Platform Checks Reports Account Pricing Run Trust Scan →
Legal

Privacy Policy

This Privacy Policy explains how Tesoniq collects, uses, stores, shares, and protects personal data when you visit the website, create an account, submit a domain or URL for scanning, use reports, verify a domain, use monitored-domain features, contact us, purchase a plan, or otherwise interact with the Service.

By accessing or using Tesoniq, you acknowledge that personal data will be handled as described in this Privacy Policy.

Who we are

Tesoniq is currently operated as a website and online service under the Tesoniq name. Tesoniq is not presented as a registered company, and this policy does not list a physical address, phone number, VAT number, or company registration number.

For privacy questions, data subject requests, or data protection concerns, contact [email protected] or use the Privacy Request category on the Contact page.

Our role under data protection laws

Depending on the context, Tesoniq may act as:

  • A data controller when we determine why and how personal data is processed, such as account administration, billing, support, security, abuse prevention, product analytics, legal compliance, public or free scan operation, website operation, and marketing communications.
  • A data processor when we process customer-controlled personal data on behalf of a business customer under an applicable agreement, such as private reports, monitored domains, scheduled scans, or account-based customer workflows.

Where Tesoniq acts as a processor, the Data Processing Addendum may apply.

Personal data we collect

Account and profile data

We may collect name, email address, company or organisation name, role, plan, organisation membership, workspace settings, authentication details, account status, user permissions, and related account metadata.

Scan and report data

We may collect submitted domains, URLs, scan configuration, scan timestamps, scan status, report identifiers, scan results, evidence, screenshots, extracted page text, metadata, scoring outputs, monitored-domain settings, verification status, report history, export activity, and related workflow data.

Website and content data

When a website, page, or URL is submitted, Tesoniq may process public page content, metadata, screenshots, headers, cookies, technical signals, search-readiness signals, trust signals, page text, and other publicly available or submitted content. This content may include personal data appearing on the submitted website.

Technical and usage data

We may collect IP addresses, device data, browser data, operating system data, approximate location derived from technical signals, log data, event data, error data, performance data, security data, abuse-prevention identifiers, cookie identifiers, and usage metrics.

IP addresses used for abuse prevention may be hashed, truncated, or retained where necessary to protect the Service.

Contact and support data

We may collect contact form submissions, support messages, privacy requests, security disclosures, abuse reports, billing inquiries, attachments, screenshots, and related correspondence.

Billing data

Payment processing is handled by third-party payment providers. Tesoniq may receive billing metadata such as plan type, subscription status, payment status, tax details, invoice identifiers, and customer identifiers. Tesoniq does not intentionally store full payment card numbers.

How we collect personal data

We collect personal data when you:

  • Visit the website.
  • Create or use an account.
  • Submit a domain, page, URL, screenshot, or website content.
  • Start, view, export, or share a report.
  • Verify a domain.
  • Use monitored domains or scheduled scans.
  • Contact support, sales, privacy, security, or abuse channels.
  • Purchase, renew, cancel, or change a plan.
  • Interact with service emails or product notifications.

Our systems also generate technical logs for security, reliability, fraud prevention, abuse prevention, and service operation.

Why we use personal data

We use personal data for the following purposes:

| Purpose | Examples | Legal basis where GDPR applies | | --- | --- | --- | | Provide the Service | Run scans, generate reports, manage accounts, enable exports, operate dashboards | Contract performance or legitimate interests | | Operate and secure Tesoniq | Authentication, logging, fraud prevention, rate limits, abuse controls, reliability, incident response | Legitimate interests | | Manage paid plans | Billing metadata, invoices, plan limits, subscription status, tax records | Contract performance and legal obligation | | Support and communications | Support replies, troubleshooting, service messages, privacy requests, security reports | Contract performance, legitimate interests, or legal obligation | | Product improvement | Aggregate analytics, diagnostics, feature usage, error analysis | Legitimate interests or consent where required | | Marketing | Optional product updates, campaigns, or communications | Consent or legitimate interests where permitted | | Legal compliance | Responding to lawful requests, enforcing terms, records, compliance, disputes | Legal obligation or legitimate interests | | Cookies and similar technologies | Session management, preference storage, analytics, security, consent records | Consent for non-essential cookies where required; legitimate interests for strictly necessary cookies |

Where we rely on legitimate interests, our interests include providing, securing, improving, enforcing, and protecting Tesoniq, users, customers, and third parties.

Customer responsibility for submitted websites and third-party data

If you submit a domain, URL, page, screenshot, report request, or website content containing personal data about website visitors, staff, customers, authors, contractors, or other third parties, you are responsible for ensuring that you have the authority, lawful basis, notices, permissions, and rights required to submit that material to Tesoniq.

Tesoniq does not control the content of websites submitted by users and is not responsible for a user's failure to obtain required authorisation, notice, consent, or legal basis.

AI and automated analysis

Some Tesoniq features may use automated analysis, artificial intelligence assisted classification, screenshot processing, page text extraction, similarity analysis, content-quality diagnostics, trust scoring, or third-party analysis providers.

Depending on your plan and settings, this may involve processing public page screenshots, extracted page text, website metadata, technical scan results, report evidence, and scoring outputs.

Unless expressly stated otherwise in an order form, product setting, or provider notice, Tesoniq does not permit third-party artificial intelligence providers to use Customer Content submitted through Tesoniq to train their foundation models.

