Privacy policy
Last updated: 16 July 2026
This notice explains, in plain language, which personal data we process when you use EAA Sentinel, why we process it and which rights you have under Regulation (EU) 2016/679 (GDPR).
Data controller
The data controller is EAA Sentinel. For any privacy request write to info@eaasentinel.com.
Which data we process
- The email address you enter to receive a scan result, buy a report or sign in to the customer area.
- The address of the website you ask us to analyse and the technical scan results (score, issues found, page screenshot).
- Purchase data (amount, date, product). Payment happens on Stripe: we never see or store your card details.
- Minimal technical data needed to run the service, such as the IP address in server logs and for the daily free-scan limit.
Why we process it (legal basis)
- To deliver the service you request: scan, report, monitoring, customer area (performance of a contract, art. 6.1.b GDPR).
- To send you transactional emails related to your scans and purchases: confirmations, ready reports, monitoring alerts.
- To comply with legal obligations, e.g. tax and accounting (art. 6.1.c GDPR).
- We don't use your data for marketing and we never sell it or hand it to third parties. If we ever introduce promotional emails, we will ask for separate consent first.
How long we keep it
- Free scan data with no purchase: automatically deleted after 30 days (screenshots after 7 days).
- Purchase and invoicing data: 10 years, as required by tax law.
- Account data and scans linked to a purchase or subscription: for as long as you keep the account. You can request deletion at any time.
Who processes data on our behalf
To run the service we rely on providers that process data on our behalf (data processors): Supabase (database and authentication), Railway (backend hosting), Vercel (site hosting), Stripe (payments), Resend (email delivery). Some of these providers may process data outside the European Union; such transfers are covered by the safeguards required by the GDPR (standard contractual clauses).
Your rights
You can request access to your data, rectification, deletion, restriction of processing, portability, and object to processing at any time by writing to info@eaasentinel.com. You also have the right to lodge a complaint with your data protection authority.
A note about scans
The scan analyses public web pages of the site you point us to, not people's data: the results describe technical accessibility issues of the site. We do no profiling and take no automated decisions with legal effects on you.
The screenshot of the analysed page reproduces what the page publicly shows and may therefore incidentally include data visible there: for free scans it is automatically deleted after 7 days.