Skip to main content

Privacy Policy

Last updated: July 2026

1. Introduction

This Privacy Policy explains how Web Audit Suite ("the Service," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our Service.

By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials. If you subscribe to a paid plan, we collect billing information through our payment processor.

Usage Data

We collect information about how you use the Service, including URLs you analyze, features you access, and timestamps of your activity.

Audit Data

When you analyze a website, we process publicly available information from that website, including HTML content, HTTP headers, DNS records, and SSL certificate details. This data is used solely to generate your audit reports.

Technical Data

We automatically collect certain information when you access the Service, including IP address, browser type, device information, and referring URLs.

For programmatic API access, we record an opaque truncated hash of the most recent client IP address that used each API key for abuse detection. The plaintext IP is not stored. The hash is automatically cleared 30 days after it was last set.

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process your website audits and generate reports
  • Manage your account and subscriptions
  • Process payments and prevent fraud
  • Communicate with you about your account, updates, and support
  • Analyze usage to improve the Service
  • Enforce our Terms of Service and comply with legal obligations

4. Data Retention

We retain your data based on your subscription tier:

  • Trial period: Full audit capabilities during your 7-day trial. Audit data follows the same 90-day retention schedule as paid subscriptions.
  • Paid tiers: Audit data and saved reports are retained for 90 days from creation. You may delete reports manually at any time.
  • Favorites: Audits you mark as favorites are retained indefinitely while your account is active and are deleted when you delete your account. You may un-favorite at any time to return them to the standard 90-day expiration.

5. Third-Party Services

We use the following third-party services to operate the Service:

  • Google PageSpeed Insights API: To provide Lighthouse performance audits. URLs you analyze are sent to Google's servers. See Google's Privacy Policy.
  • Supabase: For authentication and database services. See Supabase Privacy Policy.
  • Stripe: For payment processing. We do not store your full credit card details. See Stripe Privacy Policy.
  • Vercel: For hosting, serverless functions, and temporary data caching (including rate limiting and short-lived report data). See Vercel Privacy Policy.
  • Browserless: For PDF report generation. When you generate a PDF report, your audit data is temporarily rendered by a headless browser service to produce the document. Report data is cached for up to 5 minutes during generation and then deleted. See Browserless Privacy Policy.
  • AI Search Readiness (GEO/AEO) Analysis: Our GEO and AEO scores are calculated on our own servers using pattern matching and structured-data evaluation of information fetched directly from your website. This scoring does not send your content to third-party AI services.
  • AI Recommendations (Anthropic): To generate the executive summary and recommended fixes shown with your audit, we send a structured summary of that audit's findings (for example, which security headers are missing, the SEO and accessibility issues detected, and the URL analyzed) to Anthropic, PBC, which operates the Claude AI model. We do not send your account or payment details. Anthropic processes this data to return the recommendations. See Anthropic's Privacy Policy.

6. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. These cookies are necessary for the Service to function and cannot be disabled.

We also use a tier-identification cookie ("x-user-tier") to display your subscription status in the interface. This cookie contains only your tier name, is not used for tracking, and expires after one hour. Additionally, audit results may be cached in your browser's local storage to improve performance on repeat visits.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS) and at rest. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users without undue delay, as required by applicable law. We will also notify relevant supervisory authorities where required.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your data

To exercise these rights, contact us at hello@webauditsuite.com.

9. Account Deletion

You may request deletion of your account at any time. Upon receiving your deletion request:

  • Audit data: Expires on its normal 90-day retention schedule. Access is revoked immediately upon account deletion.
  • Account information: Retained for 90 days to allow account recovery, then permanently deleted by our automated cleanup process
  • Billing records: Retained as required by law for tax and accounting purposes

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these countries, which may have different data protection laws than your country of residence.

12. Do Not Sell My Personal Information

We do not sell your personal information to third parties. We only share data with service providers necessary to operate the Service, as described in this policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at:

Email: hello@webauditsuite.com

See also our Terms of Service.