This Privacy Policy explains how Zehan Chen, a sole proprietor based in British Columbia, Canada, doing business as Auditly("we", "us", or "our"), collects, uses, discloses, and protects your personal information when you use our website and the "Website Audit Pro" service (the "Service"). We handle personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA") and, where applicable, British Columbia's Personal Information Protection Act ("PIPA").
1. Who we are (Controller)
Zehan Chen is the organization responsible for, and the controller of, the personal information collected through the Service. You can reach our privacy contact at stefan@stefanchen.com.
2. Information we collect
- Contact information — name and email address you provide at checkout or when contacting support.
- Order information — the website URL you submit for audit, the product purchased, transaction identifiers, and order status.
- Communications — support messages and any information you voluntarily include in them.
- Technical / usage data — IP address, device and browser information, referring URL, pages viewed, and timestamps, collected automatically when you visit our site.
- Audit subject data — publicly available data about the website you ask us to audit, gathered by our scanning tools.
Payment information (card details, billing address) is collected directly by Paddle.com, our Merchant of Record. We do not see or store your full payment card details.
3. Purposes and legal basis for processing
- To deliver the Service — perform the audit, deliver the report, and provide customer support (necessary to perform our contract with you).
- To process payments — through Paddle (contract performance and legal obligation).
- To secure the Service — detect fraud, abuse, and security threats (legitimate interests; legal obligation).
- To comply with law — tax, accounting, and regulatory record keeping (legal obligation).
- To improve the Service — analyze aggregated usage to improve our audits and website (legitimate interests).
- To communicate with you — service messages