Privacy Policy

PrivacyFixed (“PrivacyFixed”, “we”, “us”, or “our”) operates the Service at privacyfixed.com and is the controller of the personal data described below. For any privacy request or question, contact privacy@privacyfixed.com.

We practice data minimization. When you submit a scan, we collect and store only:

• the web address (URL) you choose to scan, which you represent you are authorized to submit;
• scan metadata and results — the time and duration of the scan and the observed outside companies, cookies, tracking parameters, and risk summary for that page; and
• operational logs generated automatically to run, secure, and debug the Service (e.g. request timing and error diagnostics), retained transiently.

The Service is engineered so that the following are never recorded or stored:

• your browsing history or any page you did not expressly submit;
• the contents or values of network requests, cookies, or tracking parameters — we record only that an item exists and its category, never its value;
• request bodies, response bodies, or scan-linked IP addresses; and
• account credentials, names, or payment information (the Service currently offers no account login).

These constraints are enforced at the data-model level — fields for such values do not exist in our database.

We use the information above solely to:

• perform the scan you requested and return its result;
• maintain your scan history so you can review past scans;
• operate, secure, monitor, and improve the Service; and
• comply with legal obligations and enforce our Terms.

We do not sell, rent, or share your scan data with advertisers or data brokers, and we do not use it for advertising or profiling.

Where the GDPR or UK GDPR applies, we rely on:

• Consent (Art. 6(1)(a)) — you confirm before each scan; you may withdraw at any time as described below;
• Legitimate interests (Art. 6(1)(f)) — operating, securing, and improving the Service, balanced against your rights; and
• Legal obligation (Art. 6(1)(c)) — where we must retain or disclose information to comply with law.

Scans are automatically deleted 90 days after they run. You may delete any scan from your history at any time. Operational logs are kept only as long as needed for security and diagnostics.

We host the application and a secure database with reputable infrastructure providers located in the United States, who process data on our behalf under appropriate contractual safeguards. If you access the Service from outside the United States, you understand your information will be processed there; where required, transfers are made under recognized safeguards such as the EU Standard Contractual Clauses.

Depending on your location, you may have the right to access, correct, export, delete, or restrict the processing of your data, to object to processing, and to withdraw consent. Because the Service requires no account, the fastest way to exercise deletion is directly from your scan history. For other requests, email privacy@privacyfixed.com and we will respond within the period required by applicable law (generally 30 days). EU/UK residents may lodge a complaint with their local supervisory authority. California residents have the rights described under the CCPA/CPRA, including the right not to be discriminated against for exercising them; we do not “sell” or “share” personal information as those terms are defined.

We use industry-standard measures (encryption in transit, access controls, and data minimization) to protect information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You use the Service at your own risk to the extent permitted by law.

The Service analyzes third-party websites you submit and may reference them. We are not responsible for the content, privacy practices, or conduct of any third-party site, and our observations about a site are informational only and not an accusation or legal conclusion.

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy from time to time; the “Last updated” date above reflects the latest version, and material changes will be indicated on this page. Your continued use of the Service after changes take effect constitutes acceptance. See also our Terms of Service and Cookie Notice.