Privacy Policy

Effective date: March 6, 2026

1. Information We Collect

When you use ScanVibe, we collect the following information:

• Your email address (when you create an account or sign in with Google)
• Security scan results generated by our analyzers
• The URLs you submit for scanning (including third-party URLs)
• Payment information processed securely through Stripe (we never store your card details)
• Anonymous usage data (page views, feature usage) collected through Google Analytics and Google Tag Manager to improve our service

2. Scan Data & Third-Party URLs

When you scan a URL:

• We only analyze publicly available information (HTTP responses, HTML source code, JavaScript files, HTTP headers) — the same data any web browser accesses when visiting a page
• Scan results (score, detected issues, detected technologies) are stored in our database and associated with the scanned URL
• If you scan a third-party URL, we store the scan results but do not notify or share the results with the website owner
• Scan report pages are accessible via their unique URL. Do not share your scan report URLs if you wish to keep the results private
• Our scanner does not attempt to access, collect, or store any data from the target website beyond what is publicly visible in the page source and HTTP headers

3. How We Use Your Data

We use the data we collect to:

• Provide and operate the ScanVibe security scanning service
• Improve our scanning algorithms and detection capabilities
• Send you important updates about your account or our service
• Generate aggregate, anonymous statistics (e.g., most common vulnerabilities across all scans) for educational content

4. Data Sharing

We do not sell, trade, or rent your personal data to third parties. We only share data with the following service providers who are necessary to operate ScanVibe:

• Stripe processes payments securely. Stripe Privacy Policy
• Google provides OAuth authentication and analytics. Google Privacy Policy
• Google Analytics (GA4) and Google Tag Manager are used for anonymous usage analytics. These tools may set cookies as described in section 5.

5. Cookies & Tracking

ScanVibe uses the following cookies and tracking technologies:

• Session cookie: a single HttpOnly, Secure cookie to keep you logged in — cannot be accessed by JavaScript
• Google Analytics cookies (_ga, _ga_*): used to understand how visitors use our site (pages visited, time on site). Data is anonymous and aggregated
• Google Tag Manager: manages our analytics scripts. Does not collect personal data directly
• You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On or by using your browser's cookie settings
• We do not use any third-party advertising or retargeting cookies

6. Your Rights

You have the following rights regarding your data:

• Access: request a copy of all data we hold about you
• Deletion: request the permanent deletion of your account and all associated data
• Export: request an export of your scan history and results
• Rectification: request correction of inaccurate personal data

To exercise any of these rights, contact us at sylvain.dienst@gmail.com

Under GDPR, our legal basis for processing your data is: consent (when you create an account), contract execution (to provide the service), and legitimate interest (for analytics to improve the service).

For GDPR-related inquiries, you can contact us at the email address listed below.

7. Data Retention

We retain your data for as long as your account is active. Scan results for anonymous (non-authenticated) scans are retained for 90 days. When you delete your account, all your personal data and scan results are permanently removed. You can request deletion at any time by contacting us.

8. Security

We take the security of your data seriously:

• All data is encrypted in transit using TLS/HTTPS
• Passwords are hashed with bcrypt and never stored in plain text
• Our servers are hosted in Europe on secure infrastructure
• Access to production databases is restricted and monitored

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email. Continued use of ScanVibe after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy, please contact us at sylvain.dienst@gmail.com