You should not submit sensitive, confidential, private, or regulated information for artificial intelligence assisted analysis unless you have a lawful basis, proper authorisation, and appropriate safeguards.

Public and private reports

Tesoniq may offer public and private report modes.

  • Public or free reports may be accessible through a report link, served from cache, reused for the same domain, marked as unverified or limited, or visible to others where disclosed in the product flow.
  • Private reports are intended for authorised account or organisation users, subject to plan limits, access controls, and product configuration.

The product flow should indicate whether a report is public or private before submission. You are responsible for choosing the appropriate report mode and sharing report links responsibly.

Domain verification

Certain features may require domain verification, including monitored domains, scheduled scans, private domain workspaces, history, or exports. Verification methods may include DNS TXT records, hosted files, meta tags, or similar methods.

Domain verification helps reduce unauthorised monitoring but does not guarantee legal ownership or resolve all ownership disputes. Tesoniq may suspend, revoke, or re-check verification if needed for security, abuse prevention, legal compliance, or ownership concerns.

Cookies and similar technologies

Tesoniq uses cookies and similar technologies to keep the Service secure, maintain sessions, remember preferences, store consent choices, prevent abuse, measure performance, support billing, and improve the product.

Where required by law, non-essential cookies are used only after valid consent. See the Cookie Policy for details.

Sharing personal data

We may share personal data with:

  • Hosting, infrastructure, and content delivery providers.
  • Database, storage, and backup providers.
  • Authentication and email providers.
  • Payment and billing providers.
  • Analytics, error monitoring, and performance providers.
  • Artificial intelligence, page analysis, screenshot, search, or content-analysis providers where features require them.
  • Security, fraud, abuse-prevention, and rate-limiting providers.
  • Customer support and communication providers.
  • Professional advisers, auditors, insurers, accountants, and legal advisers.
  • Authorities, courts, regulators, or third parties where legally required or reasonably necessary to protect rights, safety, security, users, third parties, or the Service.
  • Business successors in connection with a merger, acquisition, financing, reorganisation, sale of assets, or similar transaction.

We do not sell personal data to third parties for their own marketing.

Subprocessors and providers

Tesoniq may use subprocessors and service providers to operate the Service. A current subprocessor list may be made available through the legal hub, customer account area, order form, or on request.

Subprocessor details may include provider name, purpose, location, and processing role where practical.

International transfers

Personal data may be processed in countries other than your country of residence. Where personal data is transferred outside the European Economic Area, United Kingdom, Switzerland, or another protected jurisdiction, Tesoniq will use appropriate safeguards where required, such as adequacy decisions, Standard Contractual Clauses, transfer impact assessments, or equivalent lawful mechanisms.

You may request information about applicable transfer safeguards by contacting [email protected].

Retention

We keep personal data only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

| Data category | Typical retention | | --- | --- | | Account data | While the account is active, then deleted or anonymised within a reasonable period after closure unless retention is required | | Free or public reports | Usually limited retention or cache-based retention, subject to product settings, abuse controls, and legal needs | | Private reports | According to plan, account settings, customer request, or agreement terms | | Scan and job logs | As needed for operations, reliability, abuse prevention, security, and troubleshooting | | Abuse-prevention records | As needed to protect the Service, investigate misuse, enforce terms, and prevent repeat abuse | | Contact and support data | As needed for support, business records, legal compliance, and dispute handling | | Billing metadata | As required for accounting, tax, audit, fraud prevention, and legal obligations | | Security logs | As needed for security monitoring, incident response, and legal obligations | | Backups | Retained for limited backup cycles and then overwritten or deleted according to backup procedures |

Retention may be extended where necessary for security, abuse prevention, legal claims, dispute resolution, regulatory compliance, accounting, tax, or law enforcement requests.

Your privacy rights

Depending on your location and applicable law, you may have rights to:

  • Access personal data we hold about you.
  • Correct inaccurate personal data.
  • Delete personal data.
  • Restrict processing.
  • Object to processing based on legitimate interests or direct marketing.
  • Receive data in a portable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a data protection supervisory authority.

To exercise rights, contact [email protected] or use the Privacy Request category on the Contact page. We may need to verify your identity before fulfilling certain requests.

Some rights may be limited where data is needed for legal obligations, security, abuse prevention, dispute handling, billing records, freedom of expression, or the rights of others.

Security

Tesoniq uses appropriate technical and organisational measures designed to protect personal data, including access controls, authentication, encryption in transit, audit logging, least-privilege practices, monitoring, backup procedures, and vulnerability management.

No online service can guarantee absolute security. You are responsible for maintaining account security, managing authorised users, using strong authentication, and limiting access to reports and exports.

Children

Tesoniq is intended for business and professional use. It is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to Tesoniq, contact [email protected] so we can review and take appropriate action.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify users, such as posting a notice, updating the legal hub, sending an email, or presenting an in-product notice.

Continued use of Tesoniq after an updated Privacy Policy becomes effective means the updated policy applies to your use from that point forward.

Contact

For privacy questions, rights requests, or data protection concerns, contact [email protected] or use the Privacy Request category on the Contact page.

We aim to respond to most inquiries within 3 business days. Rights requests will be handled within the timelines required by applicable law.