CyberShieldScan Logo
CyberShieldScansecurity scanner

Privacy Policy for CyberShieldScan

Last updated: 2026-02-23

1. Information We Collect

To use our security scanner service, we collect the following data:

  • Domain Name: The website address you submit for scanning.
  • Email Address: For sending the scan results and any necessary follow-up communication.

2. Purpose of Data Collection

We collect this data for the following purposes:

  • To analyze the security of the domain you submit.
  • To send you a detailed report of our findings.
  • To ensure compliance with legal obligations and prevent abuse of our services.
  • Product Updates (Optional): If you opt in, to send you updates about our products, new features, or relevant security news.

3. Data Storage and Retention

We apply reasonable technical and organizational measures to protect submitted data (domain names, email addresses) and generated reports, including encryption in transit and access controls. No storage or transmission method is completely secure, and we cannot guarantee absolute security. We automatically delete submitted data and reports after 1 year to support data minimization, unless a longer retention period is required by law or for dispute, fraud, or abuse prevention.

4. Legal Basis for Processing

We process your personal data based on:

  • Consent: By using our scanner, you consent to the processing of your domain name and email address for the purposes outlined in this policy.
  • Legitimate Interest: To ensure the security and integrity of the scanned sites and to prevent misuse of our service.

5. Data Security

We implement technical and organizational measures designed to reduce the risk of unauthorized access, loss, or misuse of personal data, including encryption in transit where supported, access controls, and security monitoring. These measures reduce risk but do not eliminate it, and no platform can guarantee protection against every incident, attack, or vulnerability.

6. Authorized Use and Target Ownership

You may only use CyberShieldScan against systems you own or systems for which you have explicit authorization from the owner. By starting a scan, you confirm that you have this authorization.

  • Free scans: limited public-posture checks for unauthenticated users and subject to strict anti-abuse controls.
  • Account scans: intended for managed targets linked to your account and organization.
  • We may require additional proof of control (such as DNS or HTTP token validation) before allowing higher-impact scan methods.

Unauthorized scanning attempts are prohibited. We reserve the right to deny, suspend, or terminate access and share relevant evidence with affected parties or authorities where legally required.

7. Prevention of Abuse

To protect the platform and third parties, we monitor service activity, enforce rate limits, and log security-relevant events (including IP address, request metadata, and attestation records) to detect misuse. If we find evidence of abuse, we may block or restrict access to our services.

8. Our Approach to robots.txt

Our security scanner does not take robots.txt directives into account. While robots.txt is typically intended to guide search engine crawlers, we perform a thorough security assessment by scanning all publicly accessible URLs to ensure potential vulnerabilities are not overlooked. It is your responsibility to ensure that you have the necessary permission from the website owner before running the scan on a given domain.

9. Service Scope and No Security Guarantee

CyberShieldScan provides automated security scanning and reporting on a best-effort basis. Scan results are informational, point-in-time observations and may contain false positives or false negatives. Running a scan or receiving a report does not mean a website, application, or environment is secure, compliant, or protected against hackers or future attacks.

You remain responsible for reviewing findings, validating impact, applying patches and configuration changes, maintaining backups, and implementing ongoing security controls (such as monitoring, access management, and incident response).

10. Your Rights

Under GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Correct any inaccuracies in your data.
  • Deletion: Request the deletion of your data before our standard retention period.
  • Objection: Object to the processing of your data for legitimate interests.

To exercise these rights, please contact us at jennifer@cybershieldscan.com.