Privacy Policy

1. Introduction

KRON WEB SRL("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our website audit service at fastaudit.io (the "Service").

As a European-based company, UID: 48196263, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

KRON WEB SRLis the data controller for the personal information we collect and process. You can contact us regarding data protection matters through our contact form or support channels.

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, when you create an account
• Contact Information: Name, email, message when you contact us
• Payment Information: Billing details processed through Stripe (we do not store payment card details)
• Website Information: URLs and website data you submit for auditing

3.2 Information We Collect Automatically

• Usage Data: How you interact with our Service, features used, time spent
• Technical Data: IP address, browser type, device information, operating system
• Analytics Data: Via Google Analytics and Google Tag Manager for website optimization
• Cookies and Tracking: Essential cookies for functionality and analytics cookies (with consent)

3.3 Website Audit Data

When you audit a website, we may collect and analyze publicly available information from the target website including:

• Website content, structure, and metadata
• Privacy policy and terms of service content
• Technical performance metrics
• SEO and accessibility data

4. How We Use Your Information

4.1 Service Provision

• Providing website audit services and generating reports
• Managing your account and subscriptions
• Processing payments through Stripe
• Communicating with you about our Service

4.2 Service Improvement

• Analyzing usage patterns to improve our Service
• Developing new features and functionality
• Ensuring technical performance and security

4.3 Legal Compliance

• Complying with legal obligations
• Preventing fraud and abuse
• Protecting our rights and interests

5. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our Service and fulfill our contractual obligations
• Legitimate Interest: For service improvement, security, and business operations
• Consent: For analytics cookies and marketing communications (where applicable)
• Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share your data with trusted third-party providers who help us operate our Service:

• Vercel: Cloud hosting and deployment platform
• Stripe: Payment processing (they have their own privacy policy)
• Google: Analytics and Tag Manager for website analytics
• NextAuth.js: Authentication services for secure login

6.2 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the business transaction, subject to equivalent privacy protections.

7. International Data Transfers

Our Service is hosted on Vercel's cloud infrastructure, which may involve data processing in various countries. We ensure that all international transfers comply with GDPR requirements through:

• Adequacy decisions for transfers to approved countries
• Standard Contractual Clauses (SCCs) where required
• Ensuring service providers implement appropriate safeguards

8. Data Retention

We retain your personal information for as long as necessary to:

• Account Data: Until you delete your account or request deletion
• Audit Reports: For the duration of your subscription plus 2 years for support purposes
• Payment Records: As required by tax and accounting regulations (typically 7 years)
• Analytics Data: Aggregated data may be retained indefinitely for business insights
• Contact Inquiries: 3 years for customer service purposes

9. Cookies and Tracking Technologies

9.1 Essential Cookies

We use essential cookies that are necessary for the Service to function, including:

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance optimization

9.2 Analytics Cookies

With your consent, we use Google Analytics and Google Tag Manager to:

• Understand how visitors use our website
• Improve user experience and Service performance
• Analyze usage trends and patterns

9.3 Cookie Control

You can manage cookie preferences through your browser settings or our cookie consent banner. Note that disabling essential cookies may affect Service functionality.

10. Your Rights Under GDPR

As a data subject, you have the following rights:

To exercise these rights, contact us through our support channels. We will respond within 30 days of receiving your request.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: Data in transit and at rest is encrypted using industry standards
• Access Controls: Strict access controls and authentication for our systems
• Regular Audits: Security assessments and vulnerability testing
• Staff Training: Regular privacy and security training for our team
• Cloud Security: Vercel's enterprise-grade security infrastructure

12. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our website
• Sending email notifications for material changes
• Updating the "Last updated" date at the top of this policy

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Through our website contact form
• Via our support channels
• For data protection matters, mark your inquiry as "Privacy/GDPR"

15. Supervisory Authority

If you believe we have not handled your personal data in accordance with this Privacy Policy or applicable law, you have the right to lodge a complaint with your local data protection supervisory authority.