Legal
Privacy Policy
Last updated: November 25, 2025
1. Introduction
ADAGuard is committed to protecting your privacy. This policy explains how we collect, use, and protect your data.
2. Data We Collect
You provide: Email, name, password (bcrypt-hashed), scan URLs, authentication session data (Fernet-encrypted), payment info (via Dodo Payments — we never see your full card number).
Automatically collected: IP address, browser type, device info, usage data, cookies.
Third parties: Dodo Payments (payment processing), Resend (transactional email).
3. How We Use Your Data
Service: Run scans, store results, authenticate to websites, process payments.
Improvement: Analyze usage, fix bugs, develop features.
Security: Prevent fraud, enforce Terms, comply with laws.
4. Data Sharing
We do not sell your data.
Service providers: MongoDB Atlas (database), Dodo Payments (billing), Resend (transactional email), Cloudflare (CDN/DDoS). All providers are contractually bound to GDPR-compliant data handling.
5. Data Security
Security: HTTPS/TLS in transit, encryption at rest, Fernet encryption for authentication sessions, bcrypt password hashing, firewall and DDoS protection.
Scan data retention by plan: Free (7 days), Starter (30 days), Professional (90 days), Business (1 year), Enterprise (5 years). Payment records: 7 years (legal requirement).
6. Your Rights (GDPR/CCPA)
Access: Email [email protected] or use Settings → Account → Export Data to download a full copy.
Delete: Settings → Account → Delete Account. This is immediate and permanent — there is no recovery period.
Export: Settings → Account → Export Data (ZIP archive of JSON files).
Correct: Settings → Profile → Edit your name, email, and company.
Object: Opt out of marketing emails via the unsubscribe link in any email we send.
We respond to rights requests within 30 days. For GDPR-specific requests see our GDPR page.
7. International Transfers
Data may be transferred internationally to countries where our service providers operate. We use Standard Contractual Clauses (EU data) and encryption to safeguard transfers.
8. Cookies
We use cookies for authentication, security, and analytics.
| Cookie | Purpose | Type |
|---|---|---|
| session_id | Login | Essential |
| X-CSRF-Token | CSRF protection (HTTP header, not a cookie) | Essential |
| _ga | Analytics | Optional |
| _gid | Analytics | Optional |
Control: Cookie banner, browser settings, Google Analytics Opt-Out.
9. Third-Party Services
Google Analytics, Dodo Payments, Cloudflare. See their privacy policies. We're not responsible for their practices.
10. Children's Privacy
Not for children under 13 (or 16 in EU). We delete children's data immediately if discovered.
11. Data Breaches
Notification within 72 hours (GDPR requirement). Email includes affected data details.
12. Changes
Updates posted here. Material changes: 30 days email notice. Continued use = acceptance.
13. Contact
Privacy inquiries: [email protected] (Response: 5 business days)
California Residents (CCPA): Rights to know, delete, and opt-out of sales (we don't sell data). Contact [email protected] with "CCPA Request" in subject.