1. Data we collect
- Account email address (required for sign-in).
- Profile information you provide, such as your full name and business name.
- URLs you submit to be scanned.
- Reports and outputs generated from those scans, including any saved reports.
- Website Watchlist entries and associated monitoring settings.
- Basic usage data (for example which features you use), authentication and session data.
- Cookies (see our Cookie Policy) and, if enabled in future, analytics data.
2. Why we process this data
- To provide and operate the URLVeyor service (contract).
- To keep your account secure and prevent abuse (legitimate interests).
- To improve the product and diagnose issues (legitimate interests).
- To send service-related messages you have opted in to receive (consent).
- To comply with legal obligations (legal obligation).
3. Sub-processors and third parties
URLVeyor relies on a small number of trusted third-party processors:
- Supabase — database, authentication and backend hosting.
- Lovable — application hosting and deployment platform.
- Firecrawl — used as a fallback to render blocked or JavaScript-heavy public pages.
- Google Web Risk — automated threat lookups when configured.
- Stripe — will be used to process payments if and when paid plans are enabled (not currently active).
- Email provider — will be added if and when email notifications are enabled (not currently active).
4. Public website content
When you submit a URL for scanning, URLVeyor requests the publicly available version of that page (and, where relevant, a small number of linked public pages) so that we can generate a report. Submitted URLs and generated reports are stored in your account so that you can access saved reports, until you delete or archive them in accordance with the app's rules.
5. Data retention
We keep your account data for as long as your account is active. Reports remain stored until you delete or archive them according to the app's plan rules. If you delete your account, we will delete or anonymise your personal data within a reasonable period, unless we are required to retain it to meet legal obligations.
6. Your rights
Depending on your location, you may have the right to:
- access the personal data we hold about you;
- request correction or deletion of your personal data;
- object to or restrict certain processing;
- request portability of your data; and
- withdraw consent where processing is based on consent.
To exercise any of these rights, please use the details on our Contact page.
7. Security
We take reasonable technical and organisational measures to protect your data, including access controls, encryption in transit, and role-based access to administrative functions. API keys and backend secrets are never exposed in reports, PDFs, logs or the frontend of the app.
8. Cookies
See our Cookie Policy for more information about the cookies we use.
9. Changes to this Policy
We may update this Privacy Policy from time to time. If we make material changes we will take reasonable steps to notify you.
10. Contact
For privacy or data protection requests please visit our Contact page.