Security
ComplianceRadar takes the security of your data seriously. This page summarises how we protect data in transit and at rest, and how we handle the content we process during scans.
Encryption in transit
All access to ComplianceRadar is over HTTPS (TLS). Data exchanged between your browser and our servers, and between our servers and third-party services (e.g. Stripe, Google Gemini API), is encrypted in transit. We use industry-standard TLS configurations and do not serve the application over plain HTTP.
Encryption at rest
Data stored by ComplianceRadar is held in a PostgreSQL database. Database storage is encrypted at rest by our hosting and database provider. Access to the database is restricted to the application and authorised operations only, with appropriate access controls and monitoring.
Scraped content and retention
When we scan a URL you provide, we fetch and process the page content (including HTML and text) to generate the compliance report. We do not permanently store the raw scraped HTML or full page content of target websites. Only the extracted text necessary for analysis is sent to our AI analysis provider (Google Gemini API) for the duration of the request. The structured report (risk level, findings, recommendations, etc.) is stored so we can display and deliver your report; the original HTML and full page content are not retained after analysis.
Authentication and access control
User authentication is handled via NextAuth with support for OAuth (e.g. Google) and credentials. Passwords for credential-based accounts are hashed using industry-standard methods. Session and API access are controlled so that users can only access their own scans and account data.
Sub-processors and compliance
We use a limited set of sub-processors (e.g. Stripe, Google Gemini, Vercel) for payments, AI analysis, and hosting. We select providers with strong security and compliance practices and, where required, put in place data processing agreements. For more detail on how we use and protect your personal data, see our Privacy Policy.
Reporting security issues
If you believe you have found a security vulnerability in ComplianceRadar, please contact us responsibly. We will acknowledge and work to address verified issues in a timely manner.