What personal data does pseolint collect, and why?

Email address (for magic-link auth and audit-completion notifications), account metadata (name, timezone, UI preferences), audited URLs and rendered reports, a SHA-256 hashed IP combined with a 30-day rotating server-side salt for rate limiting, an anonymous session cookie, an authentication cookie (HttpOnly, Secure, SameSite=Lax, 30-day inactivity expiry), billing metadata via Polar.sh ($19/month Pro), and aggregate request logs retained 30 days. No raw IPs, no card data, no behavioral tracking.

How long does pseolint keep data?

Anonymous audit reports: 24 hours. Free-account reports: 30 days. Pro-account reports: kept until you delete. Account email and profile: kept while your account is open, deleted within 30 days of account closure. Invoices: 10 years per EU tax law. Salted IP hashes: 14 days, with the salt itself rotating every 30 days. Aggregate request logs: 30 days. Email delivery logs purge after 90 days.

Who does pseolint share data with?

Subprocessors: Neon (EU Postgres hosting), Cloudflare R2 (EU-first object storage), Cloudflare Turnstile (bot challenge), Polar.sh (merchant of record for $19/month Pro subscriptions), Resend (transactional email), Google (only if you choose OAuth sign-in), Anthropic (Pro AI triage under zero-retention API terms), and Inngest (background job orchestration). International transfers rely on the EU-US Data Privacy Framework and Standard Contractual Clauses.

What rights do I have under GDPR?

Right of access (we respond within 30 days), rectification, erasure (DELETE /api/account or email us — removes everything within 30 days), portability (GET /api/account/export returns JSON), restriction, objection, withdrawing consent, and lodging a complaint with your local data-protection authority (in France: CNIL, cnil.fr). We do not perform automated decision-making with legal effect.

Legal · privacy

Privacy Policy

Q: Who is the data controller?

pseolint, operating the service at pseolint.dev. Contact philippe.kam27@gmail.com. The policy covers pseolint.dev, its API, the CLI when it communicates with our servers, and transactional email we send you. It does not cover websites we audit on your instruction — those are separately controlled by their operators.

Written plainly. This page tells you exactly what personal data we collect when you use pseolint, why we collect it, how long we keep it, who else sees it, and the rights you have to change, export, or delete it.

Privacy notice scope: this disclosure governs the pseolint hosted dashboard, audit submission endpoints, magic-link authentication flow, billing receipts dispatched via Polar.sh, and the pseolint-bot crawler when it fetches pages from sites you submit. It does not extend to third-party destinations our outbound links reach, nor to self-hosted CLI runs that never contact our servers — those execute entirely on your machine and never transmit audit bodies, IP fragments, or telemetry of any kind back to Ouranos Labs. This document was first published on April 20, 2026, aligns 100% with the GDPR Article 13 disclosure requirements, and was updated on April 30, 2026 to reflect the v0.4.0 engine cut.

Effective 2026-04-20 · contact philippe.kam27@gmail.com

Who is the data controller

Controller: pseolint, operating the service at pseolint.dev.
Contact: philippe.kam27@gmail.com
Scope: This policy covers pseolint.dev, its API, the CLI when it communicates with our servers, and transactional email we send you. It does not cover websites we audit on your instruction — those are separately controlled by their operators.

What we collect, and why

Email address: Collected when you create an account (magic link or Google OAuth). Used for authentication, sending the magic link, audit-completion notifications, and billing receipts. Legal basis: contract performance + legitimate interest (account security).
Account metadata: Name (from Google OAuth, if used), timezone, UI preferences. Legal basis: contract performance.
Audited URLs and rendered reports: The URLs you submit, the HTML we fetch from them, the structured audit summaries we generate, and derived stats (score, counts). Legal basis: contract performance — we can't deliver the service without this.
Hashed IP (rate-limit signal): We store a SHA-256 hash of your IP combined with a rotating server-side salt. The raw IP is never written to storage; only the hash is. Legal basis: legitimate interest (abuse prevention). Salt rotates periodically, which unlinks historical hashes from current IPs.
Anonymous session cookie: One opaque random ID (signed). Lets us tie a pre-sign-in audit to your browser so you can reclaim it on sign-up. Legal basis: strictly necessary (functional — exempt from EU cookie consent).
Authentication cookie: Issued after you sign in. HttpOnly, Secure, SameSite=Lax. Expires after 30 days of inactivity. Legal basis: strictly necessary.
Billing metadata: Subscription plan, Polar customer ID, renewal date. We do NOT receive your card details — those stay with Polar.sh, our merchant of record. Legal basis: contract + legal obligation (invoicing, VAT).
Analytics: Aggregate request logs (route, status, response time) retained 30 days for debugging and capacity planning. No cross-site tracking. No third-party analytics SDK. Legal basis: legitimate interest.

