Plain-English privacy for a security scanner.

When you use GetLeaked, you may submit a public URL and related scan inputs. The scanner may produce findings, evidence snippets, severity labels, and remediation notes. We treat those inputs and results as scan data, even when the original URL is already public.

We may also collect basic service logs needed to operate the product: request time, route, status code, error state, and abuse-prevention signals. These logs help us debug failed scans, prevent misuse, and keep the service usable. We do not need personal profile data to run the free scan path, and we avoid collecting it when it is not necessary.

If you contact us by email, we receive the email address and message content you send. If you request deletion, we may keep a minimal record that the request was handled so we do not accidentally re-import the same scan data later.

We use scan inputs and scan results to run the requested scan, return the report, troubleshoot product failures, and improve the reliability of the scanner rules. The practical goal is narrow: find security mistakes, explain them clearly, and help the builder fix the issue.

We do not sell scan data. We do not transfer scan data to third parties for marketing, resale, lead generation, or enrichment. We do not use your submitted URLs, repo references, or scan results to train machine-learning models. If we discuss product learnings publicly, we will use anonymized patterns and remove identifying details unless we have explicit permission.

Scan inputs — including URLs, repo references, and scan results — are stored for 30 days and then purged. That window gives us enough time to debug broken scans, detect repeated abuse, and answer support questions without turning GetLeaked into a long-term archive of someone else's security posture. Paid scan results (Deep Scan) receive the same 30-day protection — purchasing a scan does not reduce your privacy rights.

You can request deletion before the 30-day purge window by emailing contact@getleaked.sh. Include the URL or repo reference you submitted and enough context for us to locate the relevant scan. Do not email secrets, private keys, access tokens, seed phrases, or credentials. If a finding revealed a secret, rotate that secret with the provider first; deletion of a report does not revoke a leaked key.

Backups and logs may take a short additional period to age out, but the active product record is removed when the deletion request is processed. If we cannot verify what to delete from the information provided, we will ask for a narrower identifier instead of guessing.

GetLeaked uses only essential cookies or browser storage needed for the product to work. We do not use external advertising trackers, retargeting pixels, or cross-site tracking cookies on the scanner pages. If analytics are added later, this policy will name the tool and explain what is collected before we rely on it for product decisions.

The current privacy stance is intentionally minimal: run the scan, return the report, retain the minimum needed for operations, and purge scan data after 30 days. We would rather earn trust by saying less and keeping the data surface small than by writing broad legal permissions we do not need.

We do not share scan data with third parties except when required to operate infrastructure, comply with valid legal obligations, prevent abuse, or protect the service and its users. Any infrastructure provider access should be limited to the operational role they perform, not a separate right to reuse scan data.

If we receive a legal request for scan data, we will review it and respond according to applicable law. Where legally allowed and practical, we will try to notify the affected user before disclosure. We will not voluntarily publish a user's scan report, findings, or submitted target without permission.

For privacy questions, deletion requests, or corrections, contact contact@getleaked.sh.

This policy may change as the product evolves. If the handling of scan data materially changes, the policy will be updated before the product behavior changes.