Skip to content
W3BAudit
How it works Pricing Scan a site

LEGAL

Privacy Policy

Last updated 1 July 2026. How W3bAudit handles data. The data controller is Aasim Saeed, trading as W3bAudit (a sole trader).

In short: the page content we scan and any credentials you connect are used only for your session and are never stored or logged (zero-retention). We keep only what we need to run your account and billing, and we never sell your data.

1. What we collect

  • The page content we scan & any credentials you connect — processed in memory for your session only and then discarded. Never stored, logged or used to train any model.
  • Derived results (scores, findings, generated report/fixes) — retained only if you choose to save them to an account; otherwise discarded when your session ends.
  • Account data (if you create one) — your email and authentication details.
  • Billing data — handled by our Merchant of Record (Paddle/Lemon Squeezy). We never see or store your full card details.
  • Technical data — your IP address and basic request logs, used for security, rate-limiting and abuse-prevention, kept for a short period.
  • Cookies — only essential/security cookies (e.g. bot-protection). No third-party advertising or cross-site tracking.

2. How we use it

To provide the audit, report and remediation you request; to secure the Service and prevent abuse; to take payment (via our Merchant of Record); to provide support; and to meet legal obligations. We do not sell your personal data or use it for third-party advertising.

3. Legal bases (UK GDPR)

Performance of our contract with you (providing the Service); our legitimate interests (securing and improving the Service, preventing abuse); your consent (where you opt to save results to an account, or for non-essential processing); and compliance with legal obligations.

4. Who we share it with (sub-processors)

We use a small number of trusted providers who process data on our behalf under contract:

  • AI provider (Anthropic) — to generate the written report and fix guidance on paid tiers, we send the derived findings and the URL, not raw page content or credentials, under terms that do not use the data for model training.
  • Cloud hosting (Google Cloud / Cloud Run) — runs the audit engine and API.
  • Cloudflare — content delivery, security and bot-protection.
  • Merchant of Record (Paddle / Lemon Squeezy) — processes payments and is the seller of record; their privacy terms also apply to the transaction.
  • Email provider — transactional email (receipts, account).

We may also disclose data where required by law.

5. International transfers

Some providers (e.g. our AI provider) process data outside the UK/EEA. Where they do, we rely on appropriate safeguards such as UK/EU adequacy decisions or Standard Contractual Clauses.

6. How long we keep it

Scanned page content and credentials: not retained (session only). Saved results: until you delete them or close your account. Account data: for the life of your account. Security logs: a short retention period. Billing records: as required by our Merchant of Record and by law.

7. Your rights

Subject to UK GDPR you may request access to, correction, deletion, restriction or portability of your personal data, and may object to certain processing. To exercise these, contact us below. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

8. Security

We use least-access, session-scoped handling of sensitive inputs, encryption in transit, and strict access controls. No method of transmission or storage is completely secure, but zero-retention means there is nothing sensitive to breach after your session ends.

9. Children

The Service is not directed at children and is intended for users aged 18 or over.

10. Changes

We may update this policy; material changes will be notified and the “last updated” date revised.

11. Contact

Privacy questions or requests: [email protected]. Data controller: Aasim Saeed, trading as W3bAudit.

W3BAudit

© 2026 W3bAudit · Find it. Fix it. Keep nothing. · Pricing · Terms · Refunds · Privacy · llms.txt