Privacy Policy
Last updated: May 16, 2026
This Privacy Policy explains how Rostyslav Honcharov, a registered sole trader (OSVČ) in the Czech Republic, IČO: 29541131, operating EshopAuditor at eshopaudit.io ("we", "us", or "our"), collects, uses, and shares information about you when you use our Service.
If you have questions, contact us at support@eshopaudit.io.
1. Information We Collect
Information you provide
- Account information: Your name and email address when you register.
- Support communications: Messages you send to support@eshopaudit.io.
Information collected automatically
- Usage data: Pages visited, audit history, feature interactions, and session metadata.
- Device and browser data: IP address, browser type, operating system, and approximate location (country/region level).
- Cookies and similar technologies: See our Cookie Policy for details.
Audited URL content
When you submit a URL for an audit, our system fetches and processes the HTML content of the pages you submit. This content is used solely to generate the audit report for you.
On Pro tier: The HTML content of audited pages is transmitted to Anthropic's Claude API to generate AI-powered explanations of findings in plain language. If your pages contain personal data in their HTML (for example, embedded customer names or addresses), that content would be included. We recommend auditing only pages you control and are authorized to process.
2. How We Use Your Data
We use your information to:
- Provide, operate, and improve the EshopAuditor Service.
- Process payments through Paddle.
- Send transactional emails (account confirmations, audit completions, billing receipts) via Resend.
- Respond to your support requests.
- Detect and prevent abuse, fraud, and security incidents.
- Comply with legal obligations.
We do not sell your personal data. We do not use your data for third-party advertising.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or UK, we process your personal data under the following legal bases:
| Processing activity | Legal basis |
|---|---|
| Account creation and management | Contract performance (Art. 6(1)(b)) |
| Payment processing | Contract performance (Art. 6(1)(b)) |
| Sending transactional emails | Contract performance (Art. 6(1)(b)) |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) |
| Responding to support requests | Legitimate interests (Art. 6(1)(f)) |
| Cookie consent | Consent (Art. 6(1)(a)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. Payments
Payments are processed by Paddle.com Market Ltd, which acts as the Merchant of Record for EshopAuditor. When you make a purchase, Paddle collects and processes your payment card details, billing address, and transaction data directly. We do not store your full payment card details.
Paddle's privacy policy is available at paddle.com/legal/privacy.
5. Cookies
We use a small number of cookies, all of which are essential or preference-based. We do not currently use analytics or advertising cookies. Full details are in our Cookie Policy.
6. Data Sharing
We share personal data only with the sub-processors listed below, or where required by law. We do not share your data with other third parties for their own marketing or advertising purposes.
Where we are legally required to disclose data (for example, in response to a valid court order or law enforcement request), we will notify you to the extent permitted by law.
7. Sub-processors
The following third parties process personal data on our behalf. We have data processing agreements in place with each sub-processor.
| Sub-processor | Country | Purpose |
|---|---|---|
| Paddle.com Market Ltd | United Kingdom | Merchant of Record — processes payments, tax, and billing addresses on our behalf. Paddle is the payment processor for all EshopAuditor transactions. |
| Anthropic, PBC | United States | We use the Claude API to generate AI-powered issue explanations on Pro tier. The HTML content of pages you audit is sent to Anthropic for this purpose. Anthropic does not train its models on API inputs by default. |
| Railway | United States (EU regions available) | Backend application hosting and MySQL database hosting. |
| Resend Inc. | United States | Transactional email delivery (account confirmations, audit notifications, receipts). |
| Vercel Inc. | United States | Frontend hosting, global CDN, and cookieless analytics. |
8. International Data Transfers
Some of our sub-processors are based in or operate infrastructure in the United States. Where personal data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs), to ensure an adequate level of protection for your data.
9. Data Retention
- Account data: Retained while your account is active. Within 30 days of an account deletion request (sent to support@eshopaudit.io), all account data is removed except where retention is required by law.
- Audit history: Retained while your account is active. Individual audit reports can be deleted on request. All audit history is removed within 30 days of account deletion.
- Payment records: Retained as long as required by applicable tax and accounting regulations (typically 5–7 years), per Czech law č. 235/2004 Sb.
- Support communications: Retained for up to 3 years for service-quality and dispute-resolution purposes.
You may request deletion of your data at any time (see Your Rights below).
10. Your Rights (GDPR)
If you are located in the EEA, UK, or another jurisdiction with applicable data protection laws, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on our legitimate interests.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at support@eshopaudit.io. We will respond within 30 days. If you believe we have not addressed your concern adequately, you have the right to lodge a complaint with the supervisory authority in your country. In the Czech Republic, this is the Office for Personal Data Protection (ÚOOÚ).
11. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. These include HTTPS encryption in transit, HttpOnly flags on authentication cookies, and access controls on our database and infrastructure.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.
12. Children
EshopAuditor is intended for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us at support@eshopaudit.io and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a prominent notice in the Service before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
14. Contact
For any privacy-related questions, requests, or concerns:
Rostyslav Honcharov
IČO: 29541131
Czech Republic