Skip to main content

Privacy Policy

Effective Date: 2026-04-01 Last Updated: 2026-05-27

SurfaceAudit, operated by Ignite Solutions, LLC (“SurfaceAudit,” “we,” “us,” or “our”), respects your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use our website, application, security-audit platform, reports, alerts, and related services collectively, the “Services”.

This Privacy Policy is intended to apply to users in the United States and the United Kingdom. Depending on where you live, you may have additional privacy rights described below.

1. Information We Collect

We collect only the information reasonably necessary to provide, operate, secure, and improve the Services.

Information you provide to us

We may collect:

  • Name
  • Email address
  • Account login information
  • Company or organization name, if provided
  • Billing and subscription information
  • Support messages or other communications you send to us
  • Website URLs, domains, or other public-facing sites you submit for scanning
  • Information contained in scan reports, findings, exported reports, alerts, or account settings

Payment information

If you purchase a paid plan or subscription, you may be asked to provide payment-card information. We use Authorize.net to process payments.

We do not store full credit-card numbers, card verification codes, or complete payment-card details on our local systems. Payment information is processed by Authorize.net and is subject to Authorize.net’s own privacy and security practices.

We may receive limited payment-related information from Authorize.net, such as transaction status, last four digits of a card, card brand, billing contact details, transaction identifiers, subscription status, and payment confirmation details.

Information collected automatically

When you use the Services, we may automatically collect technical and usage information, including:

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Pages or features viewed
  • Referring pages
  • Date and time of access
  • Log data
  • Error reports
  • Security and fraud-prevention data
  • General usage analytics

Cookies and similar technologies

We may use cookies, local storage, pixels, or similar technologies to:

  • Keep you signed in
  • Remember preferences
  • Operate and secure the Services
  • Understand usage and improve performance
  • Detect abuse, fraud, or unauthorized access

You can usually control cookies through your browser settings. Some features may not work properly if cookies are disabled.

2. How We Use Information

We use personal information for the following purposes:

  • To create and manage user accounts
  • To provide website security scans and reports
  • To generate scan findings, grades, remediation guidance, exports, alerts, and notifications
  • To process payments and manage subscriptions
  • To provide customer support
  • To send service-related messages, such as account notices, scan alerts, billing notices, and security updates
  • To send product or marketing communications, where permitted by law
  • To monitor, maintain, troubleshoot, and improve the Services
  • To detect, prevent, and respond to fraud, abuse, security incidents, and unauthorized activity
  • To comply with legal obligations
  • To enforce our terms and protect our legal rights

3. Legal Bases for UK Users

If you are located in the United Kingdom, we process your personal data under one or more of the following legal bases:

Purpose Legal Basis
Creating and managing your account Performance of a contract
Providing scans, reports, alerts, and other Services Performance of a contract
Processing payments and subscriptions Performance of a contract; legitimate interests; legal obligations
Responding to support requests Performance of a contract; legitimate interests
Sending service-related notices Performance of a contract; legitimate interests
Improving, securing, and troubleshooting the Services Legitimate interests
Preventing fraud, abuse, or unauthorized access Legitimate interests; legal obligations
Sending marketing communications Consent, where required; otherwise legitimate interests where permitted
Complying with laws, accounting, tax, and regulatory obligations Legal obligations

Where we rely on legitimate interests, those interests include operating a secure SaaS platform, protecting users and our systems, improving our Services, communicating with customers, and preventing misuse.

4. How We Share Information

We do not sell personal information.

We do not share personal information with third parties for their own marketing purposes.

We may disclose personal information only in the following limited circumstances:

Service providers

We may share information with trusted vendors who help us operate the Services, such as:

  • Payment processors, including Authorize.net
  • Hosting and infrastructure providers
  • Email delivery providers
  • Analytics and logging providers
  • Customer support tools
  • Security, monitoring, and fraud-prevention providers

These providers may access personal information only as needed to perform services for us and are expected to protect it appropriately.

