SecurityScore.me
Check for free
Last updated: February 2025

Privacy Policy

How we collect, use, and protect your personal data. Your privacy is our priority.

Your Privacy is Our Priority

SecurityScore.me ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website and services.

1. What Data We Collect

We collect only what is needed to provide breach checks and monitoring:

Account

Email address, and name if you provide it when signing up or in settings.

Service data

Monitored email addresses, timestamps (e.g. last check), alert preferences, and breach snapshot metadata (breach names, counts) to power alerts.

Technical

IP, browser type, and similar data where needed for security and operation (e.g. rate limiting, abuse prevention).

What we do not collect

We never store passwords. We do not read or access your inbox or email content.

2. How We Use Your Data

We use your data to:

  • Provide one-time breach checks and scheduled re-checks using Have I Been Pwned (HIBP) breach data
  • Send email alerts when new breaches are added for your monitored emails
  • Manage your account, billing (via our payment processor), and support requests
  • Comply with legal obligations and protect against abuse

You can unsubscribe from breach alerts via the link in each email or via the notifications toggles in your account settings.

3. Data Sharing

We do not sell your personal data

We may share your data with:

Processors / subprocessors

Vercel (hosting), Supabase (database and auth), our email delivery provider (transactional and breach-alert emails), and our payment processor (Stripe) for billing. Each processes data only to provide their service to us.

Legal requirements

When required by law or to protect our rights

Business transfers

In connection with a merger, acquisition, or sale of assets

With your consent

When you explicitly agree to share your data

4. Your Rights

Under GDPR and other privacy laws, you have the following rights:

Right of Access

Request a copy of your personal data

Right to Rectification

Request correction of inaccurate data

Right to Erasure

Request deletion of your personal data

Right to Restrict Processing

Request limitation of how we use your data

Right to Data Portability

Receive your data in a structured format

Right to Object

Object to processing of your personal data

To exercise these rights, contact us at info@securityscore.me

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

🔐

Encryption

Data encrypted in transit and at rest

🛡️

Access Controls

Strict access limitations

🔍

Regular Audits

Periodic security assessments

6. Analytics

We store analytics events in our own systems: event name, optional properties (e.g. plan, breach count), and where applicable user_id or session_id. We use this to understand usage and improve the product. We do not use analytics to identify you personally beyond what is needed for support or legal purposes.

You can limit tracking by declining optional cookies in our consent banner (where offered) and by not signing in when you prefer not to be associated with events. For questions about analytics or opt-out, contact us at info@securityscore.me.

7. Cookies and Tracking

We use cookies and similar technologies for essential operation, abuse prevention, and (with consent) analytics. See our Cookie Policy.

Google reCAPTCHA

We use reCAPTCHA to protect forms from spam and abuse. Subject to Google Privacy Policy and Terms of Service.

Have I Been Pwned

We use the HIBP API for breach lookups. See HIBP Privacy Policy.

8. Lawful Basis and Retention

We process your data on the basis of contract (to provide the service), legitimate interest (security, analytics, abuse prevention), and where required by law. We retain data only as long as needed for these purposes or as required by law.

9. International Transfers

Your data may be processed in countries outside the European Economic Area (e.g. by our hosting and service providers). We use providers that offer appropriate safeguards (e.g. standard contractual clauses) where required by applicable data protection law.

10. Children's Privacy

Our services are not intended for users under 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this policy from time to time. We will post the new version here and update the "Last updated" date. Significant changes may be communicated where required by law.

12. Contact

For privacy or data requests, contact us at info@securityscore.me.