GOWEBCHECK
Privacy Policy
Effective date: 01/03/2026 | Version 1.0
This Privacy Policy explains how GoWebCheck collects, uses, stores, and protects your personal data when you use our website and services. GoWebCheck is committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
Please read this Privacy Policy alongside our Terms and Conditions, available at gowebcheck.com/terms.
1. Who we are
GoWebCheck is operated by G Bancroft trading as Arete AI (“we”, “us”, “our”). We are the data controller for the personal data described in this policy.
Business name: G Bancroft trading as Arete AI
Trading name: GoWebCheck
Address: Arete AI
First Floor, Swan Buildings, 20 Swan Street, Manchester, M4 5JW
Email: admin@areteai.co.uk
Website: gowebcheck.com
2. What personal data we collect
We collect different categories of personal data depending on how you interact with the Service.
2.1. When you create an account
- Your name
- Your email address
- Your password (stored in encrypted form by our authentication provider)
- Your chosen subscription plan
2.2. When you purchase a scan or subscription
- Payment card details (processed and stored by Stripe — we do not see or store your full card number)
- Billing information associated with your Stripe account
- Transaction records (amounts, dates, Stripe customer and subscription identifiers)
2.3. When you use the Service
- Website URLs you submit for scanning
- Scan results and reports generated for your account
- Your scan history and score tracking data
2.4. Automatically collected data
- Your IP address (used for rate limiting and security)
- Browser type and version
- Pages visited on gowebcheck.com and time of access
- Cookies and similar technologies (see section 8)
2.5. Data we do not collect
We do not collect or process any special category data (also known as sensitive personal data) such as data about health, ethnicity, political opinions, religious beliefs, or sexual orientation.
3. How we use your personal data
We use your personal data for the following purposes:
Purpose | Data used | Lawful basis |
To create and manage your account | Name, email, password | Contract performance |
To process payments | Payment details (via Stripe), transaction records | Contract performance |
To run scans and deliver reports | Website URLs, scan results | Contract performance |
To send scan alerts and service notifications | Email address, scan results | Contract performance |
To send you information about plan upgrades or new features | Email address, plan type | Legitimate interests |
To prevent fraud and enforce rate limits | IP address, usage patterns | Legitimate interests |
To improve the Service | Aggregated scan data, usage patterns | Legitimate interests |
To comply with legal and financial record-keeping obligations | Transaction records, account data | Legal obligation |
3.1. Legitimate interests explained
Where we rely on legitimate interests as our lawful basis, we have carried out a balancing assessment to ensure our interests do not override your rights. Our legitimate interests include: keeping the Service secure, preventing abuse and fraud, improving the quality and reliability of the Service, and communicating with you about features relevant to your subscription. You have the right to object to processing based on legitimate interests (see section 7).
3.2. Marketing communications
We will only send you marketing communications (such as information about new features, plan upgrades, or related services) if you have given your consent or if you are an existing customer and the communications relate to similar products or services. In either case, every marketing email will include a clear and easy way to unsubscribe. We will never share your email address with third parties for their marketing purposes.
4. Who we share your data with
We do not sell your personal data. We share your data only with the following categories of third-party service providers who help us operate the Service:
Provider | Purpose | Data shared | Location |
Stripe | Payment processing | Payment card details, billing info, transaction data | USA / EEA (with Standard Contractual Clauses and UK Addendum) |
Supabase | Database, authentication, data storage | Account data, scan results, subscription records | USA (AWS infrastructure, with Standard Contractual Clauses and UK Addendum) |
Hostinger | Server hosting (VPS) | All data processed by the Service passes through our server | [Confirm data centre location] |
PageSpeed Insights API for performance data | Website URLs submitted for scanning | USA / Global (with Standard Contractual Clauses and UK Addendum) |
Each of these providers processes data on our behalf and under our instructions. We have data processing agreements or equivalent contractual protections in place with each provider.
We may also share your data if required to do so by law, regulation, or legal process (such as a court order), or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
5. International data transfers
Some of our third-party service providers are based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place as required by UK GDPR. These safeguards include:
- UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU Standard Contractual Clauses — contractual clauses approved by the Information Commissioner’s Office that require the receiving party to protect your data to UK standards.
- Adequacy decisions — where the UK Government has determined that a country provides an adequate level of data protection.
If you would like further information about the specific safeguards applied to any transfer, please contact us at the email address in section 1.
6. How long we keep your data
We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law.
