When you sign up for an account at DomainSecurityScanner you need to provide your email address and a password.
The email address you provide is stored and is used as a unique identifier for you to login. It is also used to send you emails in relation to your use of the service and inform you of changes and enhancements to our services.
The password you choose is salted, hashed and stored securely by our authentication provider (Supabase Auth). This hash is used every time you login to authenticate that the person logging in and claiming to be you, really is you.
We also create a unique UserID for your account. This is used to reference your account and for internal administration.
Data related to logging in is retained until your account is deleted.
By signing up for an account, you agree that we can use this information relating to you for these purposes.
When you enter your payment card information we require the following data:
To enter your payment card information, you interact directly with Stripe. DomainSecurityScanner never sees your full card details - instead Stripe sends us a secure reference token.
This information, along with your payment history, is necessary for us to process payments in accordance with our terms of service. It is retained as long as you continue to use DomainSecurityScanner.
You can find out more about how Stripe uses your data in their privacy policy at stripe.com/gb/privacy.
When you scan a domain, we collect:
This data is used to provide you with scan history and to improve our service. Domain scan results may be cached temporarily to improve performance.
For free users, scan history is stored locally in your browser. For Pro users, scan history is stored in our database and associated with your account.
Note: Domain scans query publicly available DNS records and do not access any private data from the domains being scanned.
As a cloud-based service, we rely on the use of third-party service providers:
| Provider | Services | Data Processed |
|---|---|---|
| Supabase | Database, Authentication | Email, password hash, scan data |
| Stripe | Payment Processing | Payment card data, billing address |
| Resend | Email delivery | Email address |
We take security seriously. Although our systems process minimal personal data - just your email address, password hash, and a payment token - our systems are designed, built, and operated securely.
All data is transmitted over HTTPS. Passwords are salted and hashed using industry-standard algorithms. We never store plain-text passwords or full credit card numbers.
When you access DomainSecurityScanner, we use only essential cookies for the safe and secure operation of the site:
| Cookie | Purpose |
|---|---|
| sb-*-auth-token | Authentication session - keeps you logged in |
| recent_scans | Local storage - remembers your recent domain scans |
For more details, see our Cookie Policy.
You can see the data we process about you related to logging in, in your account settings. If you require a full copy of your data, please email [email protected].
If you believe any data we hold relating to you is incorrect, please email [email protected].
The processing of your personal data is necessary for your use of the service. If you delete your account this will also delete all the data related to you. This is a one-way process; it is not reversible.
We process the minimum amount of personal data that we can. If you have questions or complaints, please address them to [email protected].
If you are not happy with how we have dealt with your questions or complaints in relation to how we process personal data, you can contact the UK Information Commissioner at ico.org.uk/make-a-complaint.
Although changes are likely to be minor, we may change our Privacy Policy from time to time, at our sole discretion. We encourage you to check this page periodically for any changes.