Web Audits logo
Audits
Website audit SEO audit Technical audit UX & Conversion audit AI/LLM Visibility audit Ecommerce audit
CMS Audits Cases Resources About Us Get Free Audit

Privacy Policy

Last Updated: February 11, 2026

Web Audits is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

1. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources. The types of personal data we may collect include:

Personal identification information: name, email address, company name, job title, and contact details you provide when requesting services, subscribing to our communications, or contacting us.

Payment information: billing address and payment method details processed through our third-party payment processor Stripe. We do not directly store credit card numbers or complete payment credentials on our servers.

Service delivery information: website URLs, analytics access credentials, technical documentation, and other information necessary to provide audit services that you grant us access to.

Communication data: records of correspondence when you contact us via email or other communication channels, including the content of messages and metadata.

Technical and usage data: IP address, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, access times, device information, and other diagnostic data collected automatically through standard web server logs and analytics tools.

We collect personal data directly from you when you use our services. We do not obtain personal data about you from third-party sources except where you have granted us access to third-party platforms (such as your website analytics or content management systems) for service delivery purposes.

Providing certain personal data is necessary to enter into and perform our service contract. If you do not provide required information such as your name, email address, payment details, and service specifications, we will be unable to deliver our services to you. Providing information for marketing purposes is voluntary and does not affect service delivery.

2. Legal Basis for Processing

We process your personal data only when we have a legal basis to do so under the General Data Protection Regulation (GDPR) and applicable data protection laws. Our legal bases include:

Contractual necessity: processing is necessary to perform our contract with you when you purchase our services, including service delivery, customer support, and payment processing.

Consent: you have given explicit consent for us to process your personal data for specific purposes, such as sending marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legitimate interests: processing is necessary for our legitimate business interests, such as fraud prevention, network security, service improvement, and internal administration. We have conducted a balancing test and determined that our legitimate interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests at any time.

Legal obligations: processing is necessary to comply with legal requirements, such as tax obligations, accounting regulations, or responding to lawful requests from authorities.

3. How We Use Your Information

We use the personal data we collect for the following purposes:

Service provision: to deliver the audit services you have purchased, including conducting SEO audits, website audits, AI system audits, and preparing deliverables.

Communication: to respond to your inquiries, provide customer support, send service-related notifications, deliver requested information, and communicate about your service order.

Payment processing: to process transactions, verify payment information, prevent fraud, and fulfill billing obligations through our payment processor Stripe.

Service improvement: to understand how our services are used, analyze trends, troubleshoot technical issues, and improve our website functionality and service offerings.

Marketing communications: only with your explicit prior consent, to send newsletters, promotional materials, and information about our services that may interest you. You can withdraw consent and opt out at any time by clicking the unsubscribe link in our emails, replying with "unsubscribe", or contacting us directly at [email protected]. Withdrawal will take effect within 48 hours.

Legal compliance and protection: to comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to protect our rights, privacy, safety, or property.

Business operations: for internal recordkeeping, accounting, reporting, analytics, and business administration purposes.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may share your information only in the following circumstances:

Service providers: we share data with trusted third-party service providers who perform services on our behalf, including Stripe for payment processing, email service providers for marketing communications, hosting providers for website infrastructure, and analytics services for website performance monitoring. These providers are contractually obligated to protect your data and use it only for the purposes we specify. They act as data processors under our instructions.

Legal requirements: we may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, prevent fraud, ensure safety, or comply with legal processes.

Business transfers: in the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy. We will notify you of any such transfer via email or prominent notice on our website.

With your consent: we may share your information with third parties when you have given explicit consent for such sharing.

All third parties with whom we share data are required to maintain appropriate technical and organizational measures to protect your personal data in accordance with GDPR requirements.

5. International Data Transfers

Our services are provided internationally, and your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including countries outside the EEA and the United States, which may have different data protection laws than your country of residence.

When we transfer personal data from the EEA to countries without an adequacy decision from the European Commission, we implement appropriate safeguards to protect your data, including Standard Contractual Clauses approved by the European Commission in accordance with GDPR Article 46.

Our payment processor Stripe complies with the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses for international data transfers. Stripe also maintains appropriate technical and organizational measures including encryption, access controls, and regular security audits. You can learn more about Stripe's data protection practices at stripe.com/privacy.

By using our services, you acknowledge and consent to the transfer of your personal data to countries outside the EEA under the safeguards described above.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

Service-related data: customer information and project data are retained for the duration of our business relationship and for 3 years after service completion for warranty purposes, customer support, and potential disputes.