Data type | Retention period | Reason |
Account information (name, email) | Until you delete your account, plus 30 days | To provide the Service and allow account recovery |
Scan results and reports | For the duration of your subscription, plus 12 months after cancellation | To provide score tracking and historical comparison |
Payment and transaction records | 6 years from the date of the transaction | HMRC record-keeping requirements |
Server logs (IP addresses, access logs) | 90 days | Security, fraud prevention, debugging |
On-demand scan data (non-subscriber) | 12 months from the date of the scan | To allow the customer to re-access their report |
When retention periods expire, data is securely deleted or anonymised so that it can no longer be linked to you.
7. Your rights under UK GDPR
Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data:
- Right of access — You can request a copy of all personal data we hold about you. We will respond within one month.
- Right to rectification — You can ask us to correct any inaccurate or incomplete data we hold about you.
- Right to erasure (“right to be forgotten”) — You can ask us to delete your personal data where there is no compelling reason for us to continue processing it. Note that we may need to retain certain data to comply with legal obligations (such as financial records for HMRC).
- Right to restriction of processing — You can ask us to suspend processing of your data in certain circumstances, for example if you want us to verify its accuracy.
- Right to data portability — You can request that we provide your data in a structured, commonly used, machine-readable format. This applies to data you have provided to us and that we process by automated means based on your consent or contract performance.
- Right to object — You can object to our processing of your data where we rely on legitimate interests as our lawful basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent — Where we process data based on your consent (such as marketing communications), you can withdraw that consent at any time. This does not affect the lawfulness of processing carried out before you withdrew consent.
To exercise any of these rights, please email us at [email address]. We will respond to all legitimate requests within one month. If your request is complex or we receive a high volume of requests, we may extend this by a further two months, but we will inform you if this is the case.
We will not charge a fee for responding to a rights request unless the request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse the request, and we will explain why.
8. Cookies
Our website uses cookies and similar technologies. A cookie is a small text file placed on your device when you visit a website.
8.1. Cookies we use
Cookie type | Purpose | Examples | Lawful basis |
Strictly necessary | Required for the Service to function (authentication, security) | Session cookies, authentication tokens set by Supabase Auth | Exempt from consent (PECR Regulation 6(4)) |
Functional | Remember your preferences (such as scan settings) | User preference cookies | Consent required |
Analytics | Understand how visitors use our website to improve it | [To be confirmed — e.g. privacy-respecting analytics if implemented] | Consent required |
Third-party | Set by payment or authentication providers during checkout or login | Stripe checkout cookies | Strictly necessary for payment processing |
8.2. Your cookie choices
When you first visit gowebcheck.com, you will be shown a cookie consent banner. You can accept or reject non-essential cookies. You can change your cookie preferences at any time by clicking the cookie settings link in the website footer.
You can also control cookies through your browser settings. Please note that disabling strictly necessary cookies may prevent the Service from functioning correctly.
8.3. Do Not Track
Some browsers transmit a “Do Not Track” signal. We respect Do Not Track signals and will not set non-essential cookies if your browser sends this signal and you have not otherwise given consent.
9. Data security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:
- All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
- Passwords are stored in encrypted (hashed) form and are never stored in plain text
- Payment card data is processed by Stripe, a PCI DSS Level 1 certified payment processor — we never see or store your full card number
- Access to our database and server infrastructure is restricted and protected by authentication
- We use rate limiting to prevent abuse of the scanning service
- Our server infrastructure is hosted on a private virtual server with firewall protection
While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
10. Children’s data
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at the email address in section 1.
11. Links to third-party websites
GoWebCheck scans third-party websites on your behalf. Our reports may contain links to those websites or to external resources. We are not responsible for the privacy practices or content of third-party websites. We encourage you to read the privacy policies of any website you visit.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify existing account holders by email at least 14 days before the changes take effect.
The date at the top of this policy indicates when it was last updated. We encourage you to review this policy periodically.
13. Complaints
If you are unhappy with how we have handled your personal data, we would like the opportunity to resolve it. Please contact us at [email address] in the first instance.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
14. Contact us
If you have any questions about this Privacy Policy or how we handle your data, please contact:
G Bancroft trading as Arete AI
Arete AI, First Floor, Swan Buildings, 20 Swan Street, Manchester, M4 5JW
admin@areteai.co.uk
Website: gowebcheck.com
End of Privacy Policy
Version 1.0 | [Effective date] | GoWebCheck by Arete AI