Privacy Policy

Last updated: March 6, 2025 | Effective: March 6, 2025

1. Data Controller

The data controller under the GDPR is:

2. Data We Collect

When using our service, we may process the following data categories:

• Website URL you enter for analysis (not considered personal data)
• Analysis History — scan results are saved to generate the report
• Payment Data — when paying for a Premium report via Lemon Squeezy or Stripe (we do not store your credit card details — they are securely processed by the payment provider in compliance with PCI DSS)
• Email — if you contact us via the contact form
• Technical Data: IP address, browser type, and timestamps (collected in server logs for security purposes)
• Cookies: strictly necessary session cookies required for the site to function properly

3. Legal Basis for Processing (GDPR Art. 6)

• Performance of a Contract (Art. 6(1)(b)) — processing is necessary to provide the ordered analysis and Premium report
• Legitimate Interest (Art. 6(1)(f)) — maintaining security and functionality of the service
• Consent (Art. 6(1)(a)) — when subscribing to a newsletter (if applicable)

4. Purposes of Processing

• Performing website analysis and generating reports
• Processing payments via Lemon Squeezy and Stripe
• Ensuring technical security and preventing abuse
• Improving service quality based on aggregated statistics
• Responding to your inquiries and questions

5. Data Sharing

We share data only with the following trusted processors in accordance with EU Standard Contractual Clauses (SCCs):

• Lemon Squeezy & Stripe, Inc. — payment processing
• Hosting Provider — to operate our servers

We do not sell or share your personal data with advertisers or other third parties without your explicit consent.

6. International Data Transfers

Some processors operate outside the EU (e.g., in the USA). Data transfers are conducted on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46 GDPR).

7. Data Retention

• Website analysis results: kept for 90 days from creation, then deleted
• Payment transaction data: kept for 7 years in compliance with EU tax laws
• Server logs: kept for 30 days
• Email communications: as long as necessary to resolve your issue, up to 2 years max

8. Your GDPR Rights

Under Chapter III of the GDPR, you have the following rights:

• Right of Access (Art. 15) — request what data we hold about you
• Right to Rectification (Art. 16) — correct inaccurate data
• Right to Erasure (Art. 17) — the "right to be forgotten"
• Right to Restriction of Processing (Art. 18)
• Right to Data Portability (Art. 20) — receive your data in a machine-readable format
• Right to Object (Art. 21) — against processing based on legitimate interest
• Right to Withdraw Consent — at any time without detriment

To exercise your rights, contact us at: @dennynice. We will respond within 30 days (as per Art. 12 GDPR).

9. Cookies

We use only technically necessary cookies to ensure session functionality (XSRF tokens, default Laravel session cookies). These cookies do not require consent under the ePrivacy Directive (Recital 66) and GDPR.

We do not use third-party tracking, retargeting, or analytics cookies (such as Google Analytics or Facebook Pixel).

10. Data Security

We apply the following technical security measures:

• Data transmission only over HTTPS (TLS)
• Encryption of sensitive data in the database
• Restricted access to data on a need-to-know basis
• Regular security audits

11. Children

Our service is not directed at children under 16. We do not intentionally collect children's data. If you are aware of a child providing personal data, please contact us to have it removed.

12. Right to Complain

You have the right to lodge a complaint with the data protection supervisory authority in your country. In the EU, you can consult your national DPA.

13. Changes to this Policy

We may update this policy occasionally. The current version will always be available on this page. Significant changes will be communicated via email (if we have yours).