This policy explains how AuditMy.co.uk collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
AuditMy.co.uk is a website audit service operated as a trading name. We are the data controller for personal data collected through this website.
Contact: reports@auditmy.co.uk
2. What data we collect
When you purchase an audit
- Your email address (provided at checkout)
- Your website URL (provided at checkout)
- Payment information — processed and stored securely by Stripe. We never see or store your card details.
When we run your audit
- Technical data about your website — performance metrics, SEO data, security headers, SSL certificate details, and DNS records
- This data is used solely to generate your audit report
When you use our monitoring service
- Weekly audit results stored as a baseline for comparison
- Your email address used to send weekly digest emails
3. How we use your data
- To deliver your audit report by email
- To send weekly monitoring digests (monitoring subscribers only)
- To respond to support enquiries
- To improve our service
We do not use your data for marketing, sell it to third parties, or share it with anyone except as described in this policy.
4. Legal basis for processing
- Contract performance — processing your email and website URL to deliver the service you purchased
- Legitimate interests — improving our service based on aggregated, anonymised usage patterns
5. Data storage and security
- Audit reports are stored in Amazon S3 (AWS eu-west-2, London) and automatically deleted after 90 days
- Audit results are stored in Amazon DynamoDB (AWS eu-west-2, London)
- All data is stored within the UK/EEA
- Access is restricted to authorised personnel only
- All connections use HTTPS/TLS encryption
6. Third-party services
- Stripe — payment processing. Stripe's privacy policy: stripe.com/gb/privacy
- Amazon Web Services — cloud infrastructure (eu-west-2, London)
- Anthropic — AI report generation. Your website data is sent to Anthropic's API to generate your report. Anthropic's privacy policy: anthropic.com/privacy
7. How long we keep your data
- PDF reports — 90 days from creation, then automatically deleted from S3
- Audit results in DynamoDB — retained while you are an active customer
- Email address — retained until you request deletion or cancel your subscription
8. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to processing of your data
- Request restriction of processing
- Data portability
To exercise any of these rights, email reports@auditmy.co.uk. We will respond within 30 days.
9. Cookies
Our website does not use tracking cookies or analytics cookies. We do not use Google Analytics or any similar tracking tools. The only data stored in your browser is session data used to improve your checkout experience, which is cleared when you close your browser.
10. Complaints
If you have concerns about how we handle your data, please contact us directly at reports@auditmy.co.uk and we will do our best to resolve the issue promptly.
11. Changes to this policy
We may update this policy from time to time. The date at the top of this page shows when it was last updated. Continued use of our service after changes constitutes acceptance of the updated policy.
12. Contact
For any privacy-related questions: reports@auditmy.co.uk