SecHead
Scan a siteContact Us
Last updated: January 2026

Privacy Policy

What data we collect, how we use it, and your rights.

01

What we collect

When you scan a URL with SecHead, we collect and store: the domain name and URL you submitted, the HTTP response headers returned by that URL, the grade, score, and analysis results, the timestamp of the scan, and a hashed (SHA-256, salted) version of your IP address used only for rate limiting. We never store your raw IP address or the HTML content of pages you scan - only the HTTP headers.

02

How we use this data

We use collected data to generate permanent /report/[domain] pages, power the Recent Scans, Hall of Fame, and Hall of Shame sections, track aggregate grade totals, and enforce rate limits (10 scans per hour per IP). Scan results including the domain name, grade, and headers are public.

03

Analytics

We use Vercel Analytics which does not use cookies and does not collect personally identifiable information. We may also use Google Analytics 4. If you decline our cookie banner, GA4 will not be loaded.

04

Cookies

We use one first-party cookie: cookie_consent, which stores whether you accepted or declined analytics. It expires after one year. If you accept, additional cookies may be set by Google Analytics. You can withdraw consent at any time by clearing cookies or declining via the cookie banner.

05

Third-party services

Vercel (hosting, US and EU), MongoDB Atlas (database, US), Upstash Redis (rate limiting, hashed IPs only), and Google Analytics (analytics, only if you consent).

06

Data retention

Scan results are retained indefinitely to power permanent /report/[domain] pages. To request removal of a scan result, email sevenlabsolutions@gmail.com with the domain name.

07

Your rights

Depending on your location, you may have rights under GDPR, CCPA, or other privacy laws, including the right to access, correct, or delete data. Since we do not collect personal data beyond a hashed IP, most rights are moot in practice. Contact us at sevenlabsolutions@gmail.com for removal requests.

08

Changes to this policy

We may update this policy as the service evolves. The "Last updated" date reflects the most recent change. Continued use of SecHead constitutes acceptance of the updated policy.

09

Contact

Questions about this policy: sevenlabsolutions@gmail.com

sevenlabsolutions@gmail.com

Terms of Service →