Privacy Policy

SiteScanReport LLC
Effective Date: May 26, 2026
Last Updated: May 26, 2026

---

SiteScanReport LLC ("SiteScanReport," "we," "us," or "our") operates the website compliance scanning service available at sitescanreport.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, when and with whom we share it, and what rights you may have with respect to it.

We do not sell your personal information. We do not use your information for advertising. We collect only what we need to deliver the Service and operate the business.

---

1. Information We Collect

1.1 Information You Provide

When you purchase a scan, you provide:

• • Email address — used to deliver your report and communicate with you about your order.
  • The URL you submit for scanning — the website address you ask us to scan. This is the domain your report covers.

We do not collect your name, mailing address, or phone number. Payment information, including card details and any billing information collected during checkout, is collected and processed directly by Stripe on a Stripe-hosted checkout page and does not pass through our systems. See Section 3 for more information about Stripe.

1.2 Information Generated by the Service

When you submit a URL for scanning, our systems automatically generate:

• • Scan results — accessibility findings, privacy mechanism detection results, and security configuration data for the submitted URL, compiled into your PDF report.
  • Scan metadata — scan ID, timestamp, pages scanned, and scan status.
  • A Stripe payment intent ID — retained to support refunds and dispute resolution.

1.3 Information Collected Automatically

When you visit sitescanreport.com, we may collect standard web server log data, such as IP address, browser type, referring URL, and pages visited. We use this data solely for security monitoring, abuse prevention, and service reliability. We do not use it for behavioral profiling or advertising.

---

2. How We Use Your Information

We use the information we collect to:

• • Deliver your compliance scan report to your email address.
  • Process refunds if your scan fails or you request one within our refund window.
  • Respond to support requests submitted to support@sitescanreport.com.
  • Detect and prevent abuse, fraud, and unauthorized use of the Service.
  • Comply with applicable law and respond to lawful legal process.
  • Monitor service reliability and investigate errors.

We do not use your information to send marketing emails. We do not build user profiles. We do not use your information, submitted content, or scan results to train machine learning models, and we do not permit service providers to use personal information we disclose to them for their own advertising or unrelated model training except as described in this Privacy Policy.

---

3. Information We Share

We do not sell, rent, or trade your personal information. We share information only as described below.

3.1 Service Providers

We use the following third-party service providers to operate the Service. Each receives only the information reasonably necessary to perform its function on our behalf.

Stripe, Inc. — payment processing. When you purchase a scan, you complete checkout on a Stripe-hosted checkout page. Stripe collects and processes your payment card information and any billing information it requires directly. We receive payment confirmation and a payment intent ID, but we do not receive your full payment card details. Stripe acts as our payment processor for these purposes. Stripe's privacy policy is available at stripe.com/privacy.

Postmark (ActiveCampaign, LLC) — transactional email delivery. We provide your email address and the rendered PDF report to Postmark solely to send order-related emails and deliver your PDF report on our behalf. Postmark does not use this information for its own marketing purposes. Postmark's privacy policy is available at postmarkapp.com/privacy-policy.

Amazon Web Services, Inc. (AWS) — cloud infrastructure and storage. Your email address, submitted URL, scan metadata, scan results, and PDF report are stored on AWS servers located in the United States, including the us-east-1 region. Certain scan-related content fetched from the submitted URL, such as privacy-policy text incorporated into scan results, may also be stored on AWS on our behalf. AWS acts as our hosting and storage provider for these purposes. AWS's privacy policy is available at aws.amazon.com/privacy.

Anthropic, PBC — AI narrative generation. Public content from your submitted URL may be transmitted to Anthropic's API to generate narrative analysis included in your report. We do not intentionally send your email address or payment card data to Anthropic, and we rely on Anthropic's applicable API terms and settings governing use of submitted data. Anthropic acts as a service provider for this processing. Anthropic's privacy policy is available at anthropic.com/privacy.

Qualys SSL Labs — SSL/TLS analysis. We submit the domain from your submitted URL to the Qualys SSL Labs API to evaluate certificate, protocol, and cipher configuration as part of the security portion of your report. This submission is limited to the publicly accessible domain being scanned, and we do not provide payment card data or other unnecessary personal information to Qualys for this purpose. Qualys acts as a service provider for this limited analysis. Qualys's privacy policy is available at qualys.com/privacy.

3.2 Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or other legal process, or if we believe in good faith that the disclosure is necessary to protect our rights, enforce our agreements, protect your safety or the safety of others, or respond to fraud, security, or technical issues.

3.3 Business Transfers

If SiteScanReport LLC is acquired, merged, or its assets are transferred, your information may be transferred as part of that transaction. We will notify you via email if your information becomes subject to a materially different privacy policy as a result.

---

4. Data Retention

We retain your information for the periods described below, based on the purposes for which it was collected and our legal, operational, and recordkeeping obligations.

• • Your email address and certain order metadata are retained for as long as reasonably necessary to support refunds, disputes, and legal recordkeeping obligations.
  • Your submitted URL, scan metadata, scan results, and PDF report are stored securely in AWS S3 for 7 years. These records are subject to AWS S3 Object Lock in Compliance mode as part of our record retention practices, which means they cannot be modified or deleted before the applicable retention period expires.
  • Public content fetched from your submitted URL during the scan may be processed temporarily to generate your report. Intermediate fetched content is not retained after AI processing is complete, but any privacy-policy text or similar content incorporated into the scan results is retained with those scan records for the same 7-year period.
  • Payment records and payment card data are retained by Stripe in accordance with Stripe's policies and applicable legal and regulatory requirements.

If you would like to request deletion of your personal information, contact us at support@sitescanreport.com. We will review and honor deletion requests to the extent required by applicable law and permitted by our legal obligations and technical capabilities. Where AWS S3 Object Lock in Compliance mode applies, affected records cannot be modified or deleted until the applicable retention period expires; in those cases, we may instead limit further use of the information and delete it when deletion becomes legally and technically available.

---

5. Data Security

We implement technical and organizational measures designed to protect your information against unauthorized access, disclosure, alteration, and destruction. These measures include:

• • Encryption of stored data on AWS using AWS Key Management Service (KMS).
  • Encryption of data in transit using TLS.
  • Access controls that limit which system components can read or write specific data.
  • AWS S3 Object Lock in Compliance mode for retained scan records.
  • No payment card data stored on our infrastructure.

No method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we take our obligations seriously and maintain safeguards appropriate for a service of this type.

---

6. Third-Party Websites

Our reports or Service may include references or links to third-party websites and resources (such as accessibility guidance at dequeuniversity.com or WebAIM). We are not responsible for the privacy practices of third parties. This policy applies only to information collected through the Service.

---

7. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at support@sitescanreport.com and we will take appropriate steps to delete it or otherwise address it as required by applicable law.

---

8. Your Privacy Rights

Depending on applicable law, you may have certain rights regarding your personal information, including rights to access, correct, or request deletion of your data. To exercise any applicable rights, contact us at support@sitescanreport.com with your request. We will respond within a reasonable timeframe and in accordance with applicable law, subject to any legal exceptions or retention requirements that apply to particular records.

We do not sell personal information and therefore do not offer a "Do Not Sell" opt-out. We do not use personal information for targeted advertising.

---

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. If we make material changes, we will make reasonable efforts to notify affected users as appropriate. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

---

10. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

SiteScanReport LLC
support@sitescanreport.com
sitescanreport.com

Questions about this policy? Contact us.