Privacy Policy

Last updated: 30 June 2026

This Privacy Policy explains what data HatTest (“we”, “us”) collects when you use hattest.ai (the “Service”) and how we handle it.

1. What we collect

• Scan inputs and results — the URLs you submit and the findings and evidence derived from scanning them.
• Email address — if you contact us or purchase a report.
• Payment information — handled by Stripe. We do not receive or store your full card number.
• Technical data — IP address, request metadata, bot-protection (Turnstile) tokens, and basic logs, used for security, abuse prevention, and rate limiting.

2. How we use it

• To run scans and deliver your scoreboard and report.
• To verify domain ownership and process payment.
• To prevent abuse and keep the Service available.
• To respond to your support requests and comply with the law.

We do not sell your personal data, and we do not use advertising or cross-site tracking.

3. Service providers

We rely on a small number of processors, each governed by its own privacy terms:

• Cloudflare — hosting, bot protection (Turnstile), encrypted storage, and email routing.
• Stripe — payment processing.
• SendGrid (Twilio) — transactional and contact-form email.

4. Retention

Scan evidence and metadata are automatically deleted 30 days after a scan. Emails you send us are kept only as long as needed to handle your request.

5. Security

Scan evidence is encrypted at rest (envelope encryption), and we minimize what we store. No method of transmission or storage is perfectly secure, but we design the Service to hold as little sensitive data as possible and to expire it quickly.

6. Cookies and tracking

We do not use advertising or analytics trackers. Cloudflare Turnstile and Stripe may set their own functional cookies or load their own scripts when you use the scan or payment features.

7. Your rights

You can request access to, or deletion of, personal data we hold about you by emailing support@hattest.ai. Because scan data auto-deletes after 30 days, most of it clears itself.

California residents: under the CCPA/CPRA you have the right to know, access, and delete the personal information we hold about you, and not to be discriminated against for exercising those rights. We do not sell or share your personal information. To make a request, email support@hattest.ai.

8. Children

The Service is not directed to children under 16, and you should not use it if you are under 16.

9. International processing

The Service runs on Cloudflare’s global network and our processors operate internationally. By using the Service you consent to your data being processed in the locations where we and our processors operate.

10. Changes and contact

We may update this Policy from time to time. For any privacy question, contact support@hattest.ai.