Privacy Policy

Effective Date: January 1, 2025
Last Updated: December 27, 2025

1. Introduction

Welcome to Secure My Site, operated by Simatrix Ltd ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience using our service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Simatrix Ltd (trading as Secure My Site), a company registered in England and Wales (Company No. 16290120), is the data controller for the purposes of UK GDPR and the Data Protection Act 2018. You can contact us at legal@securemysite.io if you have questions about this policy or wish to exercise your rights.

2. Data We Collect

2.1 Information You Provide

  • Target URLs: The website URLs you submit for scanning
  • Payment Information: Email address collected by Stripe during checkout (we do not store credit card details)

2.2 Automatically Collected Information

  • IP Address: Your IP address for rate limiting and abuse prevention
  • User Agent: Browser and device information
  • Timestamp: Date and time of scan requests
  • Scan Results: Security findings from your scans (temporarily stored)

2.3 What We DON'T Collect

  • No cookies (except for Stripe payment processing)
  • No user accounts or passwords
  • No tracking pixels or analytics
  • No marketing or advertising data

3. How We Use Your Data

We use collected data solely for:

  • Providing the Service: Performing scans and generating reports
  • Payment Processing: Processing payments via Stripe
  • Abuse Prevention: Enforcing rate limits and blocking malicious use
  • Service Improvement: Identifying bugs and improving scan accuracy
  • Legal Compliance: Maintaining logs for security and legal purposes

The principal lawful bases we rely on are: performance of our contract with you, our legitimate interests in running and improving Secure My Site, compliance with legal obligations, and your consent (where applicable).

4. Data Retention

  • Scan Results: Stored temporarily (30 days max) for report access
  • Access Logs: Retained for 90 days for security monitoring
  • Payment Records: Retained per Stripe's policies and tax requirements

We do NOT store historical scan data or build profiles of your scanning activity.

5. Data Sharing and Disclosure

We do NOT sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who help us operate our service (see section 8)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with any merger, sale, or acquisition

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit using TLS/SSL protocols (HTTPS)
  • Encryption of data at rest in our databases
  • Access controls and authentication mechanisms
  • IP-based rate limiting to prevent abuse
  • Regular security assessments and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

7. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal information:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data (subject to legal obligations)
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a portable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Where processing is based on consent

To exercise any of these rights, please contact us at legal@securemysite.io. We will respond to your request within one month, though this may be extended by up to two months for complex requests.

If you are based in the UK or EEA, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO), which can be contacted at ico.org.uk or by calling 0303 123 1113.

8. Third-Party Services

We use the following third-party service providers to operate Secure My Site:

  • Stripe: Payment processing (see Stripe Privacy Policy)
  • AI Service Providers: AI-powered report generation (scan findings data only, not personally identifiable information)

These providers process data on our behalf under strict data processing agreements and are obligated to protect your information in accordance with applicable data protection laws.

9. International Data Transfers

Your information may be transferred to and processed in countries outside the UK or European Economic Area, including the United States, where our service providers operate infrastructure.

When we transfer your personal data outside the UK or EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use EU Commission-approved Standard Contractual Clauses with our service providers
  • UK GDPR compliance: All processors are contractually bound to protect data in accordance with UK GDPR standards
  • Technical safeguards: Encryption in transit and at rest for all international data transfers

10. Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can remove it promptly.

11. Cookies & Tracking

Secure My Site currently uses only essential cookies that are necessary to process payments and keep the service functioning. These essential cookies do not require consent under UK PECR as they are strictly necessary for the service.

Essential cookies we use include:

  • Stripe payment session cookies for secure checkout
  • Session cookies for scan ID tracking

We do not use analytics, marketing, or tracking cookies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last Updated" date
  • Displaying a prominent notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Registered office address available upon request or via Companies House public register.

Summary (TL;DR): We collect minimal data (URL, IP, email for payment). We don't track you, sell data, or build profiles. Scans are temporary. Payment via Stripe. Delete your data anytime.

← Back to Home