Privacy Policy

What We Collect

When you request a scan, we collect:

• Domain name you submit for analysis
• Business email address for OTP verification
• Scan results generated from publicly available website data

We do not collect passwords, payment information, or personal browsing data.

How We Use It

• To deliver your structural diagnostic report
• To verify your identity via one-time passcode (OTP)
• To prevent abuse and enforce rate limits

We do not sell, share, or transfer your information to third parties for marketing purposes.

What We Analyze

INFRA analyzes publicly accessible website content only. This includes:

• HTML structure and metadata
• Structured data (JSON-LD, Schema.org)
• Internal link architecture
• Publicly visible certificates and claims

We do not access password-protected areas, private databases, or non-public content.

Data Retention

• Scan snapshots are retained for 7 days and then automatically deleted
• OTP codes expire within 15 minutes and are single-use
• Authentication tokens expire within 30 minutes

Security

• OTP verification is rate-limited to prevent brute-force attempts
• Tokens are cryptographically signed and short-lived
• We do not store your email in plain text after verification

Your Rights

You may request deletion of your data by contacting us at privacy@infragraph.io.

Changes

We may update this policy. Material changes will be posted on this page with an updated date.

Contact

For privacy-related questions: privacy@infragraph.io