Privacy Policy
Scanward ("we", "us", "our") operates the website at scanward.com and the application at app.scanward.com. This policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
Account information
When you create an account, we collect your email address and a hashed password. We never store your password in plain text.
Domain and scan data
When you add a domain to monitor, we store the domain name and the results of each security scan (SSL/TLS, DNS, HTTP headers, email authentication, and uptime checks). All scan data is derived from publicly available information — we only query public DNS records, HTTP headers, and SSL certificates.
Payment information
If you upgrade to a paid plan, payment is processed by Stripe. We store your Stripe customer ID and subscription ID. We do not store your credit card number, CVV, or full billing details — Stripe handles that directly. See Stripe's privacy policy.
Usage data
We log standard server request data (IP address, user agent, timestamps) for rate limiting and security purposes. We do not use third-party analytics, tracking pixels, or advertising cookies.
2. How We Use Your Data
- Provide the service: Run security scans on your domains and deliver results and alerts.
- Send email notifications: Alert you when your domain's security grade changes, SSL certificates are expiring, or other issues are detected. You can manage your alert preferences from the dashboard.
- Process payments: Manage your subscription through Stripe.
- Improve the service: Understand usage patterns to fix bugs and improve the product.
3. Cookies and Local Storage
Scanward does not use cookies. The dashboard application stores your authentication token in your browser's localStorage to keep you signed in. This token is only sent to our API server and is not shared with any third party.
4. Third-Party Services
We use the following third-party services to operate Scanward:
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, subscription details |
| Resend | Transactional email delivery | Email address, email content |
| Cloudflare | CDN and DNS for the landing page | Standard web request data |
| Railway | Application hosting | Application data (encrypted in transit) |
We do not sell, rent, or share your personal data with any other third parties.
5. Data Retention
We retain your account data and scan history for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Aggregated, anonymized scan statistics may be retained indefinitely.
6. Data Security
We take security seriously — it's what we do. Measures include:
- Passwords are hashed using bcrypt and never stored in plain text.
- All data in transit is encrypted via TLS/HTTPS.
- Authentication uses JWT tokens with expiration.
- API endpoints are rate-limited to prevent abuse.
- Payment data is handled entirely by Stripe (PCI DSS compliant).
7. Your Rights
You have the right to:
- Access your personal data — visible in your dashboard.
- Correct inaccurate data — update your email or password from the dashboard.
- Delete your account and data — contact us and we will process your request within 30 days.
- Export your data — contact us for a copy of your data.
8. Children's Privacy
Scanward is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.
9. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated "last updated" date. Continued use of Scanward after changes constitutes acceptance of the updated policy.
10. Contact
If you have questions about this privacy policy or your data, contact us at [email protected].