Privacy Policy

1. Introduction

This Privacy Policy describes how CSP Monitor ("we," "our," or "us") collects, uses, and discloses your information when you use our service.

2. Information We Collect

We may collect information that you provide directly to us, including:

  • Account information (username, email address, password)
  • Website information and CSP violation reports
  • Usage data and interaction with our service
  • Payment information (processed securely through Paddle)
  • Communication preferences and notification settings

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our CSP monitoring service
  • Send notifications about security events and service updates
  • Process payments and manage subscriptions
  • Improve our service and develop new features
  • Respond to customer support inquiries

4. Cookies & Analytics

We use a strictly necessary session cookie for authentication only. It is created after you log in and is used solely to maintain your session; it is not used for cross‑site tracking and expires at logout or session end.

We also record aggregate visit metrics and simple interaction events (e.g. page views, navigation flow, referring page, generic device/browser category, approximate region derived without storing full IP). These measurements use no identifying cookies, no fingerprinting, and are not combined into personal profiles or tracked across sites. Legal basis: legitimate interests (GDPR Art. 6(1)(f)) to maintain, secure, and improve the service. You may object at any time; an immediate opt‑out is available below or by storing the key umami.disabled with value 1 in your browser (stops further collection for that browser).

Optional enhanced analytics (loaded only after your explicit consent) may use an additional analytics service configured without advertising features and without personally identifiable data (IP anonymization enabled). Legal basis: consent (GDPR Art. 6(1)(a)). Refusing has no impact on core functionality. You may withdraw this consent at any time via the in‑app “Analytics” control or by clearing the stored preference; withdrawal stops further enhanced analytics collection going forward.

Anonymous metrics status:Enabled

5. Data Retention

We retain your CSP violation reports for a minimum of 90 days to provide our service effectively. Account data is retained for as long as necessary to provide our service and comply with legal obligations. You may request deletion of your account and data at any time.

6. Data Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties, except:

  • To our payment processor (Paddle) for billing purposes
  • When required by law or to protect our rights
  • With your explicit consent

7. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Opt out of marketing communications

8. Changes to Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.