Privacy Policy
This policy explains what Auditra collects when you run an audit, how that data is used, and your rights.
1. Who we are
Auditra (“we”, “us”) is a website auditing tool operated by Squishy Little Websites. You can reach us at hello@squishylittlewebsites.com.
2. What we collect
Auditra is designed to collect as little personal data as possible. The data we process falls into three categories:
Audit input
The URL you submit, plus the regions you select for compliance checks. Optionally, an email address if you ask us to email you a copy of the PDF report.
Audit results
A copy of the report (findings, scores, screenshots, and raw API responses from third-party scanners) may be archived so we can debug issues and improve the tool. Reports are keyed to the audited URL and timestamp, not to you personally, unless you supplied an email.
Site analytics
We use Microsoft Clarity to understand how people use the Auditra interface (clicks, scrolls, session replays with input masked). Clarity does not receive the URL you audit or the contents of your report.
3. What we do not collect
- We do not store credentials, tokens, cookies, or session data from the websites you audit.
- We do not scan or interact with anything behind a login.
- We do not build advertising profiles or sell any data to third parties.
4. How we use your data
- Run the audit you asked for and return results in your browser.
- Deliver the PDF by email (only if you provided an email address).
- Improve accuracy by diagnosing failed audits and refining our detection rules.
- Comply with law and respond to valid legal requests.
5. Third-party services
Auditra queries public APIs to produce a complete picture of the audited site. These providers receive the target URL (and sometimes your IP) when their endpoint is called:
- Google PageSpeed Insights (Core Web Vitals)
- Qualys SSL Labs (TLS grading)
- crt.sh (certificate transparency lookups)
- Shodan InternetDB (exposure data)
- WordPress mShots & thum.io (homepage screenshots)
- W3C HTML Validator
- Wayback Machine (historical snapshots)
- Resend (transactional email delivery — only when you request an emailed report)
- Supabase (encrypted archival of reports)
- Vercel (hosting & CDN)
- Microsoft Clarity (product analytics on the Auditra interface)
Each provider has its own privacy policy. We do not send them any data beyond what their API requires.
6. Data retention
- Audit inputs and results are retained for up to 90 days, then deleted or anonymised.
- Emails submitted for report delivery are retained only as long as needed to send the PDF, then purged within 30 days.
- Clarity session recordings are retained per Microsoft’s defaults (up to 13 months).
7. Your rights
Depending on where you live (GDPR, POPIA, CCPA, and similar laws), you have the right to:
- Access the personal data we hold about you.
- Request correction or deletion.
- Object to or restrict processing.
- Withdraw consent at any time.
- Lodge a complaint with your local data-protection authority.
To exercise any of these rights, email hello@squishylittlewebsites.com with the URL you audited and, if relevant, the email address you used.
8. Security
Auditra is served over HTTPS with modern security headers (HSTS, CSP, strict Referrer-Policy, frame-ancestors DENY, restrictive Permissions-Policy). Server-side requests are routed through a proxy with SSRF protection so internal networks cannot be reached via the tool.
9. Cookies
Auditra itself does not set tracking cookies. Microsoft Clarity may set a first-party cookie for session continuity; you can block it in your browser settings without affecting audit functionality.
10. Children
Auditra is not directed at children under 16 and we do not knowingly collect their data.
11. Changes to this policy
If we make material changes we will update the “Last updated” date above and, where practical, post a notice on the Auditra interface.
12. Contact
Questions, deletion requests, or compliance enquiries: hello@squishylittlewebsites.com.