Privacy Policy

SlapMyWeb respects your privacy. This policy explains what data we collect, how we use it, and your rights under GDPR and CCPA.

• Account data: email, name, hashed password, plan, signup IP
• Scan data: URLs you submit, scan results, screenshots, cached HTML
• Billing data: handled by Stripe — we never see your card number
• Usage data: anonymous analytics (page views, feature usage), error logs
• Communications: support emails, contact-form submissions

• To run audits and deliver scan results to you
• To process billing and send transactional emails
• To improve the Service (anonymized usage analytics)
• To respond to support requests
• To detect abuse and enforce our Terms

We don't sell your data. We share data only with:

• Stripe — for billing and subscription management
• OpenAI / Anthropic — to generate AI roasts and code fixes (audit data only, never PII)
• Google PageSpeed Insights API — to fetch CrUX field data for your audited URLs
• Email provider — to deliver transactional emails

We keep your account data for as long as your account is active. Scan data is retained according to your plan (7 days on Free, unlimited on Pro and Agency). You can delete your account and all associated data at any time from Settings → Danger zone.

• Access: request a copy of your data
• Rectification: correct inaccurate data
• Erasure: delete your data (“right to be forgotten”)
• Portability: export your data in JSON
• Opt-out: stop marketing emails (transactional emails will continue)

We use only essential cookies (session token, theme preference). No advertising cookies. No third-party tracking cookies on the marketing pages.

Passwords are bcrypt-hashed, sessions use signed JWTs, all traffic is HTTPS-only with HSTS, and we keep daily database backups. We follow OWASP best practices and patch dependencies regularly. Found a security issue? Email security@slapmyweb.com.

Privacy questions or data requests: info@slapmyweb.com. We respond within 30 days as required by GDPR.