Privacy Policy
Last Updated: January 27, 2026
At AppScan AI, we take your privacy seriously. This policy explains how we collect, use, protect, and share your personal information. We are committed to transparency and giving you control over your data.
Information We Collect
Account Information
When you create an account, we collect your email address, name, and password (encrypted). This information is necessary to provide you with access to our services and to communicate with you about your account.
Website Data
We collect URLs of websites you add for monitoring and security audits. This data is used solely to provide our security scanning and monitoring services. We also store audit results, security findings, and monitoring metrics associated with your websites.
Usage Information
We automatically collect information about how you use our service, including pages visited, features used, and actions taken. This helps us improve our service and provide better support.
Payment Information
Payment processing is handled by Stripe. We do not store your credit card information. We only store your Stripe customer ID and subscription status.
How We Use Your Information
Service Delivery
We use your information to provide security audits, monitor your websites, send alerts about security issues or downtime, and maintain your account.
Communication
We may send you service-related emails, security alerts, billing notifications, and product updates. You can opt out of marketing emails but not critical service notifications.
Improvement
We analyze usage patterns to improve our service, develop new features, and fix bugs. All analytics are aggregated and anonymized.
Legal Compliance
We may use your information to comply with legal obligations, enforce our terms, and protect our rights and the rights of our users.
Data Security
Encryption
All data is encrypted in transit using TLS 1.3. Sensitive data is encrypted at rest using industry-standard AES-256 encryption.
Access Controls
We implement strict access controls. Only authorized personnel have access to user data, and all access is logged and monitored.
Infrastructure
Our infrastructure is hosted on secure cloud platforms with SOC 2 compliance. We perform regular security audits and penetration testing.
Incident Response
We have an incident response plan in place. In the event of a data breach, we will notify affected users within 72 hours as required by law.
Data Sharing
We Do Not Sell Your Data
We will never sell, rent, or trade your personal information to third parties for marketing purposes.
Service Providers
We share data with trusted service providers who help us operate our service (e.g., Stripe for payments, Resend for emails, Supabase for database). All providers are bound by strict confidentiality agreements.
Legal Requirements
We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.
Business Transfers
If AppScan AI is acquired or merged with another company, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.
Your Rights
Access & Export
You can access and export your data at any time through your account dashboard. We provide data in machine-readable formats (JSON, CSV).
Correction
You can update your account information at any time through your account settings.
Deletion
You can delete your account at any time. Upon deletion, we will permanently remove your personal information within 30 days, except where we are required to retain it by law.
Data Portability
You have the right to receive your data in a structured, commonly used format and to transmit it to another service.
Opt-Out
You can opt out of marketing communications at any time by clicking the unsubscribe link in emails or updating your notification preferences.
Data Retention
Active Accounts
We retain your data for as long as your account is active or as needed to provide you services.
Audit Results
Security audit results are retained according to your plan: 90 days (Starter), 180 days (Pro), or 365 days (Enterprise).
Monitoring Data
Monitoring data (uptime, response times) is retained for the same period as audit results based on your plan.
Deleted Accounts
After account deletion, we retain minimal information (email hash, deletion date) for 30 days to prevent abuse and comply with legal requirements. All other data is permanently deleted.
Backups
Backup copies are retained for 30 days for disaster recovery purposes, then permanently deleted.
Cookies & Tracking
We use essential cookies to maintain your session and remember your preferences. We do not use third-party advertising cookies.
Cookie Types:
- Essential: Required for authentication and security (cannot be disabled)
- Functional: Remember your preferences and settings
- Analytics: Help us understand how you use our service (can be disabled)
International Users
AppScan AI is based in the United States. If you are accessing our service from outside the US, please be aware that your information may be transferred to, stored, and processed in the US.
We comply with applicable data protection laws, including GDPR for EU users and CCPA for California residents.
Children's Privacy
Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by email and by posting a notice on our website. Your continued use of our service after such changes constitutes acceptance of the updated policy.
Contact Us
AppScan AI. If you have questions about this privacy policy or our data practices, please contact us:
Privacy / DPO: privacy@appscan.ai
GDPR data subject requests (access, erasure, portability, restriction, objection): privacy@appscan.ai
Support: support@appscanai.com
Legal / mailing address: legal@appscan.ai