Privacy policy

Seviranta is fundamentally built with privacy as its starting point (Privacy by Design & by Default). Our philosophy is simple: the free scan is fully stateless. We don't store your scan results, don't link anything to your identity, and never process more data than strictly necessary to make the software work.

Seviranta is a trade name of 1Star BV, established at Zonnehorst 5, 7207 BT Zutphen, Netherlands (Chamber of Commerce 65195876, VAT number NL856015477B02). 1Star BV is the controller for the data processing described in this policy. For all privacy-related questions you can contact us directly at info@seviranta.com.

In short

• Minimal processing: We only process the URL you enter (temporarily, to analyse the code) and the minimal technical server logs necessary for the security of the platform.
• No data tracking: We make absolutely no use of tracking or marketing cookies, ad trackers, browser fingerprinting or cross-site tracking.
• No profiling: We never sell, rent, trade or analyse your data for commercial profiling.
• Full GDPR rights: You retain all legal rights (access, rectification, erasure) and can lodge a complaint with the supervisory authority at any time.

1. What we process during the free scan

• The URL you enter: We use this URL only briefly to fetch the HTML source code of the page in question and test it automatically against the WCAG criteria. This result is destroyed immediately after your session and never linked to you or stored.
• Technical server logs: To protect the platform against cyberattacks (such as DDoS attacks) and abuse, our hosting partners temporarily store standard technical data (such as your IP address, browser type and the time of the request).
• Page content: The content of the scanned website is only analysed in real time by our scan engine. We don't permanently store any texts, images or database elements of the target site.

2. What we process for a paid account

If you take out a subscription for our continuous monitoring (the Paid service), we only process the data necessary to perform the agreement and for legal billing:

• Account details: Your email address, company name and a cryptographically encrypted (hashed) password.
• Billing details: Your invoice address, VAT number and payment method. This data is processed directly by our certified payment provider; Seviranta itself never has access to your full credit card or bank account numbers.
• Subscription and monitoring data: Your chosen plan, the specific website URLs you have monitored, and the historical Reports and Dossiers we store in your management environment for your compliance documentation.

3. Processors and international transfers (sub-processors)

To deliver the Service we engage specialised sub-processors, bound by data processing agreements (DPAs) to equivalent obligations. We select our partners primarily for European data storage. These include, among others:

• an EU-hosted database, authentication and storage partner;
• EU-hosted scan and monitoring infrastructure;
• static website hosting (without storage of personal data);
• a certified payment provider (billing);
• a provider for transactional email;
• an infrastructure and security partner (DNS, email routing).

A current list of the specific sub-processors is available to customers on request.

Safeguard for international transfers: Insofar as a sub-processor processes personal data outside the European Economic Area, this is only permitted under strict GDPR safeguards, such as the EU-U.S. Data Privacy Framework and/or the EU standard contractual clauses (SCCs) of the European Commission.

4. Cookies and tracking

Seviranta makes no use of tracking, marketing or advertising cookies. We don't place third-party scripts that follow your browsing behaviour across the internet. Should we introduce functional or anonymous analytical cookies in the future to improve the app experience, we'll update this policy immediately and inform you proactively via a transparent cookie notice.

5. Retention periods

• Free scan: retention period is 0 seconds. The data is destroyed immediately after rendering in the browser.
• Paid account: we retain your account and Dossier data as long as your subscription is active. After termination of the agreement, this data is permanently erased from our servers within a reasonable period, except for the invoice documentation we are legally required to keep for 7 years for the tax authorities.
• Technical server logs: technical logs of IP addresses on our servers are automatically anonymised or destroyed after a maximum of 30 days.

6. Data security

We take advanced technical and organisational measures to protect your data against loss or unlawful processing. All data exchange between your browser, our servers and our sub-processors runs via a heavily encrypted TLS/SSL connection. Should a data breach affecting your personal data nonetheless occur despite our security, we will inform you and the supervisory authority immediately, within the statutory 72-hour limit.

7. Your legal rights

Under the GDPR you have the right of access, rectification, restriction, objection and full erasure (the right to be forgotten) of your personal data. Since the free scan is fully stateless and stores no personal data, in practice there is nothing there to access or erase. For paid accounts you can exercise these rights directly via your dashboard or by sending a request to info@seviranta.com.

If you believe we are infringing your privacy rights, you have the legal right to lodge a complaint with the supervisory authority (in the Netherlands: the Autoriteit Persoonsgegevens).

8. Changes

Seviranta reserves the right to amend this privacy policy when changes in legislation or our tech stack require it. The current version is always viewable live on this page.