This policy covers the Site Auditor Chrome extension and this website (kamallouhibi.com). It explains what data is collected, why, and what happens to it. No boilerplate — only what's actually true.
What Site Auditor collects
When you create an account and use the extension, the following is stored:
- Email address — used to identify your account and send transactional messages (e.g. license confirmation). Never used for marketing.
- Password — stored as a bcrypt hash. The plaintext password is never stored or transmitted after the initial request.
- Audited URLs — the URLs you submit for auditing are stored temporarily to generate and cache the audit report. They are deleted after 24 hours.
- JWT (JSON Web Token) — stored in your browser's
localStorageto keep you logged in. This token is scoped to the extension and expires on logout or after a fixed period. - License key — stored to verify your subscription status.
The extension does not collect browsing history, keystrokes, form data, or any information from pages you visit other than the URL you explicitly submit for an audit.
What's sent to third parties
- Cloudflare — this website and the Site Auditor backend are hosted on Cloudflare Pages and Cloudflare Workers. Cloudflare processes all incoming requests and applies standard DDoS and bot protection. Their privacy policy is at cloudflare.com/privacypolicy.
- Google PageSpeed Insights API — when you run an audit, the submitted URL is sent to Google's PageSpeed API to retrieve performance scores (Core Web Vitals, Lighthouse metrics). Google's terms apply to that request. No account information is included.
- Anthropic — the extension uses the Claude API (by Anthropic) to generate a one-paragraph outreach angle based on the audit findings. The audited URL and a summary of the audit results are sent to Anthropic's API. No personal account data (email, password, license key) is included in these requests. Anthropic's privacy policy is at anthropic.com/privacy.
There are no analytics tools (Google Analytics, Mixpanel, etc.) on this site or in the extension.
Data retention
- Audit results and audited URLs — deleted 24 hours after the audit is run.
- Account data (email, hashed password, license key) — retained until you request deletion.
- JWT tokens — stored only in your browser's localStorage; cleared on logout or when the token expires.
Your rights
You can request deletion of your account and all associated data at any time by emailing [email protected]. I'll confirm and complete the deletion within 7 days.
If you're in the EU or EEA, you also have the right to access, correct, and port your data. Same email address, same response time.
Cookies
This website does not use cookies. The extension stores a JWT in
localStorage, which is not a cookie and is not sent to third-party
domains.
Children
Site Auditor is not directed at children under 13, and I do not knowingly collect data from them.
Changes to this policy
If something material changes (new third party, new data type), I'll update the date at the top and, where reasonable, notify active users by email.
Contact
Questions about this policy: [email protected]