Privacy Policy

Who we are

The data controller is Jeff Brook (trading as Visibility Score). Our website is visibility-score.com. You can contact us at [email protected].

Note: A UK correspondence address and ICO data protection registration reference will be added to this section shortly. Jeff Brook is in the process of completing ICO registration.

What data we collect

We collect the minimum data necessary to provide our service:

• Website URLs you submit for scanning. Stored to generate your report and track score changes over time.
• Email address (optional for free scans; required for paid reports and subscriptions). Collected when you choose to save your results, purchase a report, or subscribe to monitoring.
• Scan results generated from your submitted URL, including scores and identified issues.
• Payment information when you purchase a report or subscription. Card details are processed directly by Stripe — we never see or store your card number. We receive only a payment confirmation and your email address from Stripe.

What we do not collect

• We do not store page content after analysis. We fetch your publicly accessible pages, analyse them, and discard the raw content.
• We do not use tracking cookies, analytics cookies, or advertising cookies. The only cookies we use are essential for site functionality.
• We do not collect data from any pages behind authentication or login walls.

Lawful basis for processing

Under UK GDPR and the Data Protection Act 2018, we process personal data on the following bases, matched to each activity:

• Contract — processing your URL and generating your report or delivering your subscription (monthly rescans, progress emails, alerts) is necessary to perform the service you requested.
• Contract — transmitting your email address to Stripe and Resend for payment processing and report delivery is necessary to fulfil your order.
• Legitimate interest — we produce anonymised, aggregate statistics from scan results to improve the accuracy of our checks. This processing does not identify individuals. You have the right to object to this processing at any time (see Your Rights below).
• Consent — if you opt in to marketing communications, we rely on your consent, which you may withdraw at any time.

How we use your data

• Providing the service — scanning websites, generating reports, and running monthly rescans for subscribers.
• Delivering reports and service emails — sending your report or subscription emails (score changes, rescan summaries, alerts) to the email address you provide. These are transactional service emails, not marketing.
• Processing payments — fulfilling paid report purchases and managing subscription billing via Stripe.
• Service improvement — aggregate, anonymised statistics on scan results help us improve our checks. This data is not personal data under UK GDPR once anonymised.

We do not use your data for marketing unless you explicitly opt in. We do not sell, rent, or share your personal data with third parties for their marketing purposes.

Automated processing

Our scanning engine produces automated readiness scores for each website submitted. These scores are structural assessments of your website's technical configuration — they do not produce legal effects or significantly affect you in a similar way. Article 22 UK GDPR (automated individual decision-making) does not apply to this processing. The scores are indicative tools, not decisions made about you as an individual.

Third-party processors

We use the following third-party processors to operate Visibility Score. Each processes only the data necessary to perform their specific function:

• Stripe Inc. (United States) — receives your email address and payment details to process card payments. Does not receive scan data or report content. Stripe Privacy Policy.
• Resend Inc. (United States) — receives your email address and report content for the purpose of delivering emails to your inbox. Does not retain data beyond delivery. Resend Privacy Policy.
• Google Cloud Platform (United States / European Economic Area) — hosts our application and stores scan results, email addresses, and report data on encrypted infrastructure. Google Cloud Privacy Notice.

We do not share your data with any other third parties.

International transfers

Stripe, Resend, and Google Cloud Platform are US-based companies. Processing your data through these services involves transferring personal data outside the United Kingdom. Each transfer is protected by appropriate safeguards:

• Stripe — relies on the UK Extension to the EU-US Data Privacy Framework and/or Standard Contractual Clauses (UK Addendum) as the transfer mechanism.
• Resend — relies on Standard Contractual Clauses (UK Addendum) as the transfer mechanism.
• Google Cloud Platform — relies on the UK Extension to Standard Contractual Clauses and Google's data processing terms, which include commitments under the UK International Data Transfer Addendum.

You have the right to obtain a copy of the relevant transfer mechanism by emailing [email protected].

Data retention

• Scan results are retained for 12 months from the date of the scan, then automatically deleted.
• Email addresses (paid customers) — retained for the duration of your subscription or the period you hold a purchased report, then for 13 months after the relationship ends (to handle refund requests, disputes, and legal compliance), then deleted.
• Email addresses (free scan only) — if you provided an email to receive free scan results, retained for 12 months then deleted unless you have since made a purchase.
• Payment records are retained for 6 years as required by UK tax law. These are Stripe transaction records, not full card details.
• Anonymised aggregate analytics — not personal data under UK GDPR; retained indefinitely for service improvement.
• Session cookies — expire when you close your browser. No persistent tracking cookies are set.

Your rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — ask us to delete your data ("right to be forgotten"), subject to legal retention obligations.
• Restriction — ask us to restrict how we process your data while a dispute is resolved.
• Portability — receive your data in a machine-readable format.
• Object — object to processing based on legitimate interest. Where we rely on legitimate interest (anonymised analytics), you may object at any time and we will cease that processing unless we have compelling legitimate grounds that override your interests.
• Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Automated decision-making — you have the right not to be subject to solely automated decisions that produce legal or similarly significant effects. As described above, our scores do not constitute such decisions.
• Complain to the ICO — you have the right to lodge a complaint with the Information Commissioner's Office (see Complaints below).

To exercise any of these rights, email [email protected]. We will acknowledge your request within 5 business days and respond within 30 days (or notify you if an extension is needed).

Cookies

We use only essential session cookies required for the site to function (for example, maintaining the state of your scan while it is running). Session cookies expire when you close your browser. We do not use tracking, analytics, or advertising cookies. No cookie consent banner is required because we do not use non-essential cookies.

When you proceed to payment, Stripe's checkout page may set its own cookies for fraud prevention and payment security purposes. These are set by Stripe as a separate data controller. See Stripe's Privacy Policy for details.

Security

All data is transmitted over HTTPS. Scan results are stored on encrypted Google Cloud infrastructure. Access to personal data is restricted to the service operator. Payment data is handled entirely by Stripe and never passes through our systems.

Children

Visibility Score is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has submitted personal data to us, please contact [email protected] and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. For free scan users, material changes will be reflected in the "last updated" date at the top of this page; continued use of the Service after that date constitutes acceptance.

For active subscription customers, we will notify you of material changes to how we process your data by email at least 30 days before the changes take effect. You may cancel your subscription before the effective date if you do not accept the changes.

Complaints

If you are unhappy with how we handle your data, please email [email protected]. We will acknowledge your complaint within 5 business days and aim to resolve it within 14 business days.

If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at ico.org.uk or by calling 0303 123 1113.