WebSentry
Log inSign up free

Legal

Privacy Policy

Last updated: April 21, 2026

Overview

WebSentry ("we", "us", or "our") operates websentry.dev. This Privacy Policy explains how we collect, use, and protect your information when you use our website security scanning service.

By using WebSentry, you agree to the practices described in this policy.

Information we collect

Account information: When you register, we collect your name, email address, and hashed password.

Scan data: We store the URLs you submit for scanning, along with the scan results. This data is used to display your history and power monitoring alerts.

Usage data: We log scan activity (timestamps, API key used, result grades) for rate-limiting, billing accuracy, and abuse prevention.

Payment information: Payments are processed by Stripe. We do not store full credit card numbers — only a masked identifier and subscription status returned by Stripe.

Cookies: We use a single session cookie (token) to keep you logged in. No third-party tracking cookies are set.

How we use your information

We use collected information to:

  • Provide and operate the scanning and monitoring service
  • Send email alerts when your monitored sites' security grade changes
  • Process payments and manage subscriptions
  • Enforce rate limits and prevent abuse
  • Improve scan coverage and accuracy
  • Respond to support requests

We do not sell your data to third parties. We do not use your scanned URLs or results for advertising.

Data sharing

We share data only with service providers required to operate the service:

  • Cloudflare — infrastructure, DDoS protection, Turnstile CAPTCHA
  • Stripe — payment processing
  • Email provider — transactional emails (monitoring alerts, receipts)

We may disclose data if required by law or to protect the rights and safety of users.

Data retention

Scan results are retained according to your plan: 7 days (Free), 90 days (Pro), 1 year (Agency). Account data is retained for as long as your account is active. After deletion, we remove your data within 30 days, except where legally required to retain it.

Security

We use HTTPS for all data in transit, hash passwords with a strong one-way algorithm (bcrypt), and restrict database access to production systems only. No security system is perfect — if you discover a vulnerability, please contact us at security@websentry.dev.

Your rights

You can:

  • Request a copy of your data
  • Request deletion of your account and associated data
  • Update your email or name from the dashboard
  • Unsubscribe from non-transactional emails at any time

To exercise these rights, contact us at privacy@websentry.dev.

Children

WebSentry is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this policy as the service evolves. If we make material changes, we will notify registered users by email. Continued use after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email us at privacy@websentry.dev or use the contact form.