Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website audit service at auditweb.cloud, in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Romanian data protection laws.

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Account Data

• Full name — provided during registration.
• Email address — used for account identification, login, and communication.
• Hashed password — securely hashed using industry-standard algorithms. We never store your password in plain text.

2.2 Payment Data

• Payment information — processed securely by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We may store a Stripe customer ID, transaction references, and billing-related metadata.

2.3 Audit and Usage Data

• URLs submitted for audit — the website addresses you choose to analyze.
• Audit scan results — performance, SEO, accessibility, and other metrics generated during audits.
• Usage logs — timestamps, features used, and credit consumption.

2.4 Technical Data

• IP address — collected automatically for security, fraud prevention, and service delivery.
• Browser type and version, device information — collected through standard HTTP headers.
• Cookies and session data — see our Cookie Policy for details.

3. Purposes of Processing

We process your personal data for the following purposes:

• Account management: Creating and maintaining your user account, authentication, and account security.
• Service delivery: Performing website audits, generating reports, and managing your credit balance.
• Payment processing: Processing credit purchases, managing billing, and issuing refunds via Stripe.
• Communication: Sending transactional emails (e.g., account verification, password reset, payment receipts) and, with your consent, marketing communications.
• Security and fraud prevention: Detecting and preventing unauthorized access, abuse, and fraudulent activity.
• Service improvement: Analyzing usage patterns to improve the Service, fix bugs, and develop new features.
• Legal compliance: Fulfilling our legal obligations, including tax and accounting requirements.

4. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases for processing your personal data:

• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide our Service to you, including account creation, audit delivery, and payment processing.
• Consent (Art. 6(1)(a) GDPR): Where you have given specific consent, such as for receiving marketing communications. You may withdraw your consent at any time.
• Legitimate interest (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests are not overridden by your rights and freedoms.
• Legal obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with applicable legal requirements, such as tax laws and accounting obligations.

5. Third-Party Data Processors

We share personal data with the following third-party processors, each bound by data processing agreements compliant with GDPR:

We do not sell your personal data to any third party. Data shared with processors is limited to what is strictly necessary for the specified purposes.

6. International Data Transfers

Some of our third-party processors operate outside the European Economic Area (EEA). When personal data is transferred internationally, we ensure appropriate safeguards are in place:

• EU-U.S. Data Privacy Framework: Transfers to US-based processors (Stripe, Google, OpenRouter) are conducted under the EU-U.S. Data Privacy Framework or Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions: Where applicable, we rely on adequacy decisions by the European Commission for transfers to countries with adequate data protection.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

• Account data: Retained for the duration of your account and up to 30 days after account deletion, to allow for account recovery.
• Audit data and reports: Retained for the duration of your account. Deleted within 90 days after account deletion.
• Payment and transaction records: Retained for up to 10 years after the transaction, as required by Romanian tax and accounting regulations.
• IP addresses and security logs: Retained for up to 12 months for security and fraud prevention purposes.
• Marketing consent records: Retained for as long as the consent is valid and for up to 3 years after withdrawal for compliance purposes.

After the applicable retention period, personal data is securely deleted or anonymized.

8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

• Right of access (Art. 15): You have the right to request a copy of all personal data we hold about you.
• Right to rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You have the right to request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
• Right to restriction of processing (Art. 18): You have the right to request that we limit processing of your data in certain circumstances.
• Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro, or with any other EU supervisory authority.

To exercise any of these rights, please contact us at contact@auditweb.cloud. We will respond to your request within 30 days, as required by the GDPR.

9. Cookies

We use essential cookies to enable authentication and ensure the proper functioning of our Service. We do not currently use analytics or advertising cookies.

For detailed information about the cookies we use, please refer to our Cookie Policy.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/HTTPS.
• Secure password hashing using industry-standard algorithms.
• Access controls and authentication for all administrative systems.
• Regular security reviews and updates.

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by email or through a notice on our website. We encourage you to review this policy periodically.

13. Contact Us

For any questions, concerns, or data protection requests, please contact us:

Email: contact@auditweb.cloud

Website: auditweb.cloud

Supervisory Authority: Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) — www.dataprotection.ro