Privacy Policy

Last updated: April 15, 2026

This policy describes how Scorifya (“we”, “us”) handles information when you use scorifya.com and related services. It is written for transparency; it is not legal advice. If you need terms tailored to your jurisdiction, consult qualified counsel.

Who we are

Scorifya operates the website and scan feature described on this site. Contact details appear on the Contact page.

Information we process

URLs you submit

When you run a scan, we process the URL you enter so our servers can perform the technical checks. That may include the hostname, path, and query string you provided.

Per-scan analytics (operations)

To run the service, prevent abuse, and understand usage, we store a compact analytics record for many scans in our database. This record typically includes the scanned hostname (normalized), the approximate time of the scan, whether the scan succeeded (and the numeric score when it did), a coarse plan indicator (free vs Pro for rate limits), and—if you were signed in—an internal account identifier from Clerk (not your email address). We do not store your full scan response, findings list, or exported reports in this analytics store. Aggregates derived from these records may appear in internal dashboards.

Access to raw analytics views is restricted to Scorifya operators (for example a single configured admin account). It is not a public feed.

Technical and security logs

Like most websites, our hosting and infrastructure may automatically collect server logs (for example IP address, approximate time, user agent, and request path). We use this information to operate the service, prevent abuse (such as excessive scanning), and diagnose errors.

Cookies and similar technologies

See our Cookie Policy. Basic scans do not require an account; signing in uses cookies/session mechanisms from our authentication provider.

Accounts and Pro subscriptions

If you sign in or purchase Pro, we use Clerk for authentication and Stripe for web purchases. A future iOS app, when released, is planned to use Apple In-App Purchase with RevenueCat to manage subscription status. We keep only limited account and subscription status data needed to provide Pro features (such as exports) and support billing/account requests. Payment card details are processed by payment providers, not stored by Scorifya. Clerk and Stripe (and, when the iOS app ships, Apple and RevenueCat) process personal data under their own privacy terms where applicable.

For signed-in users, our /api/me endpoint returns whether you are signed in and your plan (free vs Pro) to the website. A first-party iOS build may request the same endpoint with ?include=clerkUserId so it can pass your Clerk user id to Apple subscription tooling (RevenueCat) as an app user id; the public website does not use that parameter for normal browsing.

AI summary, chat, and watch alerts

We use Anthropic as a sub-processor in three places to help you understand scan results: (1) the on-demand AI summary on a scan result page (Pro), (2) the AI chat for follow-up questions about a specific scan (Pro), and (3) AI explanation paragraphs in watched-domain notification emails (Pro and free) that explain why a watched domain's score moved week-over-week.

In all three cases we forward only the scan output (URL, score, category breakdown, top findings) plus, for chat, the messages you typed. We do not send your account identity, email, IP address, or any other personal data. Anthropic processes the data under its own commercial terms and does not use API inputs or outputs to train its models. Generated text is streamed back to your browser (summary, chat) or rendered into the outgoing email body (watch alerts); we do not store any of it server-side.

Web analytics and performance

We use Vercel Web Analytics and Vercel Speed Insights to understand site usage and reliability (for example aggregated traffic trends and page performance such as Core Web Vitals) on scorifya.com. We use these metrics to improve performance, stability, and product decisions, and do not use them to sell personal information. See Web Analytics and Speed Insights documentation for details.

First-party visit log

Scorifya also keeps a first-party log of visits to scorifya.com that records the page path, your browser's User-Agent string, approximate geolocation (country, region, city), and an anonymized form of your IP address — for IPv4 the last octet is zeroed (e.g. 203.0.113.0) and for IPv6 the last 80 bits are zeroed (e.g. 2001:db8:abcd::) before storage. We use this for security monitoring and product analytics. Raw IP addresses are not stored.

Legal bases (where applicable)

Depending on your region, we may rely on legitimate interests (running and securing the service), performance of a contract where you purchase a future paid plan, or consent where required for optional marketing or non-essential cookies.

How long we keep information

Retention depends on configuration and hosting. Typically, security and access logs are kept for a limited period needed for abuse prevention and operations. Account and subscription rows are kept while your relationship is active and for a short period afterward as needed for billing and disputes.

Per-scan analytics rows are kept in our production database until they are removed as part of normal operations, migrations, backups rolling off, or a deliberate cleanup. We do not currently promise a fixed minimum or maximum retention window for every row. If you have questions about data tied to your account, contact us and we will handle requests consistent with applicable law.

Sharing

We use infrastructure providers (for example hosting, DNS, and email) who process data on our behalf under appropriate agreements. We do not sell your personal information. We may disclose information if required by law or to protect rights and safety.

International transfers

If you access the service from outside the country where our servers are located, your information may be processed across borders. We take steps consistent with applicable law.

Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or restrict certain processing, or to object or port data. Contact us and we will respond within the timeframes required by law.

Children

Scorifya is not directed at children under 16. We do not knowingly collect their personal information.

Changes

We may update this policy from time to time. The “Last updated” date at the top will change when we do. Material changes may be announced more prominently on the site.