Privacy Policy
Last updated: May 2026 — Plain language, no legal jargon.
Data Controller (Art. 13 GDPR)
The data controller for this service is the Cyberscan Project. For any privacy-related request — including access, rectification, erasure, or objection — contact us at: privacy@cyberscan.app.
Password Checker & Generator
All analysis and generation runs entirely in your browser using JavaScript. Your passwords are never transmitted to any server. You can disconnect from the internet and both tools work identically. Legal basis: the processing does not occur — no personal data is transferred.
Hash Generator & QR Reader
Hashing runs locally via the Web Crypto API. No text, file, or hash is ever sent anywhere. The QR Reader sends the decoded URL (not your camera feed or device data) to the URL Scanner described below.
Email Breach Check
Your email address is forwarded to the XposedOrNot public API to check against known breach databases. Cyberscan acts as a proxy: the address is relayed and discarded immediately. We do not log, store, or associate your email with any identifier. Legal basis: legitimate interest in providing the requested service (Art. 6(1)(f) GDPR).
URL Scanner
The URL you submit is forwarded to the VirusTotal API (Google LLC) for threat analysis. Cyberscan proxies the request without logging the URL or linking it to your identity. Legal basis: legitimate interest in providing the requested service (Art. 6(1)(f) GDPR).
What we do not collect
- No cookies of any kind (see our Cookie Policy)
- No analytics scripts or user tracking
- No IP address logging by Cyberscan
- No user accounts or registration data
- No advertising or third-party marketing scripts
- No profiling or automated decision-making
Infrastructure & Hosting
Cyberscan is served via Cloudflare Pages (Cloudflare, Inc., a US-based company). Cloudflare may retain standard server logs (IP addresses, request timestamps) as part of normal CDN operations. This processing is governed by Cloudflare's own privacy policy. Data transfer outside the EU/EEA is covered by Standard Contractual Clauses.
Your Rights (GDPR Art. 15–22)
As a data subject in the EU/EEA you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. Since Cyberscan does not retain any personal data, there is typically nothing to act upon. If you believe data has been processed, contact us at privacy@cyberscan.app and we will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority (in Italy: Garante per la protezione dei dati personali).
Changes to this Policy
We will update this page whenever the data processing practices change — for example, when analytics or monetisation features are introduced. The "Last updated" date at the top will reflect any revision.