Effective Date: March 31, 2026

Last Updated: March 31, 2026

This Privacy Policy explains how SiteAudit collects, uses, stores, and protects information when users interact with the SiteAudit application and related support communication.

SiteAudit is designed as a passive website security review and hardening assistant for websites that users own or are explicitly authorized to assess. The software is intended for defensive and legitimate review purposes only.

By using SiteAudit, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Product Name: SiteAudit

Support Contact: t.pentzek@icloud.com

If you have any questions about this Privacy Policy or about the handling of data in connection with SiteAudit, you may contact:

Email: t.pentzek@icloud.com

2. Scope of This Policy

This Privacy Policy applies to:

  • the SiteAudit macOS application
  • local data stored by the application
  • user-initiated exports
  • user-initiated support contact actions
  • website requests sent by the application to user-provided target URLs

This Privacy Policy does not apply to third-party websites, infrastructure, hosting providers, email providers, or websites reviewed by the user through the app.

3. Core Privacy Principle

SiteAudit is designed to keep its workflow simple and transparent.

The application is primarily focused on:

  • reviewing the website address entered by the user
  • requesting the response from that target website
  • analyzing the returned response inside the application
  • presenting findings, explanations, and remediation guidance
  • storing limited scan history locally on the user’s device

SiteAudit is intended to minimize unnecessary data handling and to support defensive website review workflows.

4. Information We Process

4.1 Website Address Entered by the User

When the user enters a website address into SiteAudit, the application processes that address in order to perform the requested review.

This may include:

  • the full URL entered by the user
  • the selected audit module
  • the website response returned by the target

4.2 Website Response Data

When an audit is started, SiteAudit sends a request to the user-provided website address and processes the response returned by that website.

Depending on the audit flow, this may include:

  • response URL
  • status code
  • HTTP headers
  • response body content
  • visible security-related indicators such as cookies, scripts, form patterns, redirect behavior, and browser-facing configuration information

This response data is used to generate findings inside the application.

4.3 Local Scan History

SiteAudit stores recent scan history locally on the device to improve usability across sessions.

This locally stored history may include:

  • target website address
  • selected audit module
  • audit status
  • timestamp
  • total number of findings
  • number of problem findings

This history is stored on the user’s device through local application storage.

4.4 User-Initiated Exports

If the user chooses to export audit information, SiteAudit may generate:

  • TXT exports
  • JSON exports
  • clipboard copies of report content

These exports may contain:

  • target website address
  • selected test
  • audit status
  • findings
  • categories
  • severities
  • remediation text
  • practical fix guidance
  • scan history data included by the export format

The user controls whether and when such exports are created, copied, saved, or shared.

4.5 Support Communication

If the user contacts support or uses support-related features, the user may choose to provide information such as:

  • name
  • email address
  • subject line
  • support message
  • screenshots
  • audit context
  • application behavior
  • target website information

This information is provided directly by the user.

5. Information We Do Not Intend to Collect Unnecessarily

SiteAudit is not designed as an advertising platform, analytics-heavy tracking tool, or behavioral profiling system.

The application is not intended to collect unnecessary personal data beyond what is needed for:

  • local app functionality
  • support communication initiated by the user
  • user-requested website review operations

SiteAudit is not described as collecting unrelated user profile information for advertising purposes.

6. How We Use Information

Information processed by SiteAudit may be used for the following purposes:

6.1 To Perform the Requested Audit

The primary purpose of processing is to:

  • connect to the target website entered by the user
  • review the response
  • generate findings and explanations
  • present remediation-related information

6.2 To Display Results Inside the App

The application uses processed information to:

  • populate findings
  • show severity and category information
  • display result details
  • provide explanation and hardening guidance
  • display summary information

6.3 To Improve User Workflow

Local scan history is used to:

  • retain a recent history of completed scans
  • support repeated review workflows
  • help users compare recent results over time

6.4 To Support User-Initiated Reporting

Export functions are used so the user can:

  • save results
  • copy results
  • hand off findings to developers
  • create internal or external reports

6.5 To Respond to Support Requests

If a user contacts support, the provided information may be used to:

  • understand the issue
  • respond to the inquiry
  • clarify product behavior
  • evaluate bug reports
  • review feature requests

7. Legal Basis and Authorized Use Context

SiteAudit is intended for defensive, authorized, white hat website review. Users are responsible for ensuring that they only review websites they own or are explicitly authorized to assess.

By using SiteAudit, users are responsible for confirming:

  • permission to review the target
  • legal and contractual scope
  • compliance with applicable local laws and regulations

SiteAudit is not intended for unauthorized use.

8. Local Storage

SiteAudit stores certain data locally on the user’s device.

At the time of this policy, local storage may include:

  • scan history
  • locally generated exports
  • copied report content placed on the clipboard by user action

8.1 Scan History Storage

Recent scan history is stored locally to support usability across app launches.

