Last updated: May 2026
SecURL analyses the external security posture of websites and web services. You provide a URL, our service checks it using publicly observable signals — HTTP response headers, TLS configuration, DNS records, certificate metadata, and related data — and returns a score and grade. No credentials, no login, and no access to anything that isn't already visible from the public internet.
When you scan a URL, that URL is sent to our servers to perform the analysis. We do not store URLs or scan results against any personal identity. Scan results returned to the app are stored locally on your device only and are not transmitted back to us.
To allow you to retrieve your own scans and prevent abuse, each installation of the app generates an anonymous random identifier. This identifier is stored on your device and sent with scan requests. It contains no personal information and cannot be linked to you.
We do not collect your name, email address, location, device identifiers, or any other personal information. We do not require an account. We do not use advertising or tracking SDKs. We do not sell, share, or transfer any data to third parties for marketing purposes.
The SecURL backend runs on Railway. Standard server logs may capture IP addresses and request metadata for a limited period for operational purposes such as debugging and abuse prevention. These logs are not used for profiling and are not retained long-term.
Scan history, monitored targets, and your anonymous scan token are stored locally on your device using standard app storage. This data never leaves your device except as described above. Uninstalling the app removes all locally stored data.
If we make material changes to how we handle data, we will update this page and revise the date at the top. Continued use of SecURL after changes are posted means you accept the updated policy.
Questions about this policy or your data can be sent to hello@securl.online.