can delete scan results and screenshots at any time from their dashboard
• Free scan personal identifiers (email addresses) are removed after 30 days. Following the 30-day retention period, scan data undergoes a comprehensive anonymisation process including removal of all direct identifiers, suppression of small cell counts, temporal aggregation, URL generalisation, and addition of statistical noise, assessed to ensure re-identification is not reasonably likely. Once anonymised, the data is no longer personal data under UK GDPR and is retained indefinitely for service improvement and industry benchmarking.
• You may request deletion of your free scan data before the 30-day anonymisation period by contacting privacy@guardianscan.ai

Third-party processors (scanning infrastructure)

Browserless Ltd. (UK): Provides headless Chrome browser infrastructure for running scans. Operates UK-based servers (London region). Processes website data in real-time during scan execution but does not retain data after scans complete.

Upstash Inc. (US/EU): Provides job queue management (QStash) for distributing scan jobs and rate limiting (Redis) to prevent abuse. Processes scan job metadata and IP addresses (ephemeral, 60-second retention only). Does not permanently store IP addresses.

Google LLC: Lighthouse engine (used for performance, accessibility, SEO, and best practices audits) runs within our scanning infrastructure. No data sent directly to Google during scans.