wiredepth
Run a check

Legal

Privacy Policy

Last updated: 2026-05-11

Wiredepth ("we", "us") takes privacy seriously because we have to use this product ourselves. This page explains what we collect, why, and what we do with it. If anything here is unclear or you want to exercise a right described below, email [email protected].

What we collect

  • Email address. Required to sign in (passwordless magic-link). Stored hashed-by-Postgres-default; we do not hash it ourselves because we need to email you.
  • First-party cookies. Two, both httpOnly, same-site, no third-party cookies. pv_session for signed-in browsers (resolves server-side to your account). pv_anonfor anonymous visitors - a random opaque id used only to attribute free-tool runs to a later signup, so we can answer "does the funnel work?" without setting up an analytics vendor for the question. You can clear it anytime and lose nothing.
  • Domains you ask us to monitor, and the scan results we collect from those domains (TLS posture, DNS, headers, email auth, etc.). Scans run from our servers against the public internet only.
  • Audit log entriesfor security-relevant actions you take in the app (sign-in, downloading a compliance PDF, configuring an alert endpoint). Used so you and we can answer "who did what when?" questions.
  • Billing details for paid customers. Card numbers are handled by Stripe and never touch our servers - we only store your Stripe customer ID and your subscription status.
  • Server logs (IP, user agent, request path) for the minimum window we need to investigate abuse or outages. Deleted on a rolling 30-day window.

What we do not collect

  • We do not run advertising trackers, session replay, or browser fingerprinting. We use Cloudflare Web Analytics for aggregate visitor metrics (page views, country, browser, page-load performance) - it is cookie-free, IP-anonymized, and does not identify individual visitors. See "Who we share it with" below for what Cloudflare receives.
  • For Wiredepth's own dashboard (the marketing site, the tool pages, and the customer dashboard at wiredepth.com), we do not read or scan email content unless you explicitly paste it into a tool. The email forensics tool processes pasted RFC-5322 headers in memory and does not store them once the response is rendered.
  • We do not collect or compile lists of personally identifying information about your customers, employees, or visitors.

How we use it

  • To run the checks you asked us to run, and notify you about them.
  • To bill you, if you are on a paid plan.
  • To investigate abuse or outages.
  • To send you product emails: sign-in links, alert notifications, and occasional service announcements (outages, breaking changes). We do not send marketing emails to product users.

Who we share it with

Three categories of third parties, each with a specific job:

  • Stripe processes payments. They see your name, email, billing address, and card details. Their privacy policy is at stripe.com/privacy.
  • Resend delivers our outbound email. They see the recipient address and the email body for every email we send. Their privacy policy is at resend.com/legal/privacy-policy.
  • Our hosting provider(currently AWS) sees everything that flows through Wiredepth at the network level. AWS's privacy notice is at aws.amazon.com/privacy.
  • Cloudflare proxies our traffic (CDN, TLS termination, DDoS protection) and runs Web Analytics on marketing pages. They see request headers and IP addresses for every request; for analytics specifically, they collect aggregate visitor metrics without cookies and without storing full IPs. Their privacy policy is at cloudflare.com/privacypolicy.

We do not sell, rent, or trade your data to anyone. We do not share it with advertisers or data brokers.

How long we keep it

  • Account data (email, plan, settings) for as long as your account exists. Deleted on request, or when an inactive free account has been silent for over 24 months.
  • Scan history retained while your subscription is active. Older scans may be archived to cold storage to keep the live database lean, but remain available on request.
  • Audit log retained while your subscription is active; export available on request for compliance evidence.
  • Server logs 30 days.

Your rights

Wiredepth is operated from Canada. You have the right to access, correct, export, or delete your personal data. Email [email protected] from the address on the account and we will respond within 30 days. If you are in the EU/UK, the same rights apply under GDPR; if you are in California, the same rights apply under CCPA. We do not believe we sell or share personal information in the senses those laws define.

Cookies

Two first-party cookies, both HttpOnly, SameSite=Lax, Secure in production. No third-party cookies, no marketing cookies, no cross-site tracking.

  • pv_session - opaque session identifier for signed-in browsers; resolves server-side to your account. Required for the dashboard; if you disable it, you cannot sign in.
  • pv_anon - random opaque id set on first visit. Used only to attribute free-tool runs to an eventual signup so we can measure conversion rate. Contains no personal information; clearing it is safe.

Security

Magic-link tokens are short-lived (15 min) and stored hashed in our database; the raw token only appears in the link we email. Sessions are httpOnly cookies so they cannot be read by JavaScript. Card numbers never touch our servers. We follow standard practices for a production web app, but we are honest that this is a small-team operation and we do not yet hold a SOC 2 attestation. If you need evidence of our posture, we are happy to share the same Wiredepth compliance PDF we offer customers.

Changes

If we change this policy in a way that materially affects your rights, we will email signed-in users before the change takes effect. The current version is always at wiredepth.com/privacy.

Contact

[email protected].