Basepoint
Sign up

Privacy Policy

Last updated June 20, 2026

This Privacy Policy explains how Basepoint (“Basepoint,” “we,” “us”) collects, uses, and protects your information when you use our website and security-scanning service (the “Service”). By using the Service, you agree to this policy.

Information we collect

  • Account information — your email address and name, provided when you sign up via Google or a magic link.
  • Apps and scans — the URLs you add, the verification status of those domains, and the results of scans we run against them (security findings, scores, timestamps).
  • Usage data — basic logs and analytics about how you use the Service, used to operate and improve it.
  • Cookies — we use strictly necessary cookies to keep you signed in. We do not use advertising cookies.

How scanning works

Our scans are read-only and non-intrusive. We only request resources that your site already serves publicly — the same way a normal browser would — and we only scan domains you have verified you own or control. We do not log in to your application, submit forms, modify data, or attempt to exploit any issue we find.

How we use information

  • To provide, maintain, and secure the Service.
  • To run scans you request and store their results in your account.
  • To send you transactional email (sign-in links, weekly security digests, billing notices).
  • To respond to support requests and improve the product.

We do not sell your personal information.

Third-party processors

We share data only with vendors that help us run the Service, under agreements that require them to protect it:

  • Supabase — authentication and database (stores your account, apps, and scan results).
  • Resend — transactional email delivery.
  • Hosting/CDN provider — serves the application.
  • Payment processor — handles paid-plan billing (we never store full card details).

Data retention

We keep your account and scan history for as long as your account is active. If you delete an app or your account, we remove the associated data within a reasonable period, except where we must retain it to meet legal or security obligations.

Security

We protect your data with encryption in transit, row-level security so each account can only access its own data, and least-privilege access controls. No system is perfectly secure, but we work hard to keep yours safe — it's our whole business.

Your rights

You can access, correct, export, or delete your data at any time from your account or by emailing us. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA, including the right to object to or restrict certain processing.

International transfers

Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

Children

The Service is not intended for anyone under 16, and we do not knowingly collect data from children.

Changes to this policy

We may update this policy from time to time. We'll post the new version here and update the “Last updated” date; significant changes may also be emailed to you.

Contact

Questions about privacy? Email hi@gobasepoint.com.