SteelSuit

Privacy Policy

Version 1.0 · Last updated June 10, 2026

This Privacy Policy explains what data SteelSuit (“we”, “us”) collects when you use steelsuit.com and api.steelsuit.com, why we collect it, and the choices you have. We aim to collect only what the service needs to work.

1. Data we collect

  • Account data. Your email address, used for sign-in (magic-link or Google) and service notifications. We do not store passwords for magic-link accounts.
  • Scan data. The domains you submit and the results of those scans (findings, reports, technology fingerprints). This is data about targets you tell us you are authorized to test.
  • Technical data. Your IP address and basic request metadata, used to enforce quotas, anonymous-scan caps, and to detect and prevent abuse. Error diagnostics may be captured to keep the service reliable.
  • Analytics. Aggregate, cookieless usage analytics (see section 4). No cross-site tracking and no advertising profiles.

2. How we use data

We use data to operate the scanner, deliver reports, authenticate you, enforce plan quotas, prevent abuse, provide support, and improve the service. We do not sell your data, and we do not use scan results to advertise to you.

3. Processors we rely on

We share the minimum necessary data with service providers that process it on our behalf:

  • Brevo — transactional email (magic links, alerts).
  • Sentry — error monitoring (configured to avoid personal data).
  • Polar — payment and subscription processing, if and when you purchase a paid plan.
  • Umami — self-hosted, cookieless analytics.
  • Our hosting provider — to run the application and database.

4. Cookies and analytics

We use a small number of strictly necessary cookies to keep you signed in. Our analytics (Umami) is cookieless, respects the browser “Do Not Track” signal, and collects only aggregate metrics — so we do not show a tracking consent banner.

5. Retention

We keep scan history for the period associated with your plan (for example, 30 days on the Free plan). Account data is kept while your account is active. You can delete scans, and you can ask us to delete your account and associated data.

6. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. To exercise these rights, contact us at the address below and we will respond within a reasonable time.

7. Security

We use industry-standard measures to protect data in transit and at rest, scope access to the data each component needs, and isolate the scanner from the public internet behind our edge. No method of transmission or storage is perfectly secure, but we work to keep your data safe.

8. Contact

Questions or privacy requests: steelsuit.support@gmail.com.