What we do NOT collect

No raw IP addresses: They never touch disk. Only salted hashes do.
No card / bank data: Polar.sh handles payment collection end-to-end.
No behavioral tracking: No Google Analytics, Segment, Mixpanel, FB pixel, LinkedIn pixel, or similar. No cross-site identifiers.
No advertising: We do not sell or rent data. We do not run ads. We do not participate in ad networks.
No training on your data: Your audit content is not used to train AI models — ours or anyone else's. AI triage calls (Pro) send the minimum necessary snippet to Anthropic under their zero-retention terms.

How long we keep data (retention)

Anonymous audit reports: 24 hours, then auto-deleted from storage. DB row keeps aggregate stats (score, page count) for internal analytics.
Free-account audit reports: 30 days, then the cached report body is deleted. Aggregate stats remain.
Pro-account audit reports: Kept until you delete the audit or close the account.
Account email + profile: Kept while your account is open. Deleted within 30 days of account deletion, except where we must retain something to meet a legal obligation (e.g. invoicing records).
Invoices and payment metadata: Retained 10 years per applicable tax/accounting law in the EU.
Salted IP hashes: Deleted after 14 days. Salt rotates every 30 days, severing linkability beyond that window.
Aggregate request logs: 30 days.
Email delivery logs (Resend): Retained by Resend per their policy; we purge references after 90 days.

Who we share data with (subprocessors)

Neon (Postgres hosting): Stores all account and audit metadata. Data region: EU. Contract: GDPR-compliant DPA.
Cloudflare R2 (object storage): Stores cached report HTML and structured summaries. Data region: auto-placed EU-first.
Cloudflare Turnstile: Bot challenge on sign-in and audit submission. Receives a challenge token, not personal data beyond IP (which Cloudflare processes per its own terms).
Polar.sh (payments, merchant of record): Receives your email and the purchase intent when you subscribe. Handles checkout, tax, and invoicing. See polar.sh/privacy.
Resend (transactional email): Receives your email address + the message content (magic link, audit-complete, alerts) at send time.
Google (OAuth, if chosen): Google is informed only that you used pseolint to sign in (inherent to OAuth). We receive your email and basic profile from Google.
Anthropic (AI triage, Pro only): For Pro accounts that run AI triage, an aggregated, anonymized finding summary is sent to Anthropic for root-cause analysis. Sent under Anthropic's zero-retention policy for API. Your audited URLs are not sent; only rule IDs and counts.
Inngest (background job orchestration): Receives audit IDs and worker metadata to run the audit pipeline. Does not receive audit report contents.
International transfers: Some subprocessors process data in the United States (e.g. Resend, Anthropic). Transfers rely on the EU-US Data Privacy Framework and/or Standard Contractual Clauses.

Your rights under GDPR / UK GDPR / CCPA

Right of access: Request a copy of the personal data we hold about you. We respond within 30 days.
Right to rectification: Correct inaccurate data via your account or by emailing us.
Right to erasure: Delete everything with DELETE /api/account while signed in, or email us. Removes user record, audits, reports, and derived stats within 30 days.
Right to portability: Export your audit history as JSON via GET /api/account/export.
Right to restrict / object: Email us to restrict processing or object to legitimate-interest processing (rate-limit hashes, analytics).
Right to withdraw consent: Where processing is based on consent (e.g. marketing email, if you ever opted in), you can withdraw at any time without affecting lawful processing that already happened.
Right to lodge a complaint: You may complain to your local EU data-protection authority. In France: CNIL (cnil.fr).
No automated decision-making: We do not take legal or similarly significant decisions about you via automated means.

Security

Transport: All connections use TLS 1.2 or higher. HSTS is enforced.
At-rest encryption: Database and object storage are encrypted at rest by the hosting provider.
Authentication: Magic links are single-use, short-lived (15 minutes), and bound to the requesting device. Google OAuth follows Google's security model.
Session cookies: HttpOnly, Secure, SameSite=Lax. Signed with a server-held secret.
Access control: Private audits are keyed to the user ID or anonymous session ID. Public audits are accessible by anyone who has the share URL (by design).
Breach notification: If we confirm a personal-data breach likely to result in risk to your rights, we will notify the relevant authority within 72 hours and you as soon as reasonably possible, per Art. 33–34 GDPR.

Cookies and local storage

Strictly necessary cookies: Session cookie (auth), anonymous session cookie, CSRF token. Exempt from consent under EU ePrivacy — these are required for the service to function.
No analytics cookies: We set no analytics or tracking cookies.
No advertising cookies: We set none.
Third-party cookies from embeds: We do not embed third-party trackers. Turnstile may set a short-lived functional cookie during the bot challenge.
Local storage: We use localStorage only to remember UI preferences (e.g. theme). No personal identifiers.

Children

Age: The service is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe we have, email us and we will delete it.

Changes to this policy

Notifications: Material changes are announced at least 30 days before they take effect — via an in-app banner and, for signed-in users, email. Non-material edits (typos, clarifications) are made in place with an updated effective date.
History: Previous versions of this policy are available on request.