Privacy Policy
Last updated July 15, 2026
This Privacy Policy explains how SiteThreat (“SiteThreat,” “we,” “us,” or “our”) may collect, process, use, retain, disclose, and protect information when you visit this website, run an authorized website scan, review scan results, download a report, contact support, or otherwise interact with the service. It also describes choices and rights that may be available to you under applicable law.
By accessing or using SiteThreat, you acknowledge that information may be handled as described in this Privacy Policy. If you do not agree with these practices, do not use the service. This policy applies only to SiteThreat-controlled pages and services. It does not govern a scanned website, a third-party service, an external link, or a separate service provider acting under its own privacy notice.
1. Scope of this policy
This policy applies to information processed through the public SiteThreat website and its external exposure-scanning functionality. The scanner is designed to send limited, non-destructive requests to public endpoints on domains selected by the user. It is not designed to collect private account contents, bypass authentication, access nonpublic systems, or retrieve more response data than reasonably necessary to classify a scan result.
The policy applies whether you access SiteThreat directly, arrive through a referral link, use a desktop or mobile browser, or initiate a scan through the public interface. Separate terms, contracts, or notices may apply if SiteThreat later offers accounts, paid services, application programming interfaces, enterprise features, or other products not described on the current website.
2. Information you provide
You may provide information directly when you enter a domain for scanning, select scan settings, confirm that you are authorized to assess the target, submit a support request, communicate with us, or otherwise interact with the website. Depending on the interaction, this information may include:
Domain and hostname information. The domain name you enter, the selected host coverage, and the scan modes you choose are processed so SiteThreat can perform the requested checks.
Authorization confirmation. The interface may require you to confirm that you own, administer, or have explicit permission to test the selected target. This confirmation is part of the service’s acceptable-use controls.
Communications. If you contact us through Client Assistance or another available channel, your message may contain your name, email address, organization, technical details, screenshots, scan information, and any other content you choose to provide.
Voluntary content. Any information you include in a support message or submit through a future form is provided at your discretion. You should not send passwords, private keys, authentication tokens, complete database exports, regulated personal data, or other highly sensitive information unless specifically requested through an appropriate secure channel.
3. Information processed during a scan
When you initiate a scan, SiteThreat may process the target domain, requested hostname, requested path, request type, response status, final URL, response headers, content type, connection timing, severity classification, verdict, reason, and a limited response sample. This information is used to determine whether a requested resource appears blocked, unavailable, ambiguous, or publicly exposed.
A response sample may contain text returned by the target server. Depending on how the target is configured, that sample could include a custom error message, application text, a server banner, a diagnostic message, a fragment of a configuration file, or other content. SiteThreat limits the amount of response data processed by the scanner, but users should understand that an exposed resource may itself contain sensitive information.
Scan results may also include remediation guidance, calculated counts, a Site Threat Score, threat-level language, and downloadable JSON or CSV reports generated in the user’s browser. The existence of a report does not mean that SiteThreat has independently verified ownership of the target or confirmed every finding. The user remains responsible for authorization, interpretation, remediation, and secure handling of results.
4. Information collected automatically
Like most websites, SiteThreat and its infrastructure providers may automatically receive technical information when your browser connects to the service. This may include your Internet Protocol address, approximate network location, browser type, browser version, operating system, device type, language, referring page, requested page, date and time, response status, and other ordinary server-log information.
Automatic information may be generated by web servers, content-delivery systems, hosting providers, security tools, rate-limiting systems, analytics services, or error-monitoring mechanisms. This information helps deliver pages, detect abuse, investigate failures, maintain availability, secure the service, understand aggregate usage, and improve functionality.
We do not represent that automatic technical information is anonymous in every context. An IP address, device identifier, or combination of usage attributes may be considered personal information under some laws, especially when it can reasonably be linked to an individual or household.
