AuditCore
AuditCore

Privacy Policy

Last updated: April 12, 2026

1. Introduction

AuditCore ("we", "us", "our") operates the website audit-core.tech and provides automated security and SEO auditing services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Email address — required to deliver scan results and create an account.
  • Target URL or uploaded file (APK/IPA) — the asset you submit for scanning.
  • Payment information — processed securely by Stripe. We never store your card details.
  • Account credentials (optional) — if you provide test credentials for multi-role auth testing (Enterprise tier), they are encrypted at rest with AES-256 (Fernet) and deleted after the scan completes.

2.2 Information Collected Automatically

  • Usage data — pages visited, scan configurations, timestamps.
  • Device data — browser type, operating system, IP address.
  • Cookies — essential cookies for authentication and session management. We do not use advertising or tracking cookies.

3. How We Use Your Information

  • To perform the security and SEO scans you request.
  • To deliver scan results via email and the web dashboard.
  • To process payments through Stripe.
  • To send transactional emails (scan completion, scheduled scan results).
  • To improve our Service and fix bugs (aggregated, non-personal analytics).
  • To detect and prevent fraud or abuse of our scanning infrastructure.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only with:

  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Firebase (Google) — authentication.
  • Sentry — error monitoring (if enabled, contains no PII by default).

5. Data Retention

  • Scan results — retained indefinitely so you can access past reports. You may request deletion.
  • Uploaded files (APK/IPA) — deleted within 24 hours after scan completion.
  • Test credentials — encrypted at rest, deleted immediately after the scan completes.
  • Account data — retained until you delete your account.

6. Data Security

We implement industry-standard security measures including HTTPS/TLS encryption, encrypted credential storage (Fernet/AES-256), database access controls, and regular security updates. Our scanning infrastructure runs in isolated Docker containers.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data and account.
  • Export your scan results.
  • Withdraw consent for non-essential data processing.

To exercise these rights, contact us at privacy@audit-core.tech.

8. Cookies

We use only essential cookies required for authentication (Firebase session) and CSRF protection. We do not use third-party analytics, advertising, or tracking cookies.

9. Third-Party Links

Scan results may contain links to external resources (CVE databases, documentation). We are not responsible for the privacy practices of third-party websites.

10. Children's Privacy

Our Service is not directed to individuals under 16. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending an email.

12. Contact Us

If you have questions about this Privacy Policy, contact us at: privacy@audit-core.tech