1. Who We Are
WebGuard is operated by ONLINEPORQUPINE LTD, a company registered in England and Wales (Company No. 17108652), with a registered address at 8a Yorick Road, Colchester, CO5 8HT, United Kingdom.
We are the data controller for personal data collected through this website. You can contact us at [email protected].
2. What Data We Collect
We collect the following categories of personal data:
- Account data: When you sign in via Manus OAuth (Facebook or other providers), we receive your name, email address, and a unique identifier from the OAuth provider.
- Scan data: URLs you submit for scanning, scan results, and findings. Anonymous scans (without an account) are not permanently stored.
- Payment data: When you purchase a paid tier, your payment is processed by Stripe. We store only the Stripe session ID, customer ID, and subscription ID — never your card details.
- Contact enquiries: If you submit a contact form, we store your name, email address, subject, and message.
- Usage data: IP addresses, browser type, and pages visited, collected automatically for security and analytics purposes.
3. How We Use Your Data
We use your personal data to:
- Provide the WebGuard scanning service and display your scan history
- Process payments and manage your subscription
- Send you scan notifications and scheduled scan alerts (if you opt in)
- Respond to contact enquiries
- Prevent abuse and ensure the security of our service
- Comply with legal obligations
4. Legal Basis for Processing
Under UK GDPR, we process your data on the following legal bases:
- Contract performance: Processing necessary to provide the service you have purchased or signed up for.
- Legitimate interests: Security monitoring, fraud prevention, and service improvement.
- Consent: Email notifications (you can withdraw consent at any time).
- Legal obligation: Where required by law.
5. Data Sharing
We do not sell your personal data. We share data only with:
- Stripe: For payment processing. Stripe's privacy policy is available at stripe.com/gb/privacy.
- Manus: Our hosting and OAuth provider. Data is processed in accordance with Manus's data processing agreement.
- Legal authorities: Where required by law or to protect our legal rights.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., financial records must be kept for 6 years under UK law).
Anonymous scan results are deleted after 7 days. Contact enquiries are retained for 2 years.
7. Your Rights
Under UK GDPR, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate data.
- Erasure: Ask us to delete your data ("right to be forgotten").
- Restriction: Ask us to restrict processing of your data.
- Portability: Receive your data in a machine-readable format.
- Object: Object to processing based on legitimate interests.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
We use a session cookie to keep you logged in. This cookie is strictly necessary for the service to function and does not require consent. We do not use advertising or tracking cookies.
9. Security
We implement appropriate technical and organisational measures to protect your personal data, including TLS encryption, secure cookie flags, and access controls. However, no internet transmission is completely secure.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on the website. The date at the top of this page indicates when the policy was last updated.
11. Contact
For any privacy-related questions, contact us at [email protected] or write to us at 8a Yorick Road, Colchester, CO5 8HT, United Kingdom.