Privacy Policy

Last updated: March 2026

Who We Are

HeaderGuard is operated by VeriduxLabs (guy.ruvio@gmail.com). HeaderGuard is a security header scanner that analyzes HTTP response headers for any URL you submit, grades them A through F, and provides copy-paste fix snippets for Next.js, Express, Nginx, Apache, and Cloudflare.

Information We Collect

When you use HeaderGuard, we collect the following information:

  • URLs submitted for scanning: We store the URLs you submit so we can cache scan results and improve the service.
  • Scan results: Security header analysis results are cached to speed up repeat scans.
  • Email address: If you create an account for monitoring features, we collect your email for authentication and alerting.
  • Slack webhook URLs: If you configure Slack monitoring alerts, we store your webhook URL to deliver notifications.
  • Analytics data: We collect anonymous usage analytics (page views, feature usage) through Veridux Analytics to improve the product.

How We Use Your Information

We use your information to provide and improve HeaderGuard:

  • To perform security header scans on URLs you submit
  • To cache scan results for faster subsequent lookups
  • To authenticate your account and manage your monitoring subscriptions
  • To send Slack alerts when monitored headers change
  • To process payments for paid monitoring plans through Paddle
  • To analyze usage patterns and improve the service

Third-Party Services

HeaderGuard relies on the following third-party services:

  • Supabase: Authentication and database storage for user accounts and scan data.
  • Paddle: Payment processing for paid monitoring plans. Paddle acts as Merchant of Record and handles all payment data, tax compliance, and billing. We do not store your credit card information.
  • Vercel: Application hosting and serverless infrastructure.
  • Veridux Analytics: Anonymous usage analytics operated by VeriduxLabs.

Data Retention

Scan results are cached for performance and retained as long as your account is active. If you delete your account, all associated data including scan history, monitoring configurations, and Slack webhook URLs will be permanently removed within 30 days.

Data Security

We use industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure database access controls, and encrypted storage for sensitive configuration data like Slack webhook URLs.

Your Rights

You have the right to access, correct, or delete your personal data at any time. You can delete your account and all associated data from your account settings, or by contacting us directly.

Cookies

HeaderGuard uses essential cookies for authentication session management. We also use Veridux Analytics which may set a minimal analytics cookie. We do not use third-party advertising cookies.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of HeaderGuard after changes constitutes acceptance of the revised policy.

Contact Us

For privacy-related questions or requests, contact us at privacy@headerguard.io.