Skorra.

Privacy Policy

Last updated: 3 March 2025

This Privacy Policy explains how Skorra ("we", "us", "our") collects, uses, and protects your personal data when you use our website analysis service at skorra.app ("Service"). We are committed to compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Skorra is the data controller for the personal data processed through the Service. You can reach us via our contact page or at hello@skorra.app.

2. Data We Collect

2.1 Data you provide

  • Email address — when you create an account via magic link or use the contact form.
  • Name — when you submit a contact message.
  • URLs you submit — the website addresses you ask us to scan.
  • Contact messages — the content of messages sent through our contact form.

2.2 Data collected automatically

  • IP address — logged when you initiate a scan or submit a contact form, used for rate limiting and abuse prevention.
  • Basic request metadata — HTTP headers such as user-agent, collected by our hosting infrastructure (Vercel).

2.3 Data we do not collect

We do not use cookies for tracking or advertising. We do not collect payment information (the Service is currently free). We do not use analytics trackers such as Google Analytics.

3. How We Use Your Data

  • Providing the Service — scanning websites, generating scores, storing scan history for your account.
  • Account management — authenticating you via magic link, associating scans with your projects.
  • Abuse prevention — rate limiting by IP address.
  • Communication — responding to contact form messages.

4. Legal Bases (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)) — processing necessary to provide the Service you requested (scanning, account management).
  • Legitimate interest (Art. 6(1)(f)) — rate limiting and abuse prevention to protect the Service and its users.
  • Consent (Art. 6(1)(a)) — where you voluntarily submit data via the contact form.

5. Third-Party Processors

We share data with the following third-party services, all of which act as data processors on our behalf or provide independent services:

  • Supabase (EU/US) — database hosting and authentication. Stores your email, scan data, and contact messages.
  • Vercel (US) — application hosting. Processes HTTP requests including IP addresses.
  • Google PageSpeed Insights API (US) — receives URLs you submit to generate performance and accessibility data.
  • Firecrawl (US) — receives URLs to crawl and extract page content for analysis.
  • Google Gemini AI (US) — receives anonymised page content (not your personal data) to generate scores and recommendations.

Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses or adequacy decisions as appropriate.

6. Data Retention

  • Scan data — retained for as long as your account exists. Anonymous (non-authenticated) scans are retained for 12 months, then deleted.
  • Account data — retained until you request deletion.
  • Contact messages — retained for up to 24 months after the inquiry is resolved, then deleted.
  • IP addresses — retained for up to 90 days for abuse prevention, then anonymised or deleted.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — request that we limit processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at hello@skorra.app. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, and secure infrastructure provided by Supabase and Vercel.

9. Children

The Service is not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

12. Contact

For privacy-related inquiries, reach out via our contact page or email hello@skorra.app.