Privacy & Policy

Your Privacy Matters

We believe in radical transparency. Here's exactly what data we collect, why we collect it, and how we protect it — written in plain language, not legalese.

Last updated: March 4, 2026

Quick Navigation

Information We CollectHow We Use Your DataCookies & Local StorageYour RightsData SecurityChanges to This Policy

1. Information We Collect

URLs You Submit

When you use ScanURL to scan a website, we receive the URL you enter. We use this solely to perform the security analysis and do not store your scan history permanently.

Usage Data

We may collect anonymized, aggregated usage data such as scan counts, feature usage, and general traffic patterns. This data cannot be used to identify individual users.

Account Information

If you choose to create an account, we collect your email address and display name via Firebase Authentication. Your password is never stored in plaintext.

2. How We Use Your Data

Providing the Service

URLs are processed in real-time to perform security scans using third-party APIs (e.g., VirusTotal, Shodan, DNS.Google). Results are returned to you and are not retained on our servers.

Improving ScanURL

Aggregated, anonymized data helps us understand which features are most useful and guide product development. This never includes personally identifiable information.

Fraud Prevention

We may use scan metadata to detect and prevent abuse of our platform, such as automated scraping or misuse of our free scan quota.

3. Cookies & Local Storage

Local Storage

We use your browser's local storage to track your guest scan count (limited to 2 free scans). This data stays on your device and is never transmitted to our servers.

Authentication Cookies

If you sign in, Firebase Authentication uses secure session cookies to maintain your logged-in state. These are essential for service functionality and are not used for tracking.

No Advertising Cookies

We do not use any advertising, retargeting, or third-party tracking cookies. ScanURL has zero ad-tech integrations.

4. Your Rights

Access & Deletion

You have the right to request access to any personal data we hold about you, and to request its deletion. Simply contact us and we will process your request within 30 days.

Data Portability

You may request a copy of your account data in a machine-readable format at any time.

Opt-Out

You can use ScanURL as a guest without providing any personal information. Signing up is entirely optional and only required for unlimited scans.

5. Data Security

Encryption in Transit

All communications between your browser and ScanURL are protected using TLS 1.2+ encryption. We enforce HTTPS on all our domains with HSTS preloading.

Firebase Security

User account data is stored in Google Firebase, which maintains SOC 2 compliance and applies industry-standard security controls.

Third-Party APIs

Scan data is shared with third-party APIs (VirusTotal, Shodan, etc.) only as needed to perform the analysis. These services have their own privacy policies governing that data.

6. Changes to This Policy

Notification of Changes

We may update this Privacy Policy from time to time. When we do, we will update the 'Last Updated' date below and, for significant changes, notify registered users via email.

Continued Use

Your continued use of ScanURL after any policy changes constitutes your acceptance of the updated terms. We recommend reviewing this page periodically.

Questions About Privacy?

We're happy to help. Reach out and we'll respond within 48 hours.