Privacy Policy
Effective July 2, 2026
1. Introduction
OnScanner is a website security and privacy scanning platform built and operated by Byte Optimizer LLC, a Wyoming limited liability company ("Byte Optimizer", "we", "us"). This policy applies to the OnScanner website (onscanner.com), the OnScanner application and portal, the OnScanner REST API and MCP server, and related professional services. Byte Optimizer LLC is the data controller. By accessing or using OnScanner you agree to this policy. We commit to minimal, transparent data handling.
2. Information We Collect
- You provide: account details, payment information, contact-form submissions, the login credentials, session tokens, or API keys you supply for authenticated scans (used solely to perform the scan you requested), and any materials you share with us.
- Service-generated: scan data and findings, target metadata, and portal usage.
- Collected automatically: device and browser information, usage patterns, server logs, and cookies.
3. How We Use Your Information
To deliver and secure the service, prevent abuse, communicate with you, provide opt-in marketing, power optional AI features, run analytics, and meet our legal and contractual obligations.
4. AI & Automated Reasoning
OnScanner's optional AI features (AI Findings and AI compliance analysis) are off by default and opt-in per scan. The scan itself never uses an LLM. If you enable an AI feature for a scan, your scan findings, scan summary data, and target metadata are sent to a third-party AI provider (such as Anthropic, OpenAI, or Google) to generate the analysis. We use these providers under agreements that prohibit using your data to train their models, and we do not enable training on your data. We explicitly exclude from AI processing: payment card and billing data, login credentials supplied for authenticated scanning, raw screenshots/video/image renderings of your interfaces, and confidential information disclosed during professional-services engagements. If you do not enable an AI feature, no scan data is sent to any AI provider. To opt out of AI features entirely, simply leave them unchecked, or email support@onscanner.com with the subject "AI Opt-Out".
5. Cookies & Tracking Technologies
We use Essential (session/authentication), Functional (preferences), Analytics (e.g. Google Analytics), and Marketing cookies. You can control cookies via your browser settings; blocking essential cookies may disable parts of the service.
6. Data Sharing & Disclosure
We share data with service providers (such as Stripe, AWS, DigitalOcean, Cloudflare, Hetzner, and email providers) under contractual restrictions. We share scan findings with a third-party AI provider only when you opt in to an AI feature for a scan (see Section 4), under no-training terms. We may disclose data to comply with the law, prevent abuse, or where unauthorized scanning is detected, and will notify you of a business transfer. Any other sharing requires your explicit consent.
7. Data Security
We use TLS 1.2+ encryption in transit, encryption at rest, role-based access controls, SOC 2-aligned hosting, regular security testing, and employee training. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Data Retention
| Category | Retention |
|---|---|
| Account information | Duration of your account, plus 1 year after closure |
| Payment & billing | 7 years for tax and legal compliance |
| OnScanner scans | 12 months from scan date, or duration of subscription plus 90 days |
| AI prompts & outputs | Same retention as the underlying scan |
| Penetration-test reports | 3 years from delivery date |
| Support communications | 2 years from resolution |
| Website analytics | 26 months |
| Server logs | 90 days |
9. International Data Transfers
We are US-based and may transfer data internationally. Transfers from the EEA, UK, or Switzerland rely on Standard Contractual Clauses, your consent, or other lawful mechanisms.
10. Your Privacy Rights
All users may request access, correction, deletion, data export, and opt out of marketing or AI processing. EEA/UK/Switzerland users may additionally restrict or object to processing, withdraw consent, and lodge a complaint with a supervisory authority. California residents have the rights to know, delete, and opt out of sale/sharing, and to non-discrimination. To exercise any right, email support@onscanner.com; we respond within thirty (30) days.
11. Children's Privacy
OnScanner is not intended for individuals under 18, and we do not knowingly collect their data. We delete such data upon discovery.
12. Third-Party Links
Our services may link to third-party sites we do not control. Please review their privacy policies.
13. Changes to This Policy
We post material changes with a revised date and give active account holders thirty (30) days' advance email notice. Continued use after the effective date constitutes acceptance.
14. Contact
- Privacy & support: support@onscanner.com
- Data Protection Officer: shawon@byteoptimizer.com
- Byte Optimizer LLC, 30 N Gould St, Sheridan, Wyoming 82801, US