What we store

When you run a scan, we store the following data in a private database on our South Africa-hosted server:

  • The URL you submitted - needed to display your report.
  • Your IP address - used solely for rate limiting (1 free scan per IP per day).
  • Your email address - only if you voluntarily provided one, used to send you a link to your report.
  • Scan results - the technical findings produced by scanning the URL you submitted.
  • Scan timestamp - when the scan was run.

What we do not store

  • We do not store passwords, CMS credentials, or any login details.
  • We do not track you across other websites.
  • We do not sell or share your data with third parties.
  • We do not use cookies beyond a short-lived session cookie for form security (CSRF protection).

How long we keep it

Scan records (URL, IP, email, results) are retained for 30 days from the date of the scan, after which they are deleted automatically.

Who can see your report

Each scan produces a report accessible only via a unique link containing a random token. Without that token, the report cannot be accessed. Do not share your report link with people you do not want to see the results.

Your rights (POPIA)

Under the Protection of Personal Information Act (POPIA) you have the right to request access to, correction of, or deletion of your personal information. To request deletion before the 30-day automatic purge, email us at hello@nel404labs.co.za with the subject line "Data deletion request" and include the URL or IP address associated with your scan.

Hosting

All data is stored on a server hosted in South Africa. No data is transferred outside South Africa.

Contact

Questions or concerns: hello@nel404labs.co.za