Legal
Privacy Policy
Last updated: May 2026
This Privacy Policy explains how we collect, use, and protect personal data when you use our website, services, and GDPR website scanning platform available at https://getgdprscan.com.
1. Data Controller
The data controller responsible for personal data processed through GetGDPRScan is:
Gregor Flajs S.P.
Zgornja Kungota 2201, Zgornja Kungota, Slovenija
VAT ID: SI33884269
Email: support@getgdprscan.com
2. What Data We Collect
We collect only the information necessary to provide and improve our services.
Information you provide
Depending on how you use the service, we may collect:
- Name
- Email address
- Billing information
- Company information
- Website URLs submitted for scanning
- Messages sent through contact forms or support requests
Automatically collected information
When you use our website or platform, we may automatically collect:
- IP address
- Browser type and device information
- Usage and interaction data
- Log data and technical diagnostics
- Cookie and analytics data
Website scan data
When you submit a website for scanning, we may process:
- Publicly accessible website content
- Tracking scripts and technologies detected on the website
- Cookie consent mechanisms
- Public privacy policy content
- Public forms and data collection indicators
GetGDPRScan scans only publicly accessible website content and does not access private databases, passwords, or restricted areas.
3. How We Use Personal Data
We use personal data to:
- Provide GDPR scanning and monitoring services
- Generate AI-assisted GDPR reports
- Process payments and subscriptions
- Send scan notifications and monitoring alerts
- Respond to support requests
- Improve platform performance and reliability
- Prevent abuse, fraud, or unauthorized access
- Comply with legal obligations
4. Legal Bases for Processing
Under GDPR, we process personal data based on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Providing GDPR scans, monitoring, and reports | Performance of a contract |
| Managing user accounts and subscriptions | Performance of a contract |
| Processing payments and invoices | Legal obligation and performance of a contract |
| Responding to support requests | Legitimate interests and performance of a contract |
| Improving platform security and preventing abuse | Legitimate interests |
| Sending essential service-related notifications | Performance of a contract |
| Sending optional marketing communications | Consent, where required |
| Analytics and product improvement | Legitimate interests or consent, depending on applicable law |
5. AI-Generated Reports
GetGDPRScan uses automated systems and AI technologies to generate GDPR-related insights and recommendations. Reports generated by GetGDPRScan:
- Are provided for informational and educational purposes only
- May contain inaccuracies or incomplete findings
- Do not constitute legal advice
- Do not guarantee GDPR compliance
Users remain responsible for evaluating and implementing any recommendations.
6. Payments
Payments are securely processed by third-party payment providers such as Stripe. We do not store full payment card details on our servers. Payment providers may process billing information according to their own privacy policies.
8. Third-Party Services
We may use trusted third-party providers to operate and improve the service, including:
- Hosting and infrastructure providers
- Payment processors
- Analytics providers
- Email delivery providers
- AI service providers
These providers may process personal data only as necessary to provide their services to us.
9. Data Retention
We retain personal data only for as long as necessary to provide the service, comply with legal obligations, and maintain platform security and reliability.
Typical retention periods include:
- Account information: retained while the account is active and up to 30 days after account deletion requests
- Billing and invoice data: retained for up to 10 years where required by applicable tax and accounting laws
- Scan history and monitoring results: retained while monitoring is active or until deleted by the user
- Support requests and contact messages: retained for up to 24 months
- Technical logs and security records: typically retained for up to 90 days unless longer retention is required for security or legal reasons
Some information may be retained longer where necessary to comply with legal obligations, resolve disputes, or enforce agreements.
10. Your GDPR Rights
Depending on your location and applicable law, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of personal data
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent
- Lodge a complaint with a supervisory authority
To exercise your rights, contact: support@getgdprscan.com
11. Data Security
We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure. However, no method of electronic transmission or storage is completely secure.
12. International Transfers
Some third-party providers used by GetGDPRScan may process data outside the European Economic Area (EEA). Where applicable, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms.
13. Children's Privacy
GetGDPRScan is not intended for children under the age of 16. We do not knowingly collect personal data from children.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When changes are made, the updated version will be published on this page with a revised "Last updated" date.
15. Contact
If you have questions about this Privacy Policy or how your data is processed, contact: