Privacy Policy

Last updated: February 2026

1. Introduction

C2IT Labs ("we," "our," or "us") operates SCAN—Site Compliance & Analysis Network—an agency website audit platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website and services. By using SCAN, you agree to the practices described in this policy. If you do not agree, please do not use our services.

We are committed to protecting your privacy and the confidentiality of your account data and scan results. This policy applies to information we collect through our website, application, and in the course of providing scanning and reporting services.

2. Information We Collect

Information you provide

  • Account information — When you register, we collect your name, email address, company name (if applicable), and password. Company administrators may also provide billing and payment information, which is processed by our payment provider (e.g., Stripe) in accordance with their privacy policy.
  • Profile and preferences — Information you add or update in your account or company settings.
  • Communications — When you contact us (e.g., via the contact form or support), we collect the information you provide so we can respond.

Information we collect automatically

  • Technical and usage data — When you use our service, we may collect IP address, browser type, device information, and general usage information (e.g., pages visited, actions taken) to operate the service, improve it, and address security or abuse.

Scan-related information

When you run scans, we collect and store only what is necessary to provide scan results and reports. See Section 4 (Scan Data: What We Store and What We Do Not) for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the SCAN platform and scanning services
  • Authenticate you and manage your account and company
  • Process and store your scan results, reports, and related data so you and your team can access them
  • Send you transactional and service-related communications (e.g., scan completion notifications, password reset, billing-related messages)
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address fraud, abuse, security issues, and technical problems
  • Comply with applicable law and enforce our terms

We do not use your personal information or scan data for advertising or to build profiles for marketing to you. We do not sell your personal information.

4. Scan Data: What We Store and What We Do Not

We do not store the content of the pages we scan. When SCAN crawls or analyzes a website, we do not retain the full HTML, text, or other page content from your clients’ sites. We process that data in order to generate scan results and then we retain only the following:

  • Metrics and findings — Scores, grades, counts, and structured findings (e.g., accessibility issues, broken links, performance metrics, detected technologies, SEO signals) that are necessary to display and export your scan results and reports
  • URLs and structure — The list of URLs scanned, site structure (e.g., sitemap or crawl map), and metadata needed to associate results with the right pages
  • Screenshots — If you use features that capture screenshots (e.g., for responsive or audit reports), we store those images so you can view and share them in reports; we do not use them for any other purpose
  • Configuration and history — Scan settings, run dates, and history so you can view past runs and compare results over time

We do not mine, index, or repurpose content from scanned sites. Our systems are designed to retain only what is required to deliver and display your scan results and to support your use of the service (e.g., scheduled scans, report sharing). This approach reduces privacy and security risk for you and for the owners of the sites you scan.

5. Data Isolation: We Do Not Share Your Data With Other Customers

Your data is isolated from other customers. SCAN is built on a multi-tenant architecture where each company’s data is logically and physically separated. We do not share, sell, or allow access to your account data, project data, or scan results with other customers or with third parties for their marketing or commercial use. Your scans, reports, and configuration are visible only to you and to users you authorize within your company (e.g., team members, company administrators). Report links you create may be shared with anyone you choose; access to those links is controlled by you (and, where applicable, by optional settings such as report passwords).

We do not use your data or your clients’ scan results to train models, improve other customers’ results, or build products that rely on pooling customer data. Your use of SCAN and the sites you scan remain your business.

6. When We May Disclose Information

We may disclose information only in the following circumstances:

  • Within your organization — Company administrators and users you invite can access projects and scan data for your company in accordance with your account and role settings.
  • Service providers — We may use third-party providers for hosting, email delivery, payment processing, and similar operational needs. These providers process data on our behalf under contracts that require them to protect the data and use it only to provide services to us.
  • Legal and safety — When required by law, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or security issues.
  • Business transfers — In the event of a merger, acquisition, or sale of assets, we may transfer information as part of that transaction, subject to the same privacy commitments.

We do not sell, rent, or trade your personal information or scan data to third parties for their marketing or other purposes.

7. Data Retention

We retain your account data and scan results for as long as your account (or your company’s account) is active and as needed to provide the service. You may request deletion of your account and associated data by contacting us; we will process such requests in accordance with our procedures and applicable law. After account deletion, we may retain certain information for a limited period where required for legal, regulatory, or legitimate operational purposes (e.g., resolving disputes, enforcing terms). Where we retain data for such reasons, we will continue to protect it in accordance with this policy.

8. Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include secure transmission (e.g., TLS/HTTPS), access controls, and encryption of sensitive data at rest where applicable. Passwords are hashed using industry-standard methods and are not stored in plain text. We regularly review and update our security practices. Despite our efforts, no method of transmission or storage over the Internet is completely secure; you provide information at your own risk, and we encourage you to use strong passwords and protect your account credentials.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct or update inaccurate information
  • Request deletion of your personal information and, where applicable, your account and associated data
  • Object to or restrict certain processing of your information
  • Data portability, where applicable

To exercise these rights, please contact us. We will respond in accordance with applicable law. If you are in the European Economic Area or the United Kingdom, you may also have the right to lodge a complaint with a supervisory authority.

10. Cookies and Similar Technologies

We use essential cookies and similar technologies to operate our service, including for authentication, session management, and security. These are necessary for the platform to function. We do not use third-party advertising cookies or tracking for advertising purposes. You can control or delete cookies through your browser settings; note that disabling essential cookies may affect your ability to use SCAN.

11. International Use

SCAN may be accessed from different countries. If you use our service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate. By using SCAN, you consent to such transfer and processing. We take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

12. Children

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the service, or applicable law. We will post the updated policy on this page and update the "Last updated" date. For material changes, we may provide additional notice (e.g., by email or a prominent notice in the service) where appropriate. Your continued use of SCAN after the effective date of changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, or to exercise your rights, please contact us. We will respond as promptly as practicable.