Privacy Policy

Last Updated: March 21, 2026

1. Privacy at a Glance

The protection of your personal data is a priority for StackAudit. This policy explains what information we collect, how we use it, and your rights regarding that data in accordance with the EU General Data Protection Regulation (GDPR).

2. Data Collection & Hosting

We minimize data collection to what is strictly necessary for the operation of the service.

  • Infrastructure: Our application is hosted on Google Cloud Run.
  • Scanning & Authentication: Logins and automated scanning processes are performed via infrastructure provided by Hetzner Online GmbH in Germany.
  • Log Files: When you visit our site, our systems automatically collect technical data (IP address, browser type, time of access). This is processed based on our legitimate interest (Art. 6 (1)(f) GDPR) in maintaining a secure and stable service.

3. Analysis Data (The "Scan")

When you initiate a scan of a URL:

  • Data Type: We retrieve publicly accessible data (HTTP headers, frontend libraries, cookie names, and server metadata).
  • Purpose: This data is technical and is used to generate your audit report.
  • Retention: Scan results may be cached to improve performance for subsequent requests. We do not purposefully collect "Personal Data" from the target websites, only technical infrastructure signatures.

4. User Accounts & Login

If you create an account:

  • We store your email address and authentication credentials to provide you with access to your scan history.
  • This data is processed to fulfill our contractual obligations (Art. 6 (1)(b) GDPR) to you.

5. Data Transfer & Sub-processors

Your data is processed within the European Economic Area (EEA).

  • Hetzner (Germany): Used for compute and scanning.
  • Google Cloud (EU Regions): Used for hosting the web interface.

We have Data Processing Agreements (DPA) in place with these providers to ensure your data remains protected under GDPR standards.

6. Your Rights

Under the GDPR, you have the following rights:

  • Right to Access: Request a copy of the data we hold about you.
  • Right to Erasure: Request the deletion of your account and associated scan history.
  • Right to Rectification: Correct any inaccurate information.
  • Right to Object: Object to the processing of your data based on legitimate interests.

To exercise these rights, please contact us at: heckstet@gmail.com