secuora
sign in

Privacy Policy

Effective: 2026-04-20. Version 1.

What we collect

  • Account data: email address, authentication timestamps.
  • Domain data: domain names you add, verification tokens, verification status.
  • Scan data: findings produced by scans you request — may include URLs, HTTP response excerpts, certificate metadata.
  • Billing data: Stripe customer ID and subscription status. We do not receive card numbers.
  • Usage logs: minimal application logs (no PII, no finding bodies).

Where it lives

Account, domain, scan, and finding data are stored in Supabase (Postgres). PDF reports are stored in a private Supabase storage bucket. Payment data is stored by Stripe. All data is encrypted at rest.

Who can see it

Only you can see your domains, scans, and findings. Supabase and Stripe process data as sub-processors. We do not sell or share data with any other third party.

Retention

Account, scan, and finding data are retained while your account is active. After you delete your account, all data is removed within 30 days. Billing records are retained for 7 years for tax compliance.

Your rights

You can export, correct, or delete your data at any time by contacting [TO FILL IN — support email]. Residents of the EU / UK / California have additional rights under GDPR / UK-GDPR / CCPA as applicable.

Cookies

We use a single authentication cookie (set by Supabase) to keep you signed in. We do not use tracking or advertising cookies.

Contact

Privacy questions: [TO FILL IN — support email].