Privacy Policy

Last Updated: November 7, 2025

1. Introduction

ScanTower ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website security scanning service ("the Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register for or use the Service:

  • Account Information: Email address, name, password (encrypted), and profile information;
  • Billing Information: Payment details, billing address, and transaction history (processed by third-party payment processors);
  • Communication Data: Messages, support tickets, and feedback you send to us;
  • Contact Information: Email addresses for notifications and alerts.

2.2 Scan Data

When you use the Service to scan websites, we collect and process:

  • URLs and Domains: Website addresses you submit for scanning;
  • Scan Results: Vulnerabilities, security issues, malware findings, and security configurations;
  • Technical Data: SSL certificates, DNS records, HTTP headers, security headers, response codes;
  • Website Content: HTML content, JavaScript files, external scripts, and third-party resources;
  • Screenshots: Visual captures of scanned websites for malicious script detection;
  • Network Data: IP addresses, open ports, port scan results, hosting information, ASN data;
  • CMS Information: WordPress versions, plugins, themes, and component data;
  • Certificate Data: Certificate transparency log entries and subdomain information;
  • Historical Data: Changes in configurations, security scores, and scan comparisons over time.

2.3 Usage Information

We automatically collect information about how you use the Service:

  • Log Data: IP addresses, browser type, operating system, referring URLs, pages viewed;
  • Device Information: Device identifiers, screen resolution, browser settings;
  • Usage Patterns: Features used, scan frequency, dashboard interactions;
  • Performance Data: Page load times, error rates, API response times;
  • Authentication Data: Login times, session durations, authentication methods.

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Essential Cookies: Maintain user sessions, authentication, and security;
  • Analytics Cookies: Understand usage patterns and improve the Service;
  • Preference Cookies: Remember your settings and preferences;
  • Security Cookies: Detect fraudulent activity and protect against abuse.

You can control cookies through your browser settings, but disabling cookies may affect Service functionality.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

  • Performing security scans and vulnerability assessments;
  • Generating scan reports and security recommendations;
  • Detecting malware, vulnerabilities, and security misconfigurations;
  • Monitoring SSL certificates and DNS configurations;
  • Tracking changes in security posture over time;
  • Sending email alerts and notifications about scan results;
  • Managing scheduled and automated scans.

3.2 Service Improvement and Research

  • Analyzing scan data to improve detection algorithms and accuracy;
  • Identifying emerging threats and vulnerability patterns;
  • Developing new security detection capabilities;
  • Building threat intelligence databases;
  • Training machine learning models for malware detection;
  • Conducting security research and publishing anonymized findings;
  • Improving user experience and Service performance.

3.3 Communication

  • Sending security alerts and vulnerability notifications;
  • Providing customer support and responding to inquiries;
  • Sending service announcements and updates;
  • Delivering newsletters and security tips (with your consent);
  • Communicating about billing, payments, and account issues.

3.4 Security and Legal Compliance

  • Detecting and preventing fraud, abuse, and unauthorized access;
  • Enforcing our Terms of Service;
  • Investigating suspicious scanning activities;
  • Complying with legal obligations and regulatory requirements;
  • Responding to law enforcement requests and legal processes;
  • Protecting our rights, property, and safety.

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with third-party service providers who perform services on our behalf:

  • Cloud Hosting Providers: For data storage and processing;
  • Payment Processors: For billing and payment processing;
  • Email Services: For sending notifications and alerts;
  • Analytics Providers: For usage analysis and service improvement;
  • Security Services: For threat intelligence and abuse detection.

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders, subpoenas, or other legal processes;
  • Law enforcement requests;
  • Regulatory or governmental inquiries;
  • Protection of our legal rights;
  • Investigation of fraud, security incidents, or Terms violations;
  • Compliance with national security requirements.

4.3 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for:

  • Security research and threat intelligence;
  • Industry reports and statistics;
  • Vulnerability trend analysis;
  • Academic research;
  • Marketing and business development.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

  • Account Data: Retained while your account is active and for a reasonable period after deletion for legal and security purposes;
  • Scan Results: Retained to provide historical comparisons, trend analysis, and service improvement. You may delete individual scan results from your dashboard;
  • Usage Logs: Retained for 12-24 months for security, troubleshooting, and analytics;
  • Billing Records: Retained for 7 years to comply with tax and accounting requirements;
  • Communication Records: Retained for 3 years for customer support and dispute resolution.

After the retention period, we will delete or anonymize your information unless we are required to retain it by law.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest;
  • Access Controls: Role-based access controls and authentication;
  • Monitoring: Security monitoring and intrusion detection;
  • Regular Audits: Security assessments and vulnerability scanning;
  • Secure Development: Security-focused development practices;
  • Employee Training: Regular security and privacy training for staff.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Data Subject Rights (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have the following rights:

  • Right to Access: Request a copy of your personal information;
  • Right to Rectification: Request correction of inaccurate information;
  • Right to Erasure: Request deletion of your personal information (subject to legal retention requirements);
  • Right to Restriction: Request limitation on processing of your information;
  • Right to Data Portability: Receive your information in a structured, machine-readable format;
  • Right to Object: Object to processing based on legitimate interests;
  • Right to Withdraw Consent: Withdraw consent for processing where consent was the legal basis;
  • Right to Lodge a Complaint: File a complaint with your local data protection authority.

7.2 Account Management

You can:

  • Access and update your account information through your dashboard;
  • Delete individual scan results;
  • Disable scheduled scans;
  • Opt out of marketing communications (service-related emails will still be sent);
  • Delete your account (this will permanently remove your account and data subject to retention policies).

7.3 Exercising Your Rights

To exercise any of these rights, please contact us through our website. We will respond to your request within 30 days. We may require verification of your identity before processing requests.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your country.

We take appropriate safeguards to ensure your information receives adequate protection, including:

  • Standard Contractual Clauses approved by the European Commission;
  • Adequacy decisions by the European Commission;
  • Other lawful transfer mechanisms under applicable data protection laws.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information.

If you believe we have collected information from a child under 18, please contact us immediately.

10. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these third-party sites. We encourage you to read the privacy policies of every website you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Privacy Policy with a new "Last Updated" date;
  • Sending an email notification to registered users;
  • Displaying a prominent notice on the Service.

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Legal Basis for Processing (GDPR)

We process your personal information under the following legal bases:

  • Contract Performance: To provide the Service you have requested;
  • Consent: For marketing communications and optional features;
  • Legitimate Interests: For service improvement, security, fraud prevention, and research;
  • Legal Obligations: To comply with applicable laws and regulations.

13. Data Controller

ScanTower is the data controller responsible for your personal information under this Privacy Policy. We are based in the Cotswolds, England, United Kingdom.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our website contact form.

For data protection inquiries, you may also contact your local data protection supervisory authority.

Summary of Key Points

  • We collect personal information, scan data, and usage information;
  • We use information to provide the Service, improve security detection, and conduct research;
  • We share information with service providers and as required by law;
  • We retain data for as long as necessary to provide the Service and comply with legal obligations;
  • We implement security measures but cannot guarantee absolute security;
  • You have rights to access, correct, delete, and control your information;
  • We comply with GDPR and other applicable data protection laws.