← Back to fixGDPR

Privacy Policy

Last updated: March 2026

1. Who we are

fixGDPR (“we”, “us”, “our”) operates the website fixgdpr.com, a GDPR compliance checking tool. We are the data controller for the personal data described in this policy. Contact us at: privacy@fixgdpr.com

2. What data we collect

When you run a scan (anonymous)

  • The URL you submitted
  • Your IP address (for rate limiting)
  • Scan results (compliance checks and scores)

When you create an account

  • Email address
  • Name (optional, via Clerk)
  • All scan history linked to your account
  • Payment details (processed by Stripe — we never see card numbers)

3. Legal basis for processing

  • Contract — processing your scans and delivering results you requested
  • Legitimate interest — IP-based rate limiting to prevent abuse
  • Consent — marketing communications (if you opt in)

4. How we use your data

  • To run compliance scans and show you results
  • To provide your dashboard and scan history
  • To process payments for Pro/Agency plans
  • To send transactional emails (scan complete, billing)
  • To prevent abuse via rate limiting

We do not sell your data, use it for advertising, or share it with third parties beyond what is listed below.

5. Third-party processors

ProcessorPurposeLocation
Neon / PostgreSQLDatabase hostingEU / US
ClerkAuthenticationUS (SCCs)
StripePayment processingUS (SCCs)
VercelHosting & CDNUS/EU (SCCs)

SCCs = Standard Contractual Clauses (EU transfer mechanism)

6. Data retention

  • Anonymous scan results: deleted after 30 days
  • Account scan history: kept while your account is active, deleted within 30 days of account deletion
  • IP addresses for rate limiting: in-memory only, reset hourly
  • Payment records: 7 years (legal requirement)

7. Your rights (GDPR)

Under GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Restriction — request we limit processing of your data

To exercise any right, email privacy@fixgdpr.com. We respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority.

8. Cookies

We use only essential cookies required for authentication (session token via Clerk) and no tracking or advertising cookies. No third-party analytics are loaded on this site.

9. Changes to this policy

We may update this policy. Material changes will be notified by email (for account holders) or by a notice on this page. Continued use after changes constitutes acceptance.

Questions? Email us at privacy@fixgdpr.com