Privacy Policy

Last updated: February 17, 2026

1. Information We Collect

Account Information: When you create an account, we collect your email address and authentication credentials. If you sign in with Google, we receive your name and email from Google.

Scan Data: When you initiate a scan, we collect the target domain you provide. Scan results (security findings, scores, and metadata) are stored in your account.

Usage Data: We collect standard web analytics including page views, feature usage, and performance metrics to improve the service.

2. How We Use Your Information

  • To provide, maintain, and improve the ThreatDossier service
  • To process scans and generate security reports
  • To manage your account and subscription
  • To send transactional communications (account confirmations, scan completions)
  • To enforce our terms and prevent abuse

3. Data We Access During Scans

ThreatDossier performs external, non-intrusive security assessments. Our scans only access publicly available information, including:

  • DNS records (A, MX, TXT, DMARC, SPF)
  • SSL/TLS certificates and configurations
  • HTTP response headers
  • Publicly accessible files and endpoints
  • Public breach databases and threat intelligence feeds

We do not perform penetration testing, vulnerability exploitation, or any form of intrusive scanning. All checks are equivalent to what any internet user could observe.

4. Data Storage & Security

Your data is stored securely using Supabase (hosted on AWS). All data is encrypted in transit (TLS 1.2+) and at rest. We retain scan results for the duration of your account. You may request deletion of your data at any time by contacting us.

5. Third-Party Services

We use the following third-party services:

  • Supabase — Authentication and database
  • Stripe — Payment processing
  • Vercel — Application hosting
  • Dehashed — Breach intelligence data

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

6. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data and account
  • Export your scan data

8. Contact

For privacy-related inquiries, contact us at privacy@getdetecto.com