Privacy Policy

Last Updated: June 27, 2025

1. Introduction

This Privacy Policy explains how SecureLink ("we," "our," or "us") collects, uses, and protects your information when you use our browser extension and web service. By using SecureLink, you agree to the collection and use of information as described in this policy.

2. Information We Collect

2.1 URLs You Scan

When you use the SecureLink browser extension or web app, URLs you submit are sent to our servers for security analysis. An account is required to use the scanning service.

• What we analyze: The URL/domain of websites you submit for scanning
• What we DON'T collect: Page content, form data, passwords, personal files, or browsing history
• Exceptions: We skip internal browser pages, localhost, and known-safe domains (Google, Amazon, etc.)

2.2 Account Information

If you create a SecureLink account, we collect:

• Email address (for account verification and communication)
• Username (for identification)
• Password (stored securely using industry-standard hashing)
• Optional: Full name

2.3 Usage Data

We collect anonymized usage statistics to improve our service:

• Number of URLs scanned
• Types of threats detected (not the specific URLs)
• Extension version and browser type

2.4 Payment Information

For paid subscriptions, payment is processed by Stripe. We do not store your credit card numbers. Stripe's privacy policy applies to payment processing.

2.5 Attack Surface Monitoring Data (Enterprise)

If you subscribe to our Enterprise plan and use Attack Surface Monitoring, we collect and store the following for domains you register:

• DNS Records: A, AAAA, MX, TXT, NS, and CNAME records for your domains
• SSL/TLS Certificate Details: Issuer, expiration dates, protocol versions, and cipher suites
• WHOIS Data: Registrar, creation/expiration dates, and nameserver information
• Open Port Information: Discovered open ports and associated services
• HTTP Security Headers: Presence and configuration of security headers on your domains
• Security Scores: Computed risk scores and historical trends

This data is collected exclusively for domains you explicitly register for monitoring and is used solely to provide security insights to you.

3. How We Use Your Information

• Security Analysis: URLs are analyzed against threat databases to identify phishing, malware, and suspicious sites
• Service Improvement: Aggregated, anonymized data helps us improve detection accuracy
• Account Management: Email is used for verification, password resets, and service notifications
• Customer Support: To respond to your inquiries and provide assistance

4. Data Retention

• URL Scan Data: Temporarily cached for performance (typically 5 minutes), then discarded
• Account Data: Retained while your account is active; deleted upon account deletion request
• Attack Surface Monitoring Data: Scan results and historical trends are retained while your Enterprise subscription is active. Data is deleted within 30 days of subscription cancellation or domain removal
• Anonymized Statistics: May be retained indefinitely for service improvement

5. Data Sharing

We do NOT sell, trade, or rent your personal information. We may share data only in these limited circumstances:

• Service Providers: Trusted third parties that help operate our service (hosting, payment processing)
• Legal Requirements: When required by law or to protect our rights
• Security Research: Anonymized threat data may be shared with security researchers to improve internet safety

6. Data Security

We implement industry-standard security measures:

• HTTPS encryption for all data transmission
• Secure password hashing (SHA-256 with unique salts)
• Regular security audits and updates
• Limited employee access to user data

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct your account information
• Deletion: Delete your account and associated data
• Opt-out: Disable the extension at any time to stop URL scanning
• Data Portability: Request your data in a machine-readable format

8. Browser Extension Permissions

The SecureLink extension requests the following permissions:

• tabs: To detect which website you're visiting
• webNavigation: To intercept navigation before potentially dangerous pages load
• storage: To save your login session and preferences locally
• host_permissions (all URLs): To scan any website you visit for threats

These permissions are used solely for security scanning. We do not read page content, inject ads, or modify websites.

9. Children's Privacy

SecureLink is not intended for children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.

10. International Users

SecureLink is operated from the United States. If you're accessing our service from the EU, UK, or other regions with data protection laws, please note that your data may be transferred to and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending email notification for material changes (if you have an account)

12. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

13. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to request deletion. To exercise these rights, contact us at [email protected].

14. GDPR Compliance (EU Users)

For EU residents, we process data under the following legal bases:

• Contract: Processing necessary to provide the service you requested
• Legitimate Interest: Improving our service and security
• Consent: For optional features like marketing emails

You may contact us to exercise your GDPR rights, including access, rectification, erasure, and data portability.