Skip to main content

Privacy Notice

Last updated: 11 May 2025

1. Data Controller

SiteIntel ("we", "us", "our") is the data controller for personal data processed through this service. Contact: support@siteintel.io

2. What We Collect

When you request a security scan, we collect:

  • Domain name — the target website you submit for scanning
  • Email address — if provided, to deliver your report
  • IP address — for rate limiting and abuse prevention
  • User agent — browser identification string
  • Scan results — technical findings from publicly-available data sources (DNS records, TLS certificates, HTTP headers, etc.)

We do not collect passwords, payment details, or access any non-public information about the scanned domain. Mode 1 scans use only publicly-accessible data sources.

3. Lawful Basis

We process your data under Article 6(1)(f) UK GDPR — legitimate interests. Our legitimate interest is providing a B2B security assessment service that you have explicitly requested. We have conducted a Legitimate Interest Assessment and concluded that the processing is necessary, proportionate, and does not override your rights.

For marketing communications, we rely on consent (Article 6(1)(a)), which is obtained separately via an opt-in checkbox.

4. Data Retention

Scan data is retained for 90 days from the scan completion date, after which it is automatically purged. You may request early deletion at any time using the "Delete my data" link included in your scan report, or by contacting us directly.

5. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate personal data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Restriction — restrict processing of your personal data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests

To exercise any of these rights, contact support@siteintel.io. We will respond within 30 days.

6. Data Sharing

We do not sell your data. Scan data may be processed by:

  • AI providers (Anthropic, Google) — for generating scan summaries. Only anonymised technical findings are sent; no personal data.
  • Third-party intelligence APIs (Shodan, CISA, OSV) — domain-level queries only; no personal data is transmitted.

7. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorised personnel with multi-factor authentication. We maintain tamper-evident audit logs with hash chains for all significant data operations.

8. Cookies

This service uses only strictly necessary cookies for session management. We do not use tracking cookies, analytics pixels, or advertising identifiers.

9. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ico.org.uk/make-a-complaint

10. Changes

We may update this notice from time to time. Material changes will be communicated via email to users with active scan data.

← Return to SiteIntel