Privacy Policy

Account data: When you register, we store your email address and a hashed password. We do not store plaintext passwords.

Scan data: When you submit a URL for scanning, we store the URL, full scan results, security grade, score, your IP address, and user agent. Anonymous scans are stored without a linked account but still include the IP address.

Usage data: We record API key usage, monitor schedules, and cron scan history to provide the service and display your dashboard.

Payment data: Payments are processed by Stripe. We store only your Stripe customer ID and subscription ID — we never see or store full card numbers.

Support data: If you use our live chat (powered by Crisp), your conversation and any data you share in chat is stored by Crisp.

We use your data solely to operate WebSentry:

• Authenticating your account and displaying your dashboard
• Running scans and monitoring jobs on your behalf
• Enforcing rate limits and plan quotas
• Processing subscription payments and sending billing emails
• Sending security alert emails when a monitored site's grade drops
• Improving the service (aggregated, anonymised analytics only)

We do not sell your personal data to third parties.

We share data with the following sub-processors as needed to operate the service:

• Cloud infrastructure provider — hosting, edge network, and database (data stored in the US)
• Stripe — payment processing and subscription management
• Crisp — live chat support
• Google Ads — advertising (conversion tracking via Google tag)

We use a single first-party authentication cookie (token) to keep you logged in to your account. This cookie is HTTP-only and expires after 7 days.

Crisp sets its own cookies for the chat widget. Google Ads may set cookies for conversion tracking. You can block these using browser settings or an ad blocker.

Scan results are retained as long as your account is active. Free-plan users' scan history may be pruned after 90 days of inactivity.

If you delete your account, your personal data (email, scans, API keys, monitors) is permanently deleted within 30 days. Anonymised aggregate data may be retained for analytics.

You have the right to access, correct, or delete your personal data. You can:

• Export your scan history from your Dashboard
• Delete your account from the Settings tab
• Request a full data export by emailing us at privacy@axoxweb.com

If you are in the EU/EEA, you have additional rights under GDPR including the right to lodge a complaint with your local data protection authority.

Data is stored on our cloud infrastructure with encryption at rest. Passwords are hashed using PBKDF2 before storage. We do not transmit unnecessary personal data between services.

We may update this policy from time to time. Significant changes will be communicated via email. Continued use of the service after changes constitutes acceptance.

Questions about this policy? Email us at privacy@axoxweb.com or visit axoxweb.com/contact.