QuackScan
// privacy_policy

Privacy Policy

Last updated: April 2026

What we collect

When you use QuackScan, we collect only what's necessary to run your scan and deliver your report:

  • -The domain you submit for scanning
  • -Your email address (for authentication and report delivery)
  • -Payment information (processed by Paddle.com for card payments, or on-chain USDC transfers for crypto)

How we use it

  • -To run the security scan you requested
  • -To generate and deliver your report
  • -To process your payment

We do not sell your data. We do not use it for advertising. We do not share it with third parties beyond what's needed to operate the service.

Data retention

Scan reports are deleted from our servers after 24 hours. We do not keep copies of your findings. Your account information (email) is retained while your account is active.

Scanning methodology

By default, QuackScan performs read-only checks on publicly accessible endpoints. We do not modify your systems. Optional scans (credential testing, write-permission checks) only run if you explicitly enable them.

Cookies

We use the following types of cookies:

  • -Essential cookies — required for authentication and core functionality (Supabase session). These are always active and cannot be disabled.
  • -Analytics cookies — Google Analytics (GA4) helps us understand how our site is used. These are only set with your explicit consent via our cookie banner. You can change your preference at any time by clearing your browser storage.

We do not use marketing cookies, advertising trackers, or social media pixels.

Third-party services

We share data with the following third-party services, only as necessary to operate QuackScan:

  • -Google Analytics (GA4) — anonymous usage analytics, only with your consent. Data may be transferred to the US under Google's Data Processing Amendment.
  • -Paddle.com — payment processing (Merchant of Record for card payments, handles tax and invoicing)
  • -Resend — transactional email delivery (contact form, report delivery)
  • -Solana / Polygon / BSC — on-chain USDC payment verification
  • -Supabase — authentication and data storage

International data transfers

Some of our third-party services (Google, Supabase, Resend) may process data in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) and each provider's Data Processing Agreement, ensuring your data is protected to EU/EEA standards.

Your rights (GDPR / CCPA)

Depending on your location, you have the following rights regarding your personal data:

  • -Access — request a copy of all data we hold about you
  • -Rectification — correct inaccurate personal data
  • -Erasure — request deletion of your account and all associated data
  • -Data portability — receive your data in a machine-readable format
  • -Object — object to processing of your data for analytics
  • -Withdraw consent — withdraw cookie consent at any time by clearing browser storage

To exercise any of these rights, email us at hello@quackscan.xyz. We will respond within 30 days. Reports are automatically deleted after 24 hours.

We do not sell your personal data. If you are a California resident, you have the right to know this under the CCPA.

Contact

Questions about this policy? Reach us at hello@quackscan.xyz

← Back to home