PrivacyChecker

Privacy Policy

Last updated: February 23, 2026

Who we are

PrivacyChecker.com (“PrivacyChecker”, “we”, “us”, “our”) is a digital privacy audit platform. We help individuals and businesses understand their privacy exposure and take action to protect their data.

Our commitment to your privacy

We are a privacy company. Our practices reflect this:

  • We do not use Google Analytics or any invasive tracking tools.
  • We use privacy-respecting analytics (Plausible/Fathom) that collect no personal data.
  • We do not sell, rent, or share your personal information with third parties for marketing.
  • We minimize data collection to only what is necessary to provide our service.
  • We encrypt personal data at rest and in transit.
  • You can delete your account and all associated data at any time.

What data we collect

Scan inputs

When you run a scan, we process the input you provide (email address, username, URL, phone number, or name). For passwords, the password itself is never transmitted to our servers — we use k-anonymity to check breach databases without ever seeing your password. For other scan types, we hash your input before storing it and never retain the raw value in our database.

Scan results

We cache scan results to improve performance and reduce load on third-party APIs. Cached results are stored with a hashed version of your input and automatically expire after 24 hours (breach data) or 7 days (website/WHOIS scans). If you create an account, your scan history is stored and linked to your user profile so you can access past results.

Account information

If you create an account, we collect your email address and any profile information you choose to provide. Authentication is handled by Supabase Auth. We support passwordless login (magic links) and OAuth providers (Google, GitHub) so we never need to store your password.

Automatically collected information

We collect minimal technical data necessary to operate the service: IP address (for rate limiting, not stored long-term), browser type, and page views via privacy-respecting analytics that do not use cookies or track individual users.

How we use your data

  • To perform the scans you request and display results.
  • To cache results and improve performance on repeat lookups.
  • To provide your scan history and dashboard if you have an account.
  • To send you notifications about new breaches or removal status (if opted in).
  • To enforce rate limits and prevent abuse of our service.
  • To improve our service based on aggregate, anonymized usage patterns.

Third-party services

To perform scans, we query third-party APIs including Have I Been Pwned (HIBP), DeHashed, Qualys SSL Labs, and others. When we query these services on your behalf:

  • For password checks: only a 5-character hash prefix is sent (k-anonymity).
  • For other scans: we send the minimum data required (e.g., email address for breach lookups).
  • These services have their own privacy policies and data practices.

Data retention

Cached scan results expire automatically (24 hours for breach data, 7 days for website scans). WHOIS records are retained indefinitely as public historical data. If you have an account, your scan history is retained until you delete it or delete your account. Anonymous scan data is retained in hashed form for up to 90 days.

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to or restrict processing of your data.
  • Withdraw consent at any time.

To exercise any of these rights, contact us at privacy@privacychecker.com or use the account deletion feature in your dashboard settings.

Cookies

We use only essential cookies required for authentication and session management. We do not use any tracking cookies, advertising cookies, or third-party cookies. We practice what we preach.

Security

We use industry-standard security measures including HTTPS everywhere, encryption at rest for personal data, parameterized database queries, input sanitization, and regular security audits. Our infrastructure is hosted on Vercel and Supabase, both of which maintain SOC 2 compliance.

Changes to this policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. The “last updated” date at the top of this page indicates when the policy was last revised.

Contact

For privacy-related questions or concerns, contact us at privacy@privacychecker.com.