check it!
HomeLog in

Privacy Policy

Last updated: May 16, 2026

This policy explains what personal data check it! collects, why we collect it, where it is stored, how long it is kept, and the rights you have. It is written with an EU and GDPR-first posture.

This is practical draft copy for check it!. It should be reviewed by a qualified legal professional before production use.

1. Overview

check it! is a website audit product. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our public pages, create an account, submit a website for audit, or use the service.

This policy is written with an EU and GDPR-first posture. Depending on where you live, you may have additional rights under local law.

2. Controller

Add the legal company name, registered address, contact email, and data protection contact here before publication.

Unless another agreement says otherwise, the operator of check it! is the controller for personal data processed through the service.

3. Personal data we collect

We may collect:

  • account data, such as name, email address, authentication provider details, and account identifiers;
  • website audit data, such as submitted URLs, page metadata, crawl results, audit findings, screenshots or page-derived evidence if enabled, and run history;
  • usage data, such as pages viewed, actions taken, device information, browser information, approximate location from IP address, referrer, and timestamps;
  • support and feedback data, such as messages, ratings, issue reports, and survey responses;
  • billing data if paid features are offered, such as plan, payment status, invoices, billing contact details, and payment processor references;
  • technical and security data, such as IP address, logs, error reports, authentication events, rate-limit events, and abuse-prevention signals;
  • cookie and similar storage data as described in the Cookie Policy at /cookies.

4. How we use personal data

We use personal data to:

  • create and manage accounts;
  • authenticate users and protect sessions;
  • run website audits and show audit results;
  • save submitted sites, dashboards, history, and preferences;
  • provide support and respond to messages;
  • improve product quality, reliability, and usability;
  • monitor security, prevent abuse, and investigate incidents;
  • measure product usage and public-page performance;
  • send service messages, such as verification, security, billing, or product notices;
  • comply with legal, tax, accounting, and regulatory duties.

5. Legal bases under the GDPR

We process personal data under these legal bases where they apply:

  • contract, when processing is needed to create your account, provide the service, run audits, and manage paid features;
  • legitimate interests, when processing is needed to secure, maintain, debug, improve, and understand the service, provided those interests are not overridden by your rights;
  • consent, when required for optional analytics, marketing, or non-essential cookies;
  • legal obligation, when processing is needed for tax, accounting, law enforcement, regulatory, or compliance duties;
  • vital interests or public interest only if a rare situation requires it and the law allows it.

6. Website audit data

You should only submit websites that you own, manage, or are authorized to audit.

Website audit data may include page content, metadata, technical signals, links, robots and sitemap evidence, performance data, and generated recommendations. If the submitted website contains personal data, that data may be processed as part of the audit.

You are responsible for making sure that you have the right to submit the website for analysis.

7. Cookies and similar storage

We use cookies and similar browser storage for essential service functions, preferences, authentication support, analytics, and product reliability. See the Cookie Policy at /cookies for more detail.

8. Sharing personal data

We may share personal data with:

  • hosting and infrastructure providers;
  • authentication providers;
  • analytics and product measurement providers;
  • error monitoring and observability providers;
  • email and communication providers;
  • payment processors if paid features are offered;
  • professional advisers, such as lawyers, accountants, and auditors;
  • public authorities or other parties when required by law or needed to protect rights, safety, security, or legal claims.

We do not sell personal data.

9. International transfers

Some providers may process data outside your country or outside the European Economic Area. When required, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, provider data processing terms, or other lawful transfer mechanisms.

10. Retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer period is required by law.

Typical retention depends on the data type:

  • account data is kept while the account is active and for a reasonable period after deletion;
  • audit history is kept while needed to provide dashboards, history, support, and account records;
  • security logs are kept for a limited period needed to detect abuse and investigate incidents;
  • billing and tax records are kept as required by law;
  • analytics data is kept according to provider settings and product needs.

Add exact retention periods before publication if the product has fixed retention rules.

11. Security

We use technical and organizational measures designed to protect personal data. These may include access controls, encryption in transit, authentication controls, logging, monitoring, rate limiting, and separation of user-owned data.

No system is perfectly secure. You are responsible for using a secure email account, protecting your login method, and telling us about suspected unauthorized access.

12. Your rights

Depending on your location and the legal basis for processing, you may have the right to:

  • access your personal data;
  • correct inaccurate personal data;
  • delete personal data;
  • restrict processing;
  • object to processing;
  • receive a portable copy of your data;
  • withdraw consent where processing is based on consent;
  • complain to a data protection authority.

You can exercise rights by contacting us at the privacy contact listed in this policy. We may need to verify your identity before responding.

13. Children

check it! is not intended for children. Do not use the service if you are under the age required to create an online service account in your country.

14. Changes to this policy

We may update this Privacy Policy when the service, the law, or our data practices change. The updated date shows when the latest version took effect.

15. Contact

Add privacy contact email, company name, registered address, and any data protection representative details here before publication.