Privacy Policy

Last Updated: November 20, 2025
Effective Date: January 1, 2025

1. Introduction

Welcome to WebSecurityScore (“we,” “our,” or “us”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web security testing platform and services.

By accessing or using WebSecurityScore, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, company name, job title
  • Payment Information: Credit card details, billing address (processed securely through third-party payment processors)
  • Target Information: Domain names and URLs you submit for security scanning
  • Communications: Messages, feedback, and support requests you send to us
  • KYC Information: Identity verification documents when required for compliance

2.2 Information Collected Automatically

When you use our services, we automatically collect:

  • Usage Data: Pages viewed, features used, time spent, scan history
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, error logs, performance metrics
  • Cookies: See our Cookie Policy for details

2.3 Information from Third Parties

We may receive information about you from third-party services you connect to WebSecurityScore, such as authentication providers (Google, GitHub) or payment processors (Stripe).

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our security scanning services
  • Process transactions and send billing confirmations
  • Send you technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service
  • Send marketing communications (with your consent, where required)

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf, such as payment processing, data hosting, email delivery, and customer support. These providers are contractually obligated to protect your data.

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We may share information with your explicit consent or at your direction.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication, least privilege principle
  • Infrastructure: Secure cloud hosting (AWS/GCP), redundancy, DDoS protection
  • Monitoring: 24/7 security monitoring, intrusion detection systems
  • Backups: Daily encrypted backups, disaster recovery procedures
  • Audits: Regular security audits and penetration testing

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights (GDPR, CCPA)

6.1 GDPR Rights (EU Users)

If you are in the European Union, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (“right to be forgotten”)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

6.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights:

  • Right to Know: Request information about data collection and use
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

To exercise your rights, contact us at privacy@websecurityscore.com. We will respond within 30 days.

7. Cookies and Tracking

We use cookies and similar tracking technologies to collect information about your browsing activities. Cookies help us:

  • Remember your preferences and settings
  • Understand how you use our services
  • Improve our platform and user experience
  • Provide personalized content and recommendations

For detailed information about our cookie usage, please see our Cookie Policy.

8. Third-Party Services

We use the following third-party services that may collect information:

  • Google Analytics: Website analytics and usage tracking
  • Stripe: Payment processing (see Stripe Privacy Policy)
  • AWS/GCP: Cloud hosting and infrastructure
  • SendGrid: Email delivery services
  • Intercom: Customer support and messaging

These third parties have their own privacy policies. We are not responsible for their practices.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data is protected.

10. Children’s Privacy

WebSecurityScore is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@websecurityscore.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new “Last Updated” date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on our platform

Your continued use of WebSecurityScore after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Privacy Team

Related Policies

Learn more about our legal policies and commitments

Terms of Service

Read our user agreement and service terms

Cookie Policy

Learn about our cookie usage and preferences

Security & Compliance

Discover our security practices and certifications