Privacy Policy

1.What We Collect

• Email address — used to identify your account and send transactional emails.
• Hashed password — stored as a one-way hash; the plaintext is never retained.
• Plan selection — Free, Pro, or Team, used for billing and quota enforcement.
• Stripe customer ID — a reference ID used to manage your subscription; full payment details are held exclusively by Stripe.
• IP address — recorded in security audit logs to detect unauthorized access.
• Scan metadata — target URLs you submit and the results NAT produces. This data belongs to you.

2.How We Use Your Data

• To provide and operate the NAT service.
• To process payments via Stripe.
• To send transactional emails (welcome, password reset, usage alerts, product updates).
• To maintain security audit logs and protect your account.
• To improve NAT using aggregated, anonymized usage patterns — never individual scan data.

3.What We Don't Do

We never sell, share, rent, or redistribute your personal data to third parties for marketing or advertising purposes. We never share your scan results, target URLs, or security findings with anyone outside your account. Your data is yours.

4.Email Communications

We send transactional emails only: account welcome, password reset, usage alerts, and occasional product updates. We will never spam you. Unsubscribe requests are honored immediately. Our email provider is Resend.

5.Third-Party Services

NAT uses the following third-party services. We share only the minimum data necessary for each to function:

• Stripe — payment processing and subscription management.
• Resend — transactional email delivery.
• Vercel — hosting and serverless infrastructure.
• Cloudflare — DNS and email routing.

6.Cookies

We use a single HTTP-only session cookie (nat-session) for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

7.Data Security

• Passwords are hashed using a strong one-way algorithm; the plaintext is never stored.
• Sessions use HTTP-only secure cookies to prevent client-side access.
• All traffic between your browser and our servers is TLS-encrypted.

8.Data Retention

Account data is retained while your account is active. Scan results are retained for 90 days by default. You may request earlier deletion at any time (see below).

9.Data Deletion

You can request complete deletion of your account and all associated data by emailing privacy@nat-testing.io. We will process deletion requests within 30 days.

10.Changes to This Policy

We will notify you of material changes to this policy via the email address associated with your account before the changes take effect.

11.Contact

• Privacy inquiries: privacy@nat-testing.io
• General support: support@nat-testing.io