Weblyzo

Privacy Policy

Updated: April 9, 2026

1. Data Controller

The data controller of the Weblyzo service is Weblyzo ("we", "us", "the service"). For contact details, see section 11.

2. What Weblyzo Does

Weblyzo is a website scanning and monitoring service. We scan your website from the outside — the same way a regular visitor experiences it — and generate reports about speed, SEO, security, and accessibility. We do not install tracking code on your website and we never collect data from your visitors.

3. Data We Collect

3.1 Account Data

  • Email address (for authentication and notifications)
  • Name (if provided)
  • Billing information (processed by Stripe — we never store card details)

3.2 Website Scan Data

  • Publicly accessible information from your website (HTML, headers, response times)
  • AI-generated analysis reports (speed, SEO, security, accessibility findings)
  • Competitor comparison data (public website scores)
  • Backlink profile data (from public sources)

3.3 Data We Do NOT Collect

  • Data from your website visitors — we never track, collect, or store visitor data
  • IP addresses of your visitors
  • Cookies on your visitors' browsers
  • Any personal information about the people who visit your website

4. Purpose of Data Processing

We process data for the following purposes:

  • Providing website scan reports and monitoring alerts
  • Sending weekly email reports and notifications
  • Generating AI-powered analysis and recommendations
  • Competitor comparison and benchmarking
  • Billing and subscription management

5. Legal Basis for Processing

The legal basis for processing account and scan data is the performance of a contract (GDPR Article 6(1)(b)) — we process your data to provide the service you signed up for. For marketing communications, the legal basis is consent (GDPR Article 6(1)(a)), which can be withdrawn at any time.

6. Data Retention

  • Scan reports: retained according to your subscription tier (4 weeks to 12 months)
  • Account data: retained while your account is active
  • Shared report links: expire after 30 days
  • After account deletion: all data is permanently deleted within 30 days

7. Data Sharing

We do not sell or share your data with third parties for their own purposes. Data may only be shared:

  • With sub-processors required to operate the service (see our Sub-processors page)
  • Through shared report links you create (report data only)

All data is stored on Google Cloud servers in europe-west1 (Belgium, EU). See our Data Processing Agreement for details.

8. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of the data we hold about you
  • Rectification: Correct inaccurate data
  • Deletion: Request deletion of your data and account
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data
  • Withdraw consent: Withdraw consent for marketing communications at any time

To exercise any of these rights, contact us at privacy@weblyzo.com.

9. Security

  • All data transmission is encrypted with TLS 1.2+
  • Data at rest is encrypted with AES-256 via Google Cloud
  • Firebase Authentication with token-based access control
  • Role-based access control and Firestore security rules
  • Rate limiting on all API endpoints
  • SSRF protection on URL-based analysis endpoints

10. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated by email and through the service. The date of the latest version is always noted at the top of this document.

11. Contact

For privacy-related questions, contact us at privacy@weblyzo.com.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) at tietosuoja.fi.