Legal and safety reasons

We may disclose information if we believe it is reasonably necessary to:

  • Comply with law, regulation, legal process, or governmental request
  • Enforce our terms or agreements
  • Protect the rights, property, or safety of SurfaceAudit, our users, or others
  • Detect, prevent, or respond to fraud, abuse, security incidents, or technical issues

Business transfers

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, personal information may be transferred as part of that transaction.

5. No Sale or Sharing of Personal Information

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising or targeted advertising as those terms may be defined under applicable U.S. privacy laws.

We do not knowingly sell or share the personal information of minors.

6. Data Retention

We keep personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain business records, comply with legal obligations, resolve disputes, and enforce agreements.

Typical retention periods include:

  • Account information: retained while your account is active and for a reasonable period afterward.
  • Billing and transaction records: retained as needed for accounting, tax, fraud-prevention, and legal compliance.
  • Scan data and reports: retained while your account is active or as configured in the Services, unless deleted earlier.
  • Support communications: retained as needed to provide support and maintain business records.
  • Security logs: retained for a limited period unless needed to investigate abuse, fraud, or security incidents.

You may request deletion of your account or personal information by contacting us using the details below. We may retain certain information where required or permitted by law.

7. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect personal information using measures appropriate to the nature of the information we process.

Because payment-card information is processed by Authorize.net, we do not store full payment-card details on our local systems.

8. International Transfers

We are based in the United States of America and may process information in the United States, the United Kingdom, and other countries where our service providers operate.

If you are located in the United Kingdom, your personal data may be transferred outside the UK. Where required, we use appropriate safeguards designed to protect personal data, such as contractual protections or other lawful transfer mechanisms.

9. Your Privacy Rights

Depending on where you live, you may have rights regarding your personal information.

These rights may include the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your information
  • Object to or restrict certain processing
  • Request a copy of your information in a portable format
  • Withdraw consent where processing is based on consent
  • Opt out of marketing communications
  • Appeal or complain about certain privacy decisions, where applicable

To exercise privacy rights, contact us at:

Email: privacy@surfaceaudit.com

We may need to verify your identity before fulfilling certain requests.

10. UK Privacy Rights

If you are located in the United Kingdom, you may have the following rights under UK data protection law:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making and profiling, where applicable

You also have the right to lodge a complaint with the UK Information Commissioner’s Office.

However, we encourage you to contact us first so we can try to resolve your concern.

11. U.S. State Privacy Rights

Some U.S. state privacy laws provide residents with additional rights, such as rights to know, access, correct, delete, or obtain a copy of personal information, and to opt out of certain uses of personal information.

We do not sell personal information or share personal information for targeted advertising.

To exercise applicable U.S. state privacy rights, contact us at:

Email: privacy@surfaceaudit.com

We will not discriminate against you for exercising your privacy rights.

12. Marketing Communications

We may send you marketing emails about SurfaceAudit, such as product updates, feature announcements, or offers.

You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us.

Even if you opt out of marketing emails, we may still send you non-marketing service messages, such as account, billing, security, legal, or transactional notices.

13. Children’s Privacy

The Services are not intended for children under 13 years old in the United States or under 16 years old in the United Kingdom.

We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will take appropriate steps to delete it.

14. Third-Party Links and Services

The Services may contain links to third-party websites or services, including Authorize.net for payment processing.

We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing information to them.

15. Public Website Scanning

SurfaceAudit scans public-facing websites, domains, headers, DNS records, TLS configuration, cookies, exposed paths, Content Security Policy settings, and related security signals.

You are responsible for ensuring that you have the right to submit any URL, domain, or website for scanning through the Services.

Scan results may include technical information about the submitted website and may be associated with your account.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will take reasonable steps to notify you, such as posting the updated policy on our website, updating the “Last Updated” date, or sending an email notice where appropriate.

Your continued use of the Services after an updated Privacy Policy becomes effective means you accept the updated policy.

17. Contact Us

For privacy questions, requests, or concerns, contact us at:

Ignite Solutions Email: privacy@surfaceaudit.com