Last updated: March 8, 2026
Account: Email, name (optional), hashed password. Scans: Target domain, results, findings, PDF reports. Payments: Processed by Lemon Squeezy — we never store card numbers. Usage: IP address (rate limiting only), timestamps.
Account data for authentication and scan delivery. Scan results solely for report generation. We do not use scan data for training AI models, analytics, or any purpose beyond your report.
EU-based servers (Hetzner, Germany). Reports encrypted at rest (AES-256). Auto-deleted after 90 days.
Lemon Squeezy: EU payment processing. Resend: Transactional emails. OpenRouter/Anthropic: AI analysis (no PII transmitted). No data sold to advertisers.
Access, rectify, delete, export your data, or withdraw consent at any time. Contact support@vulnscan.pro.
Essential session cookies only. No tracking, no analytics, no third-party cookies.
Notification within 72 hours as required by GDPR.
Data Controller: VulnScan Pro. Email: support@vulnscan.pro