Payment and transaction records: retained for 7 years to comply with tax and accounting regulations in accordance with applicable financial legislation.

Marketing communications: retained until you withdraw consent or unsubscribe from our mailing list, at which point your data will be removed from marketing databases within 30 days.

Technical logs and analytics data: typically retained for 30 to 90 days for security monitoring, troubleshooting, and system maintenance purposes, after which they are automatically deleted or anonymized.

Email correspondence and support tickets: retained for 2 years for customer service quality, training, and dispute resolution purposes.

After the applicable retention period expires, we will securely delete or anonymize your personal data using industry-standard data destruction methods. You may request earlier deletion of your data by contacting us, subject to legal retention requirements that may prevent immediate deletion. We will inform you if legal obligations prevent us from deleting specific data.

7. Your Data Protection Rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

Right of access: you have the right to request copies of your personal data that we hold and information about how we process it, including the purposes of processing, categories of data, recipients, and retention periods.

Right to rectification: you have the right to request correction of inaccurate or incomplete personal data. We will update your information within 30 days of receiving your request.

Right to erasure (right to be forgotten): you have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, when you object to processing and there are no overriding legitimate grounds, or when processing is unlawful. This right is subject to legal retention obligations that may require us to retain certain data such as financial records.

Right to restrict processing: you have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data, when processing is unlawful but you oppose erasure, when we no longer need the data but you need it for legal claims, or while we verify grounds for processing after you object.

Right to data portability: you have the right to request transfer of your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON) to you or to another service provider, where technically feasible.

Right to object: you have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests, rights, and freedoms, or for establishment, exercise, or defense of legal claims.

Right to withdraw consent: where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal. To withdraw marketing consent, click "unsubscribe" in emails, reply with "unsubscribe", or contact us at [email protected].

Right not to be subject to automated decision-making: you have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not engage in automated decision-making or profiling activities.

Right to lodge a complaint: you have the right to lodge a complaint with a data protection supervisory authority in your country if you believe we have violated your data protection rights. Contact information for supervisory authorities is provided in Section 14 below.

To exercise any of these rights, please contact us at [email protected] with your full name, the right you wish to exercise, and any relevant details. We will respond to your request within 30 days (one month). In complex cases, we may extend this period by two additional months and will inform you of the extension and reasons. We may need to verify your identity before processing certain requests to protect your privacy and security, which may require you to provide identification documents.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to enhance your experience on our website. Cookies are small text files stored on your device that help us recognize you, remember your preferences, analyze site usage, and improve website functionality.

Types of cookies we may use include: essential cookies that are strictly necessary for website functionality and security, such as maintaining your session and remembering your privacy preferences; performance and analytics cookies that help us understand how visitors interact with our website through aggregated statistics, including which pages are visited most frequently and how long users spend on different pages; and functional cookies that remember your preferences and settings to provide enhanced, personalized features.

We do not use advertising or targeting cookies. The analytics cookies we use collect anonymized or pseudonymized data and do not identify you personally.

You can control cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. You can typically find cookie settings in the "options" or "preferences" menu of your browser. However, disabling essential cookies may limit your ability to use certain features of our website. When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies in accordance with your preferences.

For more information about the specific cookies we use, their purposes, and duration, please contact us at the address provided in Section 13.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction in accordance with GDPR Article 32. Our security measures include:

Encryption: we use industry-standard SSL/TLS encryption (minimum TLS 1.2) for all data transmission between your browser and our servers, and encrypt sensitive data at rest using AES-256 encryption or equivalent standards.

Access controls: we restrict access to personal data to authorized personnel only on a need-to-know basis and principle of least privilege. All employees with access to personal data are bound by confidentiality obligations.

Secure infrastructure: we use reputable hosting providers with robust physical and digital security practices, including firewalls, intrusion detection systems, regular security audits, and 24/7 monitoring.

Regular security assessments: we conduct periodic reviews of our security practices, vulnerability assessments, and update our measures as necessary to address evolving threats and comply with current security standards.

Third-party security: our payment processor Stripe maintains PCI-DSS Level 1 certification, the highest level of payment security compliance, ensuring that payment card data is handled with maximum security.

Secure authentication: we use strong password policies, secure password storage using salted hashing algorithms, and encourage use of two-factor authentication where available.

Regular backups: we maintain regular encrypted backups of data to prevent data loss and ensure business continuity, with backups stored securely in geographically separate locations.

While we strive to protect your personal data using industry-standard security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, and you acknowledge that you provide information at your own risk. If you have reason to believe that your interaction with us is no longer secure or if you become aware of any security breach, please notify us immediately at [email protected].

10. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant data protection supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Articles 33 and 34.

Our notification will include a description of the nature of the personal data breach including the categories and approximate number of data subjects and personal data records affected, the name and contact details of our data protection contact point, a description of the likely consequences of the breach, and a description of measures taken or proposed to address the breach and mitigate its possible adverse effects.

We maintain an incident response plan to ensure prompt detection, investigation, and remediation of any security incidents affecting personal data.

11. Third-Party Services

Our website and services may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Privacy Policy does not apply to third-party services, and we have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites or services.

We use Stripe as our payment processor. When you make a payment, Stripe collects and processes your payment information according to its own privacy policy available at stripe.com/privacy. Stripe acts as an independent data controller for payment processing activities. We recommend reviewing Stripe's privacy practices before providing payment information.

We may use third-party analytics services to help understand how our website is used. These services may use cookies and similar technologies to collect information about your use of our website and other websites over time. The information collected is typically anonymized or pseudonymized and used solely for statistical analysis.

We are not responsible for how third parties collect, use, or protect your information. Before providing personal information to any third-party service accessed through our website, we strongly encourage you to review their privacy policies and terms of service.

12. Children's Privacy

Our services are not directed to individuals under the age of 18 years, and we do not knowingly collect personal data from children. Our services are designed for business and professional use only.

If you are a parent or legal guardian and believe your child under 18 has provided us with personal data without your consent, please contact us immediately at [email protected]. If we become aware that we have collected personal data from a child under 18 without verified parental consent, we will take immediate steps to delete that information from our servers and cease any further processing.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational factors. When we make material changes that significantly affect how we process your personal data or your rights, we will notify you by updating the "Last Updated" date at the top of this policy and by providing additional notice as appropriate, such as sending an email notification to the address associated with your account or displaying a prominent notice on our website homepage.

For non-material changes, such as clarifications or administrative updates, we will simply update the "Last Updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

Your continued use of our services after changes are posted constitutes your acknowledgment and acceptance of the updated Privacy Policy. If you do not agree with changes to the Privacy Policy, you should discontinue use of our services and may request deletion of your personal data subject to legal retention requirements.

14. Contact Information and Data Controller

If you have questions, concerns, or requests regarding this Privacy Policy, our data processing practices, or if you wish to exercise your data protection rights, please contact us at:

Web Audits
Email: [email protected]
Business Address: Avenida Curro Romero, 17, Roquetas de Mar, 04740, Almeria, Spain.

For the purposes of the General Data Protection Regulation (GDPR), Web Audits is the data controller responsible for your personal data. We are committed to resolving any privacy concerns or questions you may have in a timely and professional manner. We will acknowledge receipt of your inquiry within 2 business days and provide a substantive response within 30 days.

We have not appointed a Data Protection Officer as we do not process personal data on a large scale, do not engage in regular and systematic monitoring, and do not process special categories of data as our core business activity. For all privacy and data protection inquiries, please contact us directly at the email address provided above.

15. Supervisory Authority

If you are located in the European Economic Area (EEA) or United Kingdom, you have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data violates applicable data protection laws, including the GDPR.

You can contact the supervisory authority in your country of residence, your place of work, or the place where the alleged infringement occurred. Each EU member state and the UK has its own supervisory authority. You can find contact details for your local supervisory authority through your national data protection authority website or by searching online for "data protection authority" and your country name.

While you have the right to lodge a complaint with a supervisory authority at any time, we encourage you to contact us first at [email protected] so we can address your concerns directly and attempt to resolve any issues before escalation.

16. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include:

The right to know what personal information we collect, use, disclose, and sell about you, including the categories of personal information, categories of sources, business or commercial purposes, and categories of third parties with whom we share personal information.

The right to request deletion of your personal information that we have collected from you, subject to certain legal exceptions.

The right to correct inaccurate personal information that we maintain about you.

The right to opt out of the sale or sharing of your personal information. We do not sell personal information to third parties and do not share personal information for cross-context behavioral advertising.

The right to limit the use and disclosure of sensitive personal information. We do not process sensitive personal information beyond what is reasonably necessary to provide our services.

The right not to receive discriminatory treatment for exercising your CCPA rights.

To exercise your California privacy rights, please contact us using the information provided in Section 14. We will verify your identity before processing requests, which may require you to provide your email address, name, and relationship to the request. We will respond to verifiable requests within 45 days, though we may extend this period by an additional 45 days if necessary, in which case we will notify you of the extension and the reason.

This Privacy Policy is effective as of the Last Updated date listed above and applies to all personal data processed by Web Audits.