Privacy Policy

Last updated: 15 April 2026

This is the short version of our privacy policy. We tried to write it the way we'd write anything else on this site: in plain English, with no hidden corners.

Who we are

GradeMyWeb is operated from Israel as an early-stage project. It is not currently incorporated as a separate legal entity. If you need to reach a human about anything in this policy, email [email protected]. That goes to a real person.

What we collect when you use the scanner

When you enter a domain and run a scan, our infrastructure sees:

• The domain you entered.
• Your IP address (logged by Cloudflare, our hosting provider, for abuse prevention).
• Your browser type, inferred from request headers.
• The time you ran the scan.

We use this only to deliver the report and to detect abuse (rate limiting). We do not build a profile of you. We do not link your scans together across sessions.

What we do not collect

• We do not ask for your name, email, or account details to run a free scan.
• We have no login system.
• We do not use tracking pixels, advertising networks, or session-replay tools.
• We do not sell, rent, or share data with third parties for marketing purposes.

Cookies and analytics

This site does not currently use analytics, tracking pixels, or non-essential cookies.

If we add analytics in the future, we will ask for your consent first via a banner. Nothing will load without your active opt-in.

Cloudflare may set a single technical cookie (__cf_bm) for bot detection. This is required for the site to work and contains no personal information.

What happens to scan data

When you scan a domain:

• We make HTTP requests to publicly available URLs on that domain (homepage, sitemap, robots.txt, llms.txt, the publicly listed legal pages).
• We perform DNS queries (SPF, DKIM, DMARC, MX records).
• We do NOT log into the site, scrape protected content, or access anything that is not public.
• The scan output is shown to you in your browser.
• We may retain the anonymous scan result (domain plus grade plus findings, with no requester identity attached) for up to 90 days to improve the product. Aggregate statistics may be retained indefinitely (for example: "15% of scanned sites have no DMARC record").

Third parties

We use the following providers to run this service:

• Cloudflare (hosting, CDN, DDoS protection) sees your IP and HTTP requests. Privacy policy: cloudflare.com/privacypolicy
• Public DNS resolvers (Google DNS, Cloudflare DNS) for the lookups we run on the domains you scan.

If you contact us by email, your message and email address will be visible to whichever email provider we use to receive it.

We do not currently use any analytics, advertising, or marketing platforms.

Your rights

If you are in the EU, EEA, UK, or Switzerland, GDPR / UK GDPR / Swiss FADP gives you the right to:

• Ask what we have on you (we likely have nothing personally identifying: no account, no cookies).
• Ask us to delete it.
• Object to processing.
• Lodge a complaint with your local data protection authority.

If you are in California, CCPA and CPRA give you similar rights to access, delete, and opt out of "sale" (we do not sell data, so there is nothing to opt out of).

To exercise any of these rights, email [email protected]. We aim to respond within 30 days.

Children

GradeMyWeb is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has used the service, contact us and we will delete any associated data.

Changes to this policy

If we change anything material, we will update the "Last updated" date at the top and, if the change is significant, post a notice on the site for 30 days.

Contact

Questions about privacy: [email protected]