Privacy

Scanner data

The scanner stores the submitted website URL, normalized domain, scan status, timestamps, hashed request IP, consent-flow results, findings, and server-side evidence artifacts required to generate the report.

Public teaser responses are intentionally limited. Full evidence is available only after domain control is verified through same-apex email, DNS TXT, or an HTML file.

Retention

Evidence from unverified public scans expires after 24 hours. The cleanup worker purges unverified evidence and screenshot artifacts after expiry. Verified report records are retained for report history and re-scan comparison.

Verification and email

Work email verification uses a one-time code with a short expiry. DNS and HTML-file verification store only the generated verification token, verification method, domain, and verification status.

Contact

For scanner privacy, abuse, or security questions, contact Burhuc through the main site contact channel and include the scan domain and approximate scan time.