Legal
Privacy Policy
Last updated: May 29, 2026
This Privacy Policy explains what information WebTrustScore ("we", "us") collects when you use the website at webtrustscore.com and the scanning API, how we use it, and the third-party services involved. By using the service you agree to this policy.
Information we collect
- Scan submissions. The website domain or URL you submit for scoring.
- Scan results. The computed score, signal values, evidence summaries, and timestamps we generate for a submitted domain.
- Technical data. Your IP address and basic request metadata, used for rate limiting and abuse prevention.
- Scan analytics. When you submit a scan we record aggregate, privacy-conscious metrics — coarse location (country, region, and city derived at our edge network), the referring website and any campaign (UTM) tags, and your device and browser family — to understand demand and plan capacity and marketing. We do not store your IP address in these analytics.
We do not require an account to run a scan, and we do not ask for personal information such as your name or payment details to use the public scanner.
How we use information
- To collect evidence from the submitted website and calculate its WebTrustScore.
- To cache results and reuse recent lookups so repeated scans are faster and cheaper.
- To maintain an internal score history that improves the reputation signal over time.
- To protect the service through rate limiting and abuse detection.
We do not sell your data, and we do not use it for advertising.
Cookies and tracking
We use a strictly necessary cookie to keep you signed in. We also use Google Analytics to understand aggregate, anonymised website usage (pages viewed, approximate region, device type); it sets first-party analytics cookies. We do not set advertising or cross-site tracking cookies, and we do not sell your data. Scan submissions are sent directly to our API.
Third-party services
To deliver the service and collect evidence, we use:
- Cloudflare — hosting, edge compute, and storage (D1, KV, R2) for the site, API, scan records, and evidence.
- Google Web Risk — malware and phishing reputation checks for submitted URLs (when enabled).
- Public RDAP / DNS resolvers — domain registration facts and DNS configuration used as scoring evidence.
When you scan a website, we make requests to that website and to the services above. Those third parties handle data under their own terms and privacy policies.
Data retention
Scan records and evidence are retained to provide score history and audit trails. Cached third-party lookups expire automatically (typically within hours to a day). You may request deletion of records associated with a domain you control by contacting us.
Your choices
Because the public scanner evaluates publicly reachable websites, scans generally concern site configuration rather than individuals. To request removal of a specific scan record or to ask a question about your data, contact us at the address below.
Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above.
Contact
Questions about privacy? Email contact@webtrustscore.com.