5. Cookies, local storage, and similar technologies
SiteThreat or its service providers may use cookies, local storage, session storage, pixels, scripts, or comparable technologies to support essential website functions, remember limited preferences, measure traffic, detect abuse, and understand how the site is used. Some technologies may be necessary for security or operation, while others may support analytics.
You can usually control cookies through your browser settings. Blocking or deleting cookies may affect certain features, preferences, security functions, or measurement capabilities. Browser controls vary, and disabling one type of storage may not disable every similar technology.
Where applicable law requires consent for nonessential technologies, SiteThreat may provide a consent mechanism or rely on configuration that limits such technologies until an appropriate choice is made. The availability and form of those controls may depend on the visitor’s location, browser, and the technologies active on the site at that time.
6. Analytics and TrackingCounter
This website uses TrackingCounter for website traffic measurement and related analytics. TrackingCounter may receive technical and usage information in connection with its services, such as page visits, referral information, browser details, device characteristics, timestamps, and IP-related data. Its processing is governed by its own applicable terms, policies, settings, and technical practices.
Analytics information may be used to understand aggregate traffic, identify popular pages, diagnose performance issues, detect unusual activity, and improve site design. Analytics results are not intended to be used by SiteThreat to make decisions about employment, credit, housing, insurance, health care, eligibility, or other legally significant matters.
Third-party analytics technology can change independently of SiteThreat. You should review the provider’s current privacy materials and use available browser or provider controls if you wish to limit analytics processing.
7. Purposes for processing information
SiteThreat may process information for the following purposes:
Providing the service. To validate domains, create a scan queue, issue authorized requests, classify responses, calculate the Site Threat Score, display results, generate remediation guidance, and enable report downloads.
Security and abuse prevention. To detect unauthorized scanning, excessive requests, automated abuse, malicious input, attempts to circumvent restrictions, denial-of-service activity, fraud, or other conduct that could harm SiteThreat, target systems, users, or service providers.
Reliability and troubleshooting. To diagnose errors, review timeouts, understand failed requests, maintain compatibility, improve scanner accuracy, and monitor infrastructure performance.
Support and communications. To respond to questions, investigate reported problems, provide requested assistance, and maintain records of support interactions.
Improvement and measurement. To analyze aggregate usage, evaluate which features are useful, refine content, improve remediation guidance, and develop safer or more effective functionality.
Legal and administrative purposes. To enforce applicable terms, protect rights and property, comply with valid legal process, preserve evidence, resolve disputes, and meet legal obligations.
8. Legal bases where applicable
Some jurisdictions require an organization to identify a legal basis for processing personal information. Depending on the circumstances, SiteThreat may rely on one or more of the following bases: performance of a requested service; legitimate interests in operating, securing, improving, and protecting the website; compliance with legal obligations; establishment, exercise, or defense of legal claims; protection of vital or public interests where recognized; or consent when consent is required and obtained.
The legal basis may differ by data category, purpose, user location, and relationship with SiteThreat. Where processing is based on consent, you may generally withdraw that consent prospectively, subject to legal and technical limitations. Withdrawal does not invalidate processing that occurred before the withdrawal.
9. How information may be disclosed
SiteThreat may disclose information to vendors and service providers that support hosting, infrastructure, security, analytics, communications, support, backup, error diagnosis, content delivery, and other operational functions. These providers may process information on our behalf or under their own terms, depending on the service and relationship.
Information may also be disclosed when reasonably necessary to comply with law, regulation, court order, subpoena, warrant, governmental request, or other valid legal process; to investigate suspected fraud, misuse, unauthorized scanning, or security incidents; to protect the rights, safety, property, or operations of SiteThreat or others; or to establish, exercise, or defend legal claims.
If SiteThreat or its assets are involved in a merger, acquisition, financing, reorganization, bankruptcy, sale, transfer, or similar transaction, information may be reviewed or transferred as part of that process, subject to applicable law and appropriate confidentiality protections.
We may disclose aggregated or de-identified information that does not reasonably identify an individual, subject to applicable law. We do not authorize recipients to reidentify information that has been intentionally de-identified where such a restriction is required.
