Cookie & GDPR Policy
Last updated: June 24, 2026
1. Introduction
This Cookie & GDPR Policy explains how SiteLeak ("we," "us," or "our") protects personal data and complies with the General Data Protection Regulation (GDPR) and other applicable privacy frameworks. It also details how and why we use cookies on our website.
We are committed to operating our security scanner with high transparency. We gather only the absolute minimum information required to deliver our core features, protect against abuse, and process payments securely.
2. GDPR Compliance & Data Protection
For individuals in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland, we process personal data in compliance with the GDPR. Here is a breakdown of our responsibilities and your rights:
2.1 Data Processing Scope
We process personal data (specifically, your email address if you register an account, payment records via Stripe, and temporary IP addresses for rate limiting) under the following legal bases:
- Performance of a Contract: Necessary to administer your user account and handle paid subscriptions (such as Pro or Agency tiers).
- Legitimate Interests: Necessary to prevent spam, bot farming, and DoS attacks (using Cloudflare Turnstile and temporary browser fingerprint hashing).
- Consent: Provided explicitly when you opt-in to save your report history or subscribe to security notifications.
2.2 Your Data Rights
Under GDPR rules, you possess specific data protections which you can execute by writing to us at [email protected]:
- Right to Access: You can request details of all personal data we hold about you.
- Right to Erasure (Right to be Forgotten): You can request that we delete all your account, scan history, and credential logs.
- Right to Rectification: You can request correction of incorrect personal data.
- Right to Portability: You can request a copy of your records in a standard machine-readable format.
- Right to Object/Restrain: You can object to standard processing or cancel recurring consent triggers.
3. Cookie Policy
Cookies are small text files placed on your device to retain user configuration and session tokens. At SiteLeak, we enforce a strict cookie minimization practice. We do not use cookies for advertising, marketing tracking, or behavioral profiling.
3.1 Necessary Session Cookies
These cookies are critical to make the website function properly. Disabling these cookies in your browser settings will prevent you from logging in, managing account sessions, and performing paid subscription scans:
- session: A secure encrypted cookie used to maintain user login states (e.g. keeping track of the email associated with your browser session).
- stripe_session_id: Set by our payment provider (Stripe) to process checkout procedures and manage subscription cycles in the Billing Portal.
3.2 Analytical Cookies
We use Google Analytics to help us review traffic volume, aggregate geographic locations of visitors, and debug system page performance. This analytics configuration employs cookie identifiers:
- _ga / _gid: Used to count visits and compile aggregated, anonymous traffic metrics. No personal data or individual scan reports are mapped to Google Analytics records.
4. Data Sharing & Third Parties
We share necessary data with trusted third parties only to run core service features. We do not sell data to any marketing brokers:
- Stripe: To process payments, handle credit card billing, and direct subscription portals. We do not store credit card credentials on our servers.
- Hetzner Online: Our cloud hosting provider where our application, SQLite database, and scan services operate in secure European data centers.
- Cloudflare: Used for spam protection and anti-bot verification (Turnstile) before allowing scan submissions.
5. Revisions to this Policy
We may modify this policy at any time. Material changes will be accompanied by an updated "Last Updated" date at the top of this page.
6. Contact Us
If you have any questions or would like to exercise your GDPR data rights, please contact us at [email protected].