Last updated: March 2026
KrakenProbe ("we", "us", "our") is a website security scanning tool operated from Ireland. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
When you sign in with GitHub, we receive your GitHub username, email address, and profile image via GitHub's OAuth flow. We do not receive or store your GitHub password. We do not request access to your repositories, code, or any private GitHub data.
When you scan a website, we collect the URL you submit and the publicly-available security information returned by our scanners (TLS certificates, HTTP headers, DNS records, publicly-loaded scripts, cookies sent over HTTP). This is the same information any browser or network tool can observe. We do not access any private, authenticated, or internal pages of the scanned website.
If you enable AI analysis, your scan results are sent to OpenAI's API for processing. This data is subject to OpenAI's Privacy Policy. OpenAI does not use API data for training models.
If you accept analytics cookies, we collect anonymous usage data via PostHog — page views, feature usage, and performance metrics. This data is aggregated and cannot be used to personally identify you. Analytics are entirely opt-in. See our Cookie Policy for details.
Your scan history (up to 30 recent scans) is stored in your browser's local storage. This data never leaves your device and is not accessible to us.
We use the information described above to:
→ Authenticate you and maintain your session
→ Run security scans on the URLs you submit
→ Generate AI-powered security reports
→ Enforce rate limits and prevent abuse
→ Understand how the tool is used and improve it (only with your consent)
We share data only with the following third-party services, and only as described:
| Service | Data Shared | Purpose |
|---|---|---|
| GitHub | OAuth token exchange | Authentication |
| OpenAI | Scan results (public data only) | AI analysis |
| PostHog | Anonymous usage events | Analytics (opt-in) |
| Netlify | Hosting and request logs | Infrastructure |
We do not sell, rent, or trade your personal information to any third party.
• Session data is temporary and expires when you sign out or your session ends.
• Scan results may be cached on our servers for up to 24 hours to improve performance for repeat scans. After that, they are automatically deleted.
• Analytics data is retained by PostHog according to their retention policies.
• Local scan history remains in your browser until you clear it.
Under the General Data Protection Regulation (GDPR) and Irish data protection law, you have the right to:
→ Access — Request a copy of any personal data we hold about you
→ Rectification — Ask us to correct inaccurate data
→ Erasure — Ask us to delete your data
→ Restrict processing — Ask us to limit how we use your data
→ Data portability — Request your data in a machine-readable format
→ Withdraw consent — Opt out of analytics at any time via our Cookie Policy page
To exercise any of these rights, contact us via the details below.
We take reasonable measures to protect your information, including HTTPS encryption for all connections, secure session handling via NextAuth.js, and environment-variable-based secret management. However, no system is 100% secure, and we cannot guarantee absolute security.
KrakenProbe is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of KrakenProbe after changes constitutes acceptance of the revised policy.
If you have questions or concerns about this Privacy Policy, or wish to exercise your data protection rights, you can reach us via the GitHub repository.