Privacy Policy

Last updated: March 30, 2026

1. Data Controller

LEISSON OÜ (registry code 16934653), registered in Estonia, is the data controller for personal data processed through ProUXAudit. Contact: privacy@prouxaudit.com.

2. Data We Collect

Account data: email address, name, hashed password. Usage data: audit history, feature usage, IP address, browser type. Billing data: processed by Stripe; we store only Stripe customer and subscription IDs, not payment card details. Website data: screenshots, DOM snapshots, and analysis of websites you submit for auditing.

3. How We Use Your Data

We use your data to provide the audit service, process payments, send transactional emails (account, billing, audit notifications), improve the product, and comply with legal obligations. We do not sell your personal data.

4. Legal Basis (GDPR)

We process data based on: contract performance (providing the Service), legitimate interest (product improvement, security), consent (marketing emails, analytics), and legal obligation (tax and financial records).

5. Data Sharing

We share data with: Stripe (payments), Resend (email), Vercel (hosting), Neon (database), Cloudflare (CDN/storage), Sentry (error monitoring), and PostHog (analytics). All processors are GDPR-compliant. We do not share data with advertisers.

6. Data Retention

Account data is retained while your account is active and for 30 days after deletion. Audit data (screenshots, reports) is retained for 90 days after the audit, or until you delete it. Billing records are retained for 7 years per Estonian tax law.

7. Your Rights

Under GDPR, you have the right to access, correct, delete, export, and restrict processing of your personal data. You can exercise these rights by emailing privacy@prouxaudit.com. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication (session cookie, httpOnly, secure). We use PostHog for analytics, which may set cookies with your consent. You can disable non-essential cookies in your browser settings.

9. Security

We use encryption in transit (TLS), encryption at rest for database backups, bcrypt password hashing, and strict access controls. We monitor for security incidents via Sentry and conduct regular security reviews.

10. International Transfers

Data may be processed in the EU and US (Vercel, Cloudflare). US transfers are covered by the EU-US Data Privacy Framework. All processors maintain appropriate safeguards.

11. Changes

We may update this policy at any time. Material changes will be communicated via email. Continued use after changes constitutes acceptance of the updated policy.