Privacy Policy

Privacy Policy

Effective Date: April 1, 2026
Last Updated: April 7, 2026

TrustedWeb (“we”, “us”, “our”) operates the website trustedweb.site and related subdomains (cp.trustedweb.site, 1-4.trustedweb.site). This Privacy Policy explains how we collect, use, and protect your information when you use our website security scanning, SEO analysis, uptime monitoring, AI fix, and related services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Website URL(s) you register for scanning
  • Payment information (processed securely via PayPal — we do not store credit card numbers)

1.2 Scan Data

When you scan a website (yours or via the free scan tool), we collect:

  • The URL being scanned
  • Scan results: SSL status, security headers, CMS version, plugin/theme list, blacklist status, SEO issues, conversion elements, trust score
  • Your IP address (for rate limiting and abuse prevention)
  • Email address (if provided for report delivery)

1.3 TrustedWeb Agent Data

If you install the TrustedWeb Agent plugin on your WordPress site, the agent collects and sends to our server:

  • File inventory and hashes (not file contents — only metadata)
  • Plugin and theme names, versions, and active status
  • WordPress and PHP versions
  • Database table names and row counts (not actual data)
  • Admin user list (usernames and emails — for rogue account detection)
  • Cron job list
  • WooCommerce payment gateway configuration (enabled/disabled, test mode — not API keys or secrets)

We do NOT collect: your customers’ personal data, order details, payment card numbers, passwords, API keys, database contents, or file contents (unless explicitly scanning for malware patterns with your consent).

1.4 Uptime Monitoring Data

If you use our uptime monitoring feature, we collect:

  • HTTP status codes returned by your website
  • Response times (in milliseconds)
  • SSL certificate expiration dates
  • Downtime and recovery timestamps

This data is used solely to provide uptime reports and downtime alerts to you.

1.5 AI Fix & AI Chatbot Data

  • AI Fix: We send your website URL and scan context to OpenAI to generate fixes (meta tags, policies, FAQ, etc.). We do not send personal data, passwords, or database contents.
  • AI Chatbot: When you create a chatbot, we crawl your website’s publicly accessible pages to train the chatbot. No private or login-protected content is accessed.

1.6 Automatically Collected Data

  • IP address
  • Browser user agent
  • Pages visited and timestamps
  • Referring URL

2. How We Use Your Information

  • Provide services: Run security/SEO/conversion scans, generate reports, display badges, auto-fix issues, monitor uptime
  • AI features: Generate AI-powered fixes, chatbot training, fix plan analysis
  • Communication: Send scan reports, security alerts, downtime notifications, account updates
  • Security: Rate limiting, firewall protection, abuse detection, IP banning
  • Improvement: Analyze usage patterns to improve our scanning engine and features
  • Billing: Process payments and manage subscriptions via PayPal

3. Data Sharing

We do not sell your personal data. We share data only with:

  • PayPal: For payment processing
  • OpenAI: For AI Fix and AI Chatbot features (website URL and public content only — no personal data)
  • Google Safe Browsing API: To check blacklist status (only the URL is sent)
  • DNS blacklist services: For reputation checks (only your site’s IP is queried)

4. Data Retention

  • Scan results: Retained for the duration of your plan (7 days to 1 year, depending on tier and feature)
  • Uptime data: Retained per plan: Starter 7 days, Growth 30 days, Pro 90 days, Agency 1 year
  • AI-generated content: Stored indefinitely while your account is active
  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Firewall logs: IP ban logs retained for 90 days
  • Free scan data: Retained for 30 days, then automatically purged

5. Data Security

  • All connections use HTTPS/TLS encryption
  • API tokens are generated with cryptographically secure random functions
  • Agent communication uses token-based authentication with constant-time comparison
  • Rate limiting and automated IP banning protect against brute-force attacks
  • Sensitive files (.env, wp-config.php) are blocked at the server level
  • Customer dashboard is isolated on a separate subdomain (cp.trustedweb.site)
  • Redis object caching with isolated key prefixes per site

6. Your Rights

You have the right to:

  • Access: Request a copy of the data we hold about you
  • Correction: Update your account information at any time via the dashboard
  • Deletion: Request deletion of your account and all associated data
  • Export: Download your scan history and reports (Growth plan and above)
  • Opt-out: Unsubscribe from non-essential emails at any time

To exercise these rights, email [email protected].

7. Cookies

We use essential cookies for:

  • User authentication and session management
  • WooCommerce cart and checkout functionality
  • CSRF protection (WordPress nonces)

We do not use advertising or third-party tracking cookies.

8. Third-Party Links

Our scan reports may contain links to external websites. We are not responsible for the privacy practices of third-party sites.

9. Children’s Privacy

Our services are not directed to individuals under 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Last Updated” date. Continued use of our services constitutes acceptance of the updated policy.

11. Contact

For privacy inquiries:
Email: [email protected]
Website: https://trustedweb.site