8.2 Exported Files

If the user exports a TXT or JSON report, that file is stored wherever the user chooses to save it.

8.3 Clipboard Use

If the user chooses a copy action, the copied content may be placed in the system clipboard. Clipboard contents may then be accessible according to the operating system’s normal behavior.

9. Network Activity

When an audit is started, SiteAudit sends a request to the website address the user entered.

This means the reviewed website may receive information normally associated with a direct request, such as:

  • request timing
  • user agent
  • connection details
  • requested target URL

The reviewed website may log that request according to its own logging and privacy practices. SiteAudit does not control how third-party websites handle incoming requests.

Users should understand that starting an audit creates a connection to the target website.

10. Data Sharing

SiteAudit is not intended to share user data broadly as part of its core function.

However, data may be shared in the following limited scenarios:

10.1 With the Reviewed Website

When an audit is run, the target website necessarily receives the request made by the application.

10.2 Through User-Initiated Exports

If the user exports a report, copies content, or sends support information, the user may share that information with others by choice.

10.3 Through Support Contact

If the user sends an email to support, the content of that communication will be transmitted through the user’s email provider and received through the support email system.

11. Third-Party Services

SiteAudit may rely on standard operating system or platform-level services, such as:

  • local storage mechanisms
  • clipboard functionality
  • file export handling
  • email handoff through the user’s mail application

Any third-party provider or platform used outside the app itself may operate under its own privacy terms and policies.

This Privacy Policy does not govern third-party services outside the direct control of SiteAudit.

12. Data Retention

12.1 Local Scan History

Scan history is retained locally until:

  • it is overwritten
  • the app removes older entries
  • the user removes the app or clears its local data
  • app behavior changes in a future version

At the current design level, the application keeps a limited recent history rather than unlimited retained records.

12.2 Exported Files

Exported reports remain wherever the user saves them until the user deletes them.

12.3 Support Emails

Support communications may be retained for reasonable periods as needed to:

  • respond to inquiries
  • investigate issues
  • track product feedback
  • improve support quality

13. Data Security

Reasonable steps should be taken to protect information handled in connection with SiteAudit. However, no software, local device, network transmission, email system, or storage mechanism can be guaranteed to be completely secure.

Users should take their own precautions, including:

  • securing their device
  • protecting local files
  • managing exported reports carefully
  • sharing audit results only when appropriate
  • avoiding the inclusion of unnecessary sensitive information in support emails

14. Sensitive and Confidential Information

Users should avoid sending unnecessary sensitive, confidential, or regulated data through support email unless clearly required.

If contacting support, users should prefer sending only what is necessary to explain the issue, such as:

  • non-sensitive screenshots
  • module names
  • generic error descriptions
  • relevant result excerpts

Users remain responsible for deciding what they include in support communications.

15. Children’s Privacy

SiteAudit is not designed or marketed for children. The application is intended for professional, administrative, development, and authorized website review use.

If you believe information from a child has been provided improperly, please contact:

t.pentzek@icloud.com

16. International Use

Users may access and use SiteAudit from different countries. By using the app, users understand that information may be processed according to the technical environment in which they use it, including local device storage and support communication systems.

Users are responsible for ensuring that their use complies with local legal requirements.

17. User Rights

Depending on applicable law, users may have rights relating to personal information, including rights to:

  • request information
  • request correction
  • request deletion
  • withdraw consent where applicable
  • object to certain processing
  • request access to information they have provided through support communications

Because much of SiteAudit’s processing is local and user-controlled, some rights may depend on the practical context of the data involved.

For privacy-related inquiries, contact:

t.pentzek@icloud.com

18. User Responsibilities

Users of SiteAudit are responsible for:

  • using the app only for authorized targets
  • verifying website permissions before review
  • handling exported reports responsibly
  • checking whether local storage on their device is appropriate for their environment
  • ensuring that any information shared with support is appropriate and lawful to share

19. White Hat and Authorized Use Statement

SiteAudit is built and presented as a white hat, defensive, and authorized-use application.

It is intended to support:

  • passive response review
  • security awareness
  • hardening guidance
  • developer remediation workflows
  • defensive configuration assessment

It is not intended to promote unauthorized or abusive use.

20. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect:

  • product changes
  • feature updates
  • legal requirements
  • privacy clarifications
  • support workflow changes

If changes are made, the updated version should include a revised “Last Updated” date.

21. Contact

If you have questions about this Privacy Policy or about privacy-related matters concerning SiteAudit, please contact:

t.pentzek@icloud.com

22. Summary

In summary, SiteAudit is designed to:

  • review websites entered by the user
  • process returned response data for defensive analysis
  • store limited scan history locally
  • support user-initiated export and support actions
  • operate as a white hat, passive website security review tool for authorized targets only