Skip to main content
aiSiteReady
PRIVACYUpdated: June 3, 2026

Privacy policy

What aiSiteReady processes when you start a scan and view a report, plus the cookies and analytics we use and how to manage them.

Scan data

We process data needed to run scans, build reports, prevent abuse, and debug failures.

  • Submitted URL, normalized target, scan profile, report language, and report visibility.
  • Limited HTTP evidence: status codes, selected headers, discovered public files, relevant URLs, and short snippets.
  • Temporary operational metadata: timestamps, request IDs, errors, rate-limit and security events, including request IP address when needed to protect the service.

Privacy boundaries

The service is designed for public pages. Do not submit URLs with credentials, secrets, personal tokens, or private parameters.

  • The MVP scanner does not execute remote JavaScript, log in to websites, or run user journeys.
  • Full HTML is not stored by default. Evidence is reduced to data needed for checks and result explanation.

Browser and service storage

Reports and evidence are stored to display results, export reports, support repeat viewing, debug failures, and enforce abuse controls.

  • The browser may store the selected interface language and private report access tokens in localStorage; the temporary admin token is stored in sessionStorage.
  • Public reports may be available to anyone with the link. For sensitive targets, use private visibility and do not submit secret URLs.

Cookies and analytics

We use Google Analytics 4 (GA4), loaded through Google Tag Manager (GTM), to understand aggregate, anonymous usage and improve the product. Analytics run only after you accept: Google Consent Mode v2 keeps analytics storage denied by default, and our cookie banner switches it to granted only with your consent. Analytics events are limited to coarse, non-identifying signals — page views and aggregate funnel events — and never include the scanned URL or any personal identifier.

  • cc_cookie — remembers your cookie choices so the banner does not reappear. Strictly necessary; kept about 6 months (182 days).
  • _ga — Google Analytics; distinguishes visitors. Set only after you accept analytics; kept up to 2 years.
  • _ga_* (per-property, e.g. _ga_XXXXXXXXXX) — Google Analytics; preserves session state. Set only after you accept analytics; kept up to 2 years.
  • Google Tag Manager itself sets no cookies; it only loads the consent-gated GA4 tags that set the cookies above.

Your consent choices

On your first visit, a banner lets you accept or reject analytics; strictly necessary cookies always run. You can change or withdraw your choice anytime via "Cookie settings" in the footer, which re-opens the preferences panel. If you reject or later withdraw consent, analytics storage stays denied and the _ga cookies are not set; you can also clear cookies in your browser. Google processes analytics data under its own policy (policies.google.com/privacy), and you can install its opt-out add-on (tools.google.com/dlpage/gaoptout).

Retention and deletion

MVP retention periods and deletion procedures are product operations settings and may change. Do not submit data that requires a separate contractual or regulated processing regime.