FeaturesPricingAudit GuideFree StatementDashboard →

Legal

Privacy Policy

Effective date: April 1, 2026

1. Introduction

SiteArmor ("we", "us", or "our") operates sitearmor.net. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using the Service, you agree to the collection and use of information as described in this policy. If you are located in the European Union, this policy also satisfies requirements under the General Data Protection Regulation (GDPR).

2. Information We Collect

Information you provide

  • Account information: Email address and password when you register
  • Payment information: Billing details processed securely by Stripe — we do not store card numbers
  • URLs submitted for scanning: Web addresses you submit for accessibility analysis
  • Communications: Messages you send us via email or support channels

Information collected automatically

  • Usage data: Pages visited, features used, scan frequency, and timestamps
  • Device data: Browser type, operating system, IP address, and referrer URL
  • Cookies: Session tokens for authentication; no third-party advertising cookies

3. How We Use Your Information

We use your information to:

  • Provide, operate, and improve the Service
  • Process payments and manage your subscription
  • Send transactional emails (account confirmation, invoices, scan results)
  • Send product updates and feature announcements (you may opt out at any time)
  • Respond to your support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data to train AI models without your explicit consent.

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you subscribed to
  • Legitimate interests: Service improvement, security, and fraud prevention
  • Legal obligation: Where required by applicable law
  • Consent: Marketing communications (you may withdraw at any time)

5. Data Sharing and Disclosure

We share your information only with:

  • Stripe: Payment processing. Subject to Stripe's Privacy Policy.
  • Supabase: Database hosting and authentication. Data stored in EU region servers.
  • Legal authorities: If required by law, court order, or to protect our rights.

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained for the duration of your account plus 90 days after deletion
  • Scan results: Retained for 12 months; older scans are automatically purged
  • Payment records: Retained for 7 years as required by Czech accounting law
  • Server logs: Retained for 30 days

7. Cookies

We use the following cookies:

  • Authentication cookies: Required for login sessions. These are essential and cannot be disabled.
  • Preference cookies: Store your display preferences (optional).

We do not use advertising, tracking, or analytics cookies from third parties. You may disable non-essential cookies in your browser settings.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request we limit processing of your data
  • Withdraw consent: Opt out of marketing at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. EU residents may also lodge a complaint with their national data protection authority (in Czech Republic: ÚOOÚ).

9. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Row-level security on all database tables
  • Regular security reviews and dependency updates

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us immediately and we will delete it.

11. International Transfers

Your data is stored and processed within the European Union. If data is ever transferred outside the EU, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the Service at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance.

13. Contact and Data Controller

SiteArmor is the data controller for information collected through the Service. For privacy questions or to exercise your rights, contact us at:

SiteArmor
Email: [email protected]
Website: sitearmor.net