Back to homeAxisDiagnostic

Legal · Last updated May 8, 2026

Privacy Policy

This Privacy Policy explains how Axis Diagnostic ("we", "us", "our") collects, uses and protects your personal data when you use our website and services (the "Service"). We comply with the EU General Data Protection Regulation (GDPR) and equivalent privacy laws in other jurisdictions.

1. Data we collect

We only collect what we need to deliver the Service:

  • Account data: your email address and an encrypted password (or, for Google sign-in, your email and basic profile identifier).
  • Audit data: the URLs you submit for analysis and the resulting AI-generated reports, linked to your account.
  • Purchase metadata: tier purchased, URL it unlocks, timestamp. We do not store full card numbers — payments are handled directly by Stripe.
  • Technical data: minimal request information (e.g. timestamps, error logs) needed to operate and secure the Service.

We do not knowingly collect data from children under 16.

2. Why we use your data (legal bases)

  • To deliver the Service you requested — performance of contract.
  • To process payments and prevent fraud — performance of contract and legitimate interest.
  • To secure the Service (rate limiting, abuse detection, error monitoring) — legitimate interest.
  • To comply with law (e.g. tax records for paid invoices) — legal obligation.

We do not sell your personal data and we do not use it for advertising profiling.

3. Third-party processors

The Service is built on trusted infrastructure providers who process limited data on our behalf under data-processing agreements:

  • Supabase (database & authentication, EU/US) — stores your account, diagnostic history and purchase records.
  • Stripe (payments, global) — receives the data needed to process your card or wallet payment. Card details are sent directly to Stripe and never touch our servers.
  • Firecrawl (web crawling, US) — fetches the public HTML and screenshots of the URLs you submit so our diagnostic engine can analyze them.
  • Google Gemini (AI processing, via the Lovable AI Gateway) — receives the scraped page content to generate the diagnostic findings, scoring and developer specifications.

When data is transferred outside the EEA we rely on Standard Contractual Clauses or equivalent safeguards.

4. Cookies and local storage

We use a strictly necessary set of cookies and browser storage items — no advertising or cross-site tracking cookies:

  • Authentication session — keeps you signed in (set by our backend).
  • Theme preference — remembers your light/dark mode choice (local storage).

5. How long we keep your data

  • Account & diagnostic data: until you delete your account or request deletion.
  • Purchase records: retained as long as required by tax and accounting law (typically 7 years).
  • Operational logs: 30 days (rolling).

6. Your rights

Under GDPR (and similar regimes) you have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate data;
  • Delete your data ("right to be forgotten");
  • Export your data in a portable format;
  • Object to or restrict certain processing;
  • Withdraw consent at any time, where processing is based on consent;
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@axisdiagnostic.com from the address associated with your account. We respond within 30 days.

7. Security

We use HTTPS for all traffic, hash passwords using industry-standard algorithms, enforce row-level security on user data in our database, and restrict access to production systems to authorized personnel only.

8. Changes to this policy

We may update this policy from time to time. The "Last updated" date above will change accordingly, and material changes will be highlighted in the product.

9. Contact

Privacy questions or requests? Email support@axisdiagnostic.com.