Privacy Policy
Last updated: January 2025 | Version 2.0
Privacy at a Glance
- We collect minimal data necessary to provide our service
- We never sell your personal data to third parties
- Your data is stored securely in the EU (Frankfurt)
- You have full control: access, export, or delete your data anytime
- We use privacy-friendly analytics (Plausible - no cookies)
1. Data Controller
PrivacyChecker SAS ("we", "us", or "our") is the data controller for the personal data collected through our website at www.privacychecker.pro and related services.
Contact Information
Email: privacy@privacychecker.pro
DPO: dpo@privacychecker.pro
2. Data We Collect
2.1 Account Information
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Account creation, login, notifications | Contract |
| Password (hashed) | Authentication | Contract |
| Company name (optional) | Report customization | Consent |
2.2 Service Data
- Website URLs: URLs you submit for compliance scanning
- Scan Results: Compliance audit data, cookies detected, scores
- Widget Data: Consent records from your visitors (if using our widget)
2.3 Technical Data
- IP Address: Used for security and fraud prevention (anonymized after 30 days)
- Browser/Device Info: For compatibility and troubleshooting
- Usage Patterns: Aggregated analytics via Plausible (no personal tracking)
3. How We Use Your Data
- Service Delivery: To perform compliance scans and generate reports
- Account Management: To authenticate you and manage your subscription
- Billing: To process payments via Stripe (we never see full card numbers)
- Communication: To send scan results, alerts, and important service updates
- Improvement: To analyze aggregated usage and improve our service
- Legal Compliance: To comply with legal obligations and respond to lawful requests
We do NOT: Sell your data, use it for advertising, share it with data brokers, or profile you for purposes unrelated to our service.
4. Data Sharing
We only share data with trusted service providers necessary to operate our service:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database & Authentication | EU (Frankfurt) |
| Stripe | Payment Processing | EU/US (SCCs) |
| Render | Hosting & CDN | EU/US (SCCs) |
| Plausible | Privacy-friendly Analytics | EU |
We may also disclose data to law enforcement or regulatory authorities when legally required.
5. Your Rights (GDPR)
Under the GDPR and other applicable laws, you have the following rights:
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data ("Right to be Forgotten").
Right to Portability
Receive your data in a machine-readable format (JSON/CSV).
Right to Restriction
Request limitation of processing in certain circumstances.
Right to Object
Object to processing based on legitimate interests.
Right to Automated Decision-Making
Not be subject to decisions based solely on automated processing, including profiling (Art. 22 GDPR).
To exercise these rights, email privacy@privacychecker.proor use the self-service options in your dashboard. We respond within 30 days.
6. Data Security
We implement industry-standard security measures to protect your data:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Secure password hashing (bcrypt)
- Regular security audits and penetration testing
- Access controls and employee security training
- Incident response procedures
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Scan history | 12 months |
| Billing records | 7 years (legal requirement) |
| Server logs | 30 days |
| Backup data | 90 days after primary deletion |
8. International Data Transfers
Your personal data is primarily stored in the European Union (Frankfurt, Germany). When we transfer data outside the European Economic Area (EEA), we ensure GDPR-compliant protection through the following safeguards:
- Standard Contractual Clauses (SCCs): EU Commission-approved clauses with all non-EU processors
- Adequacy decisions: Transfers to countries with adequate data protection (where applicable)
- Supplementary measures: Additional technical and organizational measures per EDPB guidance
- Transfer Impact Assessments: We evaluate each international transfer for data protection risks
Current international transfers: Stripe and Render may process data in the US under Standard Contractual Clauses. All other processing occurs within the EU.
9. Children's Privacy
Our service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
10. Updates to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent website notice at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent revision.
11. Complaints
If you have concerns about our data practices, please contact us first atprivacy@privacychecker.pro.
You also have the right to lodge a complaint with your local supervisory authority. In France, this is the CNIL (Commission Nationale de l'Informatique et des Libertés).
12. Contact Us
Privacy Inquiries
privacy@privacychecker.proData Protection Officer
dpo@privacychecker.pro