Privacy policy

Privacy policy

DRAFT — REVIEW BEFORE LAUNCH. This is a starter template tailored to Site Check's actual data practices but it has not been reviewed by a lawyer. Get one to read it before pointing site-check.contexta.uk at the public internet.

Last updated: placeholder, set on launch.

Who runs Site Check

Site Check is operated by Contexta (sole trader / company registration to confirm). Address: placeholder. Contact: [email protected].

What we collect

• URL you submit. We fetch it (and up to 19 same-origin pages) to produce your scan report.
• HTTP responses from those pages. Status codes, headers, page bodies (first 100 KB). Stored as part of the scan record so you can revisit your report.
• Your IP address. Stored against the scan for rate-limit, abuse detection, and security audit purposes.
• Your email (if you submit it). Stored so we can send you the full report; used only for transactional purposes unless you opt in to marketing.
• Optional marketing consent. If you tick the box, we may send occasional tips. Unsubscribe link in every marketing email.
• Payment details (if you upgrade to the £29 Verified Report). Processed by Stripe. We never see or store your card number.

What we don't collect

• Cookies for tracking. We don't run analytics scripts on the public scan flow.
• Personal information beyond what you voluntarily submit.

How long we keep it

• Scan records: indefinitely so you can revisit your report URL. You can ask for a specific scan to be deleted.
• Captured page bodies: stored alongside scan records but never re-published.
• Email addresses: retained while you have an active relationship with us; deleted on request.
• Payment records: kept per UK accounting rules (6 years for tax purposes) — Stripe holds the card-related data, we keep the transaction record.

Third parties we share data with

• Stripe — for payment processing. Their privacy policy: stripe.com/privacy.
• Resend — for sending transactional + marketing emails. Their privacy policy: resend.com/legal/privacy-policy.
• Microsoft Azure — our hosting provider. Their privacy policy: privacy.microsoft.com.
• Pentest partner — only if you explicitly request a pentest referral, we forward your contact details + the scanned URL to our partner firm. Partner name + their privacy policy placeholder — confirm before launch.

Your rights (UK GDPR / EU GDPR / CCPA)

• Access — request a copy of what we hold about you.
• Rectification — ask us to correct it.
• Erasure — ask us to delete it.
• Portability — ask for a machine-readable export.
• Withdraw consent — for marketing, the unsubscribe link works; for all other purposes, email us.

Email [email protected] for any of the above. We respond within one month per UK GDPR.

Complaints

If you're not happy with how we handle your data, you can complain to the UK Information Commissioner's Office: ico.org.uk.

← Back to Site Check