What we collect
When you use Skavio, we collect:
- The URLs you submit for scanning
- Scan results (security findings, risk scores)
- Your email address if you create an account
- Basic usage data (scan count, account creation date)
- Standard server logs (IP address, browser type, timestamps)
What we do not collect
- Passwords (we use OAuth — Google and GitHub sign-in only)
- Payment card details (handled entirely by LemonSqueezy)
- Any data from the websites you scan beyond what is publicly accessible
How we use your data
- To run security scans and return results to you
- To enforce plan limits (scan quotas)
- To send transactional emails (e.g. subscription receipts via LemonSqueezy)
- To improve the accuracy and coverage of our security checks
Data retention
Free scan results are stored for 7 days and then permanently deleted. Scan results linked to a paid account are retained for as long as the account is active. You can delete your account and all associated data at any time from your dashboard settings.
Third-party services
- Supabase — database and authentication
- LemonSqueezy — payment processing and subscription management
- Vercel — hosting and edge delivery
- Anthropic — AI-generated fix prompts (finding data only, not personal data)
We do not sell, rent, or share your personal data with any other third parties.
Your rights
You can request access to, correction of, or deletion of your personal data at any time by deleting your account from Settings, or by emailing us. We will respond within 30 days.