Sean Howell ("we", "us", "our") operates BlynkAudit at blynkaudit.com. This policy explains what personal information we collect, how we handle it, and your rights. We handle personal information as an APP entity under the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Information We Collect
- Email address - when you sign up, purchase a report, or join our mailing list
- Hashed IP address - to enforce the free-tier daily limit and for security and fraud prevention. We store a salted SHA-256 hash (keyed with a server secret), never the raw IP address, so it cannot be reversed to your address without that secret
- Scanned URLs and retrieved page content - the websites you submit for auditing, stored with their results
- Payment data - handled entirely by Stripe; we never see or store card numbers
You can use the free tier without creating an account (subject to the IP-based fair-use limit), consistent with the anonymity principle in APP 2.
2. How We Use It
- To deliver your audit reports by email
- To enforce fair-use rate limits on the free tier
- To send product updates if you joined our mailing list (you can unsubscribe at any time)
- To operate, secure, and improve the Service
3. Service Providers
We share the minimum data necessary with the following processors:
- Stripe - payment processing. Subject to Stripe's Privacy Policy
- Resend - transactional email delivery; your email address is shared only to send emails you have requested
- Anthropic, Google (Gemini), OpenAI, Perplexity - AI scoring and narrative generation; we send the target website's URL and retrieved page content for processing
- Google PageSpeed Insights - website performance metrics; the target URL is sent to Google
- Backblaze B2 - encrypted storage of the generated PDF reports
- Google Analytics 4 - aggregate, non-advertising usage analytics for the site
- GitHub - only if you choose to install our optional remediation GitHub App
4. Overseas Disclosure
The providers in section 3 are located outside Australia, primarily in the United States. By using the Service you consent to us disclosing the relevant information (for example, the target URL and page content to AI providers, your email to Resend, and payment data to Stripe) to these overseas recipients. We take reasonable steps to use reputable providers, but an overseas recipient may not be subject to laws substantially similar to the APPs (APP 8).
5. AI Processing
Reports are generated using large language models operated by the providers listed above. We do not deliberately send your account information to them. Scanned page content is sent for analysis and may incidentally contain personal information that appears on the target website. AI-generated analysis can be inaccurate - see our Terms of Service.
6. Data Retention
Scan results (submitted URLs, retrieved content, scores, and any generated PDFs or screenshots) are deleted 12 months after the scan. Session records, which carry only the hashed IP, are deleted within 30 days. Free-tier usage counters reset daily. Security audit logs are kept as immutable records but contain only the hashed IP, never a raw address. Mailing-list email addresses are kept until you unsubscribe or request deletion.
7. Cookies
- Session cookie - httpOnly, SameSite=Lax; keeps you logged in when you have an account
- CSRF token cookie - SameSite=Lax, readable by your browser so forms can be protected against cross-site request forgery
- Google Analytics (_ga, _ga_*) - measures aggregate site usage; expires up to ~13 months
We do not use advertising cookies and we do not sell your data. You can block analytics via your browser settings or Google's opt-out browser add-on.
8. Security
We take reasonable steps to protect personal information (APP 11): account passwords are hashed with argon2id, traffic is encrypted in transit over HTTPS, IP addresses are stored only as salted hashes, and access controls and rate limiting are in place. No method of transmission or storage is completely secure.
9. Your Rights
You may request access to, correction of, or deletion of your personal information. To exercise these rights, email support@blynkaudit.com. We will respond within a reasonable period, usually within 30 days.
10. Data Breaches
If a data breach occurs that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.
11. Complaints
If you have a privacy concern, contact us first at support@blynkaudit.com. If you are not satisfied with our response, you can lodge a complaint with the OAIC at oaic.gov.au.
12. Contact
APP entity: Sean Howell, 1025 Pimpama Jacobs Well Road, Jacobs Well, Queensland, 4208, Australia.
Contact: support@blynkaudit.com