10. Sale and sharing of personal information
SiteThreat is not designed as a data-broker service and does not offer scan users’ personal information for sale as a core function of the website. However, privacy laws may define “sale,” “sharing,” “targeted advertising,” or comparable terms more broadly than an exchange for money. Certain analytics or advertising technologies can potentially fall within those definitions depending on configuration, jurisdiction, and data flow.
Where SiteThreat is legally required to provide an opt-out mechanism, honor a recognized browser-based opt-out signal, or disclose categories of sale or sharing, we may provide the applicable control or notice. The absence of a particular link should not be interpreted as a waiver of rights that cannot legally be waived.
11. Data retention
Information is retained for only as long as reasonably necessary for the purposes described in this policy, including operation, security, troubleshooting, legal compliance, dispute resolution, and enforcement. Retention periods may differ by information type and system.
For example, ordinary server logs may be retained for a period appropriate to security and reliability needs; support communications may be retained while a matter is active and for a reasonable administrative period afterward; and records relevant to abuse, incidents, disputes, or legal obligations may be retained longer. Backup systems may preserve information for an additional limited period before normal rotation or deletion.
SiteThreat may retain aggregated or de-identified information for analytics, historical measurement, service improvement, or security research when that information no longer reasonably identifies an individual. We may also retain minimal records necessary to document that a deletion or opt-out request was honored.
12. Security safeguards
SiteThreat uses reasonable technical, administrative, and organizational measures intended to protect information against unauthorized access, loss, misuse, alteration, or disclosure. Measures may include access controls, secure transport, logging, system updates, restricted administrative access, input validation, rate limits, backups, and other safeguards appropriate to the service.
No website, network, transmission method, or storage system is completely secure. SiteThreat cannot guarantee that information will never be accessed, intercepted, disclosed, altered, lost, or destroyed. Users should avoid submitting unnecessary sensitive information and should protect downloaded scan reports because those reports may contain target URLs, technical findings, response samples, or remediation details.
If you believe SiteThreat has a security issue, do not publicly disclose exploit details or use the issue to access information without authorization. Submit a responsible report through Client Assistance with enough information for the issue to be investigated safely.
13. Security of scanned targets
The security and privacy practices of a scanned target are controlled by that target’s owner or operator, not by SiteThreat. When you scan a domain, requests are sent to the target system, and the target may record the scanner’s request, IP information, user agent, requested path, timestamp, and response. The target may also use its own analytics, firewall, bot-management, security, or logging services.
SiteThreat does not control how the target handles those records. You should review the target’s privacy and security requirements before scanning and should use the service only when you have appropriate authorization.
14. International processing
SiteThreat, its infrastructure, and its service providers may operate in or process information from locations different from your state, province, or country. As a result, information may be transferred to jurisdictions with privacy laws that differ from those in your location.
Where legally required, appropriate transfer mechanisms or contractual protections may be used. By using the service, you understand that Internet-based processing may involve transmission through multiple networks and jurisdictions.
15. Your privacy choices
You may choose not to initiate a scan, not to submit a support message, and not to provide optional information. You may also adjust browser settings to limit cookies or storage, use privacy-protective browser features, clear local data, or use available analytics controls.
Depending on your location and the law that applies, you may have rights to request access to personal information, obtain information about categories and sources, correct inaccurate information, request deletion, restrict or object to certain processing, receive a portable copy, withdraw consent, opt out of certain sale, sharing, profiling, or targeted advertising practices, or appeal a denied request.
These rights are not absolute. A request may be limited or denied when an exception applies, when information cannot reasonably be linked to the requester, when identity or authority cannot be verified, when retention is legally required, or when compliance would adversely affect the rights and freedoms of others.
16. Submitting a privacy request
Privacy requests may be submitted through Client Assistance. Describe the request clearly and identify the SiteThreat interaction to which it relates. Do not send passwords, private keys, or unnecessary copies of government identification in an initial message.
