Privacy Policy

This policy covers everything bleek collects when you use bleek.dev, the free scanner, or any paid product. Plain language, no dark patterns — we hate them as much as you do.

What we collect

• The URL you scan.We use it to run the scan and show you the results. We don't keep it linked to you (no account = nothing to link).
• Anonymous analytics. Page views, scroll depth, and session replays via PostHog. All input fields are masked — we never record what you type into the scanner box or any form.
• Standard server logs. IP, user agent, request time. Retained 30 days for abuse prevention, then deleted.
• If you pay for Deep Scan or Human Audit: your email, billing address, and payment method — handled by LemonSqueezy (PCI-compliant). We see the order, not your card.

What we don't collect

• No user accounts on the free scanner. No password to leak.
• No cookies on the free scanner beyond what PostHog sets.
• No tracking across other sites. No ad networks. No retargeting.
• We don't collect or store the body of pages we scan beyond the scan duration. Results are computed and discarded.

Third parties we send data to

• Vercel hosts the site (US/Frankfurt edge).
• Sanity stores the CMS content you see (no user data — just our content).
• PostHog processes anonymous analytics (EU region).
• LemonSqueezy processes payments and acts as merchant of record (handles VAT for EU customers).

Your rights

• Access / deletion:if you've bought a paid product and want your billing data deleted, email privacy@bleek.dev. We action within 30 days.
• Opt out of analytics: use a tracker-blocker (uBlock Origin, Brave). PostHog respects Do Not Track when sent.
• GDPR / CCPA: covered above — anonymous by default, identifiable only after a purchase you initiate.

Changes to this policy

We update this page when something changes. The “Last updated” date at the top reflects the most recent change.