Privacy Policy

ShiteScore is operated by Simon Taylor as a sole trader, trading as ShiteScore. This policy explains what data we collect, why, and what we do with it.

Data controller

Simon Taylor, 61 Bridge Street, Kington, HR5 3DJ, United Kingdom. Contact: hello@shitescore.com

What we collect

• Domain name — the URL you submit for scanning.
• Email address — collected by Stripe at checkout, used to deliver your report.
• Payment metadata — Stripe session ID and transaction reference. We never see your card details.
• IP address — logged by Vercel (our hosting provider) as standard infrastructure logging.
• Anonymous analytics — page views via Plausible Analytics (cookieless, no personal data, no cross-site tracking).
• Chat transcripts — only if you use the chat widget. See “Chat support” below.

Chat support

If you use the chat widget on the site, we store the conversation transcript and an anonymous browser ID so we can give continuity within and across sessions. Transcripts are kept for 90 days, after which they are automatically deleted. You can delete your transcript at any time via the "Clear conversation" button in the chat widget, or by emailing hello@shitescore.com.

Why we collect it (legal basis)

All personal data is processed on the basis of contract performance — we need your email to deliver the report you paid for. We do not process data for marketing without separate consent.

How we use it

• To run the website audit you requested.
• To email you the completed report.
• To process your payment and handle refunds.
• To respond to support requests.

Subprocessors

We use the following third-party services to operate ShiteScore. Each has its own privacy policy and data processing agreement.

• Stripe — payment processing (stripe.com/privacy)
• Resend — transactional email (resend.com/privacy)
• Anthropic — AI report synthesis (anthropic.com/privacy)
• Google — PageSpeed Insights API (policies.google.com/privacy)
• Vercel — hosting and serverless functions (vercel.com/legal/privacy-policy)
• Neon — database (neon.tech/privacy)
• Plausible Analytics — anonymous analytics (plausible.io/privacy)

Data retention

Audit data (domain, score, report content) is retained for 90 days then permanently deleted. Email addresses are retained for the same period unless you request earlier deletion.

Your rights

Under UK GDPR you have the right to access, correct, or delete your personal data, and to object to processing. To exercise any of these rights, email hello@shitescore.com. We will respond within 30 days.

Cookies

ShiteScore uses no tracking cookies. Plausible Analytics is cookieless. No consent banner is required.

ICO registration

We are registered with the Information Commissioner's Office (ICO) as a data controller, as required under UK GDPR.

Changes to this policy

We may update this policy. The current version is always at shitescore.com/privacy. Material changes will be noted at the top of this page.