LEGAL CODEX

Privacy Policy

Transparency First. Last Updated: 5/25/2026

This Privacy Policy outlines how Orygn LLC collects, processes, and secures data when you use the WebShield Audit platform. We operate on a principle of "Minimal Viable Data". We only collect what is strictly necessary to perform operational security tasks.

1. Information We Collect

We DO NOT collect: Passwords, Form Inputs, Session Cookies from targets, Personal Names, or Payment Information.

1.1. Provided by You

Target Domain: The URL you submit for auditing. This is treated as public information.

1.2. Automatically Collected

IP Address: Logged temporarily in our Rate Limiting database to prevent API abuse (DoS protection).
Usage Telemetry: Anonymized metrics (e.g., "Page Views", "Scan Duration") via Vercel Analytics.
Scan Results: The output of the audit (Grades, Scores, Headers) is cached to power our "Global Stats" engine. This data helps us improve the scanner heuristic accuracy.

2. Infrastructure Providers (Subprocessors)

We utilize industry-leading third-party processors to secure and deliver the application. By using this service, you acknowledge that data may pass through their systems:

Vercel (USA): Hosting provider and Analytics processor. They secure the edge network and delivery.
Supabase (USA): Database provider. Stores cached scan results and rate limit counters.
Cloudflare (USA): Provides "Turnstile" CAPTCHA protection to distinguish humans from bots.

3. Data Security

We implement commercially reasonable technical and organizational measures to protect your data from unauthorized access, loss, or misuse.

Encryption in Transit: All data is transmitted via HTTPS (TLS 1.2+).
Encryption at Rest: Database records are encrypted at rest by our provider (Supabase).
Access Control: Administrative access to the database is restricted to authorized personnel.

4. Cookies & Data Retention

We use a limited set of cookies/storage for functional logic:

Session/Theme: Local storage to remember your "Dark Mode" preference.
Vercel Analytics: First-party cookies to measure site performance and visitor counts.
Cloudflare Turnstile: Essential security cookies/tokens to validate your browser environment.

Retention Policy: Public domain grades are cached indefinitely to provide historical context. Request logs (IPs) are rotated periodically. Ephemeral detailed reports are deleted after 24 hours.

5. Your Rights & Do Not Sell

We do not sell, trade, or rent any user data to third parties. We are not a data broker. Even as a "free" tool, you are the user, not the product. If you wish to request deletion of cached data related to domains you own, please contact us.

6. International Transfers

Orygn LLC is based in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the US where our servers and central database are located. By using the Service, you consent to any transfer of this information.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:
[email protected]

1. Information We Collect

We DO NOT collect: Passwords, Form Inputs, Session Cookies from targets, Personal Names, or Payment Information.

1.1. Provided by You

Target Domain: The URL you submit for auditing. This is treated as public information.

1.2. Automatically Collected

IP Address: Logged temporarily in our Rate Limiting database to prevent API abuse (DoS protection).

Usage Telemetry: Anonymized metrics (e.g., "Page Views", "Scan Duration") via Vercel Analytics.

Scan Results: The output of the audit (Grades, Scores, Headers) is cached to power our "Global Stats" engine. This data helps us improve the scanner heuristic accuracy.

2. Infrastructure Providers (Subprocessors)

We utilize industry-leading third-party processors to secure and deliver the application. By using this service, you acknowledge that data may pass through their systems:

Vercel (USA): Hosting provider and Analytics processor. They secure the edge network and delivery.

Supabase (USA): Database provider. Stores cached scan results and rate limit counters.

Cloudflare (USA): Provides "Turnstile" CAPTCHA protection to distinguish humans from bots.

3. Data Security

We implement commercially reasonable technical and organizational measures to protect your data from unauthorized access, loss, or misuse.

Encryption in Transit: All data is transmitted via HTTPS (TLS 1.2+).

Encryption at Rest: Database records are encrypted at rest by our provider (Supabase).

Access Control: Administrative access to the database is restricted to authorized personnel.

4. Cookies & Data Retention

We use a limited set of cookies/storage for functional logic:

Session/Theme: Local storage to remember your "Dark Mode" preference.

Vercel Analytics: First-party cookies to measure site performance and visitor counts.

Cloudflare Turnstile: Essential security cookies/tokens to validate your browser environment.

Retention Policy: Public domain grades are cached indefinitely to provide historical context. Request logs (IPs) are rotated periodically. Ephemeral detailed reports are deleted after 24 hours.

6. International Transfers