Privacy Policy
We keep the bare minimum we need to run the tools. We don't sell data. We don't run third-party trackers. Here's the detail.
The short version
- We don't sell or rent your personal data to anyone.
- We use Google Analytics with IP anonymisation for aggregate traffic stats — no ad trackers, no fingerprinting, no cross-site profiling.
- Scan results are cached publicly — treat anything you scan as "might end up in a public URL report".
- If you sign in, we use the MalwareTips forum identity via XenForo SSO.
- You can ask us to delete your account and comments at any time.
What we collect
When you scan a URL (no account needed)
We store the submitted URL, the hostname, the verdict we produced, and every signal that fed into that verdict (antivirus results, SSL data, WHOIS, page screenshot, AI summary, etc.). Scan results are cached in our database for performance and to build the public URL report index. Reports are public by default — if you'd prefer a scan to stay private, don't run it through a public tool.
We also log request metadata needed to prevent abuse: your IP address (hashed for rate limiting), user agent, and timestamp. This is kept short-term and is not linked to any account identifier.
When you create an account
Accounts are provided by the MalwareTips forum (XenForo). When you sign in, we receive your forum username, user ID, avatar URL, and staff role. We do not receive your forum password. Your email address is only shared with us if you explicitly provide it in a feedback form.
When you leave a comment or rating
Comments, ratings, and tags you leave on scan reports are public and associated with your forum username. Guests can also post comments, which are moderated. Edits and deletions are tracked for moderation purposes.
Analytics
We use Google Analytics 4 to understand which tools people use and where traffic comes from. We enable IP anonymisation so Google never receives your full IP, we don't link analytics to your forum account, and we don't use remarketing, advertising features, or cross-site audiences. If you'd rather not be counted, any standard tracker-blocker (uBlock Origin, Brave Shields, Firefox ETP strict, Do Not Track) will opt you out with no loss of functionality.
What we don't collect
- We don't embed Meta Pixel, Hotjar, TikTok Pixel, or any advertising / remarketing tracker.
- We don't read data from other tabs, your browser history, or your clipboard.
- We don't profile you based on the sites you scan.
- We don't send marketing emails (we don't collect emails in the first place).
Cookies and local storage
We use a small number of first-party cookies: a session cookie when you're signed in, a CSRF token, a rate-limit cookie, and an optional UI-preference cookie. We do not use tracking cookies and there's no cookie banner because we don't set anything that requires consent under GDPR / CCPA.
Your rights
You can ask us to:
- Export the data associated with your account
- Delete your account and associated comments
- Hide or remove a specific scan report (if it references your business and the verdict is wrong)
Contact the staff via the MalwareTips forum to exercise any of these rights.
Changes to this policy
If we make substantive changes we'll update the date at the top of this page and announce it on the forum. Continued use of the tools after changes means you accept the updated policy.
Contact
Questions about this policy? Reach out via the MalwareTips forum.