We may need to verify your identity, jurisdiction, authority, or relationship to the information before completing a request. Verification may involve confirming an email address, requesting information reasonably related to the interaction, or asking an authorized agent to provide proof of authority. We will use verification information only for the request and related legal obligations.
Where applicable, you may use an authorized agent. We may ask for evidence that the agent is permitted to act for you and may separately confirm the request with you unless law provides otherwise.
17. California privacy notice
California residents may have rights under the California Consumer Privacy Act, as amended, when SiteThreat is subject to that law and the requested information falls within its scope. These may include rights to know, access, correct, delete, opt out of certain sale or sharing, limit certain uses of sensitive personal information, receive information about data practices, and exercise rights without unlawful discrimination.
Categories of information potentially processed by SiteThreat may include identifiers such as IP addresses and contact details; Internet or electronic-network activity such as page interactions and scan requests; geolocation information inferred approximately from network data; professional information voluntarily included in communications; and inferences derived from activity for security, analytics, or service improvement.
SiteThreat does not intentionally collect sensitive personal information for the purpose of inferring characteristics about users. Users should not submit sensitive personal information through support channels unless necessary and specifically requested.
California rights are subject to definitions, thresholds, exemptions, verification requirements, and exceptions in applicable law. If a legally required opt-out or limitation mechanism applies to SiteThreat’s current practices, the appropriate mechanism may be presented on the website or made available through Client Assistance.
18. Global Privacy Control and browser signals
Some browsers and extensions can transmit Global Privacy Control or other preference signals. Where SiteThreat is legally required and technically able to treat a recognized signal as a valid opt-out request, the signal may be processed in accordance with applicable law and the configuration of the website.
Traditional “Do Not Track” signals are not uniformly defined or implemented across the industry. SiteThreat may not respond to every signal unless a response is legally required or technically supported. Browser-based controls do not necessarily prevent essential security logging, service delivery, or processing required to complete a requested scan.
19. Children’s privacy
SiteThreat is intended for website owners, administrators, developers, security professionals, and other authorized users. It is not directed to children under 13, and we do not knowingly seek to collect personal information from children under 13 through the service.
If you believe a child has provided personal information to SiteThreat, contact us through Client Assistance. We will review the report and take appropriate action consistent with applicable law. Parents and guardians should not permit children to use the scanner to test systems without authorization.
20. Third-party websites and services
SiteThreat may link to Client Assistance, analytics providers, informational resources, or other third-party websites. A scan result may also contain a link to the final URL returned by the target. Following any external link takes you to a service that SiteThreat does not control.
Third parties may collect information under their own privacy policies, cookie practices, terms, and security procedures. SiteThreat is not responsible for the privacy, security, accuracy, availability, or content of external services. Review the relevant policies before providing information or continuing to an external site.
21. Automated decision-making
The scanner automatically classifies technical responses and calculates a Site Threat Score using predefined rules. These classifications are intended to support website-security review and do not make decisions that produce legal or similarly significant effects about an individual.
Automated classifications can be incomplete or incorrect. Users should review the underlying status, reason, content type, final URL, and limited sample before taking action. SiteThreat’s output should not be used as the sole basis for employment, insurance, credit, housing, health care, legal, or other high-impact decisions.
22. Changes to this policy
We may update this Privacy Policy to reflect changes in the service, technology, legal requirements, vendors, or information practices. The “Last updated” date displayed above indicates the version currently posted.
Material changes may be communicated through the website or another appropriate method when required. Your continued use of SiteThreat after an updated policy becomes effective indicates acknowledgment of the revised notice, but does not replace consent where consent is legally required.
23. Contact
Privacy, security, and support inquiries may be submitted through Client Assistance. Include enough detail to identify the issue, but do not include passwords, private keys, complete credentials, or unnecessary sensitive information.
Because SiteThreat is an external scanning service, requests involving a scanned website’s own privacy practices should generally be directed to that website’s owner or operator. SiteThreat cannot modify, delete, or control information stored by a third-party target.