Privacy Policy

Last updated: April 9, 2026

1. Who we are

IsMySiteHacked.com ("we", "us", "our") is a website security scanning service operated by Meva Health, Inc., a Delaware C Corporation.

Our registered address is: Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, United States.

This policy explains how we handle your data when you use our service.

2. What we collect

We collect the following information:

  • URLs you scan — the website addresses you submit for security analysis
  • Email address — if you sign in or use our email capture feature
  • Account data — name and avatar from Google OAuth if you sign in
  • Usage data — pages visited, features used, scan history (via PostHog analytics)
  • Session recordings and heatmaps — anonymized visitor behavior (via Microsoft Clarity)
  • Error data — application errors and performance data (via Sentry)
  • Payment data — handled directly by Stripe; we never see or store your card details

3. Legal basis for processing

We process your data based on the following legal grounds:

  • Contract performance — to deliver the security scans and reports you requested
  • Legitimate interest — to improve our service, fix bugs, and prevent abuse
  • Consent — for analytics and tracking cookies (you can withdraw consent at any time via our cookie preferences)

4. How we use your data

  • To perform security scans on websites you submit
  • To generate and store your security reports
  • To send you scan results and rescan reminders (if you opt in)
  • To improve our service and fix bugs
  • To communicate about your account and our service
  • To process payments through Stripe

5. What we scan

We only analyze publicly available information about the websites you submit. Our scans check SSL certificates, HTTP headers, DNS records, open ports, and other publicly accessible data. We do not perform intrusive penetration testing or access any private systems.

6. Third-party services

We use the following third-party services to operate:

  • Vercel — hosting and deployment
  • Supabase — database and authentication
  • PostHog — product analytics (consent required)
  • Google Analytics 4 — traffic analytics (consent required)
  • Microsoft Clarity — session recordings and heatmaps (consent required)
  • Sentry — error monitoring
  • Stripe — payment processing
  • Resend — transactional emails
  • Google OAuth — sign-in authentication

Each of these services has their own privacy policy governing how they handle data.

7. Cookies

We use two types of cookies:

  • Essential cookies — required for login, session management, and payments. These cannot be disabled.
  • Analytics cookies — used by PostHog, Google Analytics, and Microsoft Clarity to understand how visitors use our site. These are only set if you consent.

You can change your cookie preference at any time using the Cookie Preferences link in the footer of any page.

8. Data retention

Scan results are stored for 24 months from your last activity. Account data is retained as long as your account is active. You can request deletion at any time by emailing contact@ismysitehacked.com. We will process deletion requests within 30 days.

9. Your rights

You have the right to access, correct, or delete your personal data. You can also request a copy of your data or ask us to stop processing it. To exercise these rights, contact us at the address below.

If you are in the European Union, you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have rights under CCPA, including the right to know what personal information we collect and to request its deletion. We do not sell your personal information to third parties.

10. Do Not Sell (CCPA)

We do not sell, rent, or trade your personal information to any third party. Analytics providers (PostHog, Google Analytics, Microsoft Clarity) process data under data processing agreements and are not considered "sales" under CCPA.

11. Contact

For privacy-related questions or requests, contact us at: contact@ismysitehacked.com

Meva Health, Inc. · Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, USA

ismysitehacked.com
Terms of Service