Privacy
Short version: we collect nothing. Longer version below.
Nothing. WebAudit does not collect, store, or process any personal data.
When you scan a URL, WebAudit sends a request to that URL from our server to retrieve HTTP headers and other publicly available security signals. Scanned URLs are not stored anywhere — they exist only for the duration of the scan request and are discarded immediately after the response is returned to your browser.
We do not build a database of scanned domains. We do not log what sites you scan. Each scan is fully ephemeral.
PDF reports are generated on-demand server-side and returned directly to your browser as a file download. No PDF report is saved, cached, or stored server-side. Once the response stream closes, the report no longer exists anywhere except on your device.
If you obtain an API key for paid access, your email address is retained only to associate it with your key. It is not shared, sold, or used for marketing. You can request deletion at any time by emailing hello@webaudit.in.
The frontend is served via Cloudflare Pages. The backend runs on Railway. Both are infrastructure providers and may log standard server access logs (IP, timestamp, request path) per their own privacy policies. WebAudit does not access or retain those logs.
Google Fonts is loaded from Google's CDN for typography. This means your browser makes a request to Google's servers when loading any WebAudit page. If you prefer to avoid this, use a browser extension that blocks Google Fonts.
Questions about this policy? Email hello@webaudit.in — I read every message.