Privacy Policy

Last updated: March 15, 2026

1. What we collect

When you use VulnScan.pro, we collect:

• Account data: Email address (via Google OAuth or email registration)
• Scan data: Target domain, scan results, vulnerability findings, generated PDF reports
• Payment data: Processed by LemonSqueezy (Stripe). We never see your card number.

2. How we use it

• To run security scans on domains you own and have verified
• To generate and deliver your vulnerability reports
• To send scan completion emails

We do not sell, share, or transfer your data to third parties for marketing.

3. Data hosting & retention

All scan data is hosted on EU servers (Hetzner, Germany). Scan results and reports are automatically deleted after 90 days. You can request earlier deletion by emailing us.

4. Domain verification

We only scan domains you prove you own via DNS TXT or file verification. Unauthorized scanning is blocked by design.

5. Cookies

We use a session cookie for authentication (NextAuth). No tracking cookies, no analytics, no third-party scripts.

6. Your rights

You can request access, correction, or deletion of your data at any time. Contact: support@vulnscan.pro

7. Contact

VulnScan.pro is operated from Spain (EU). For privacy inquiries: support@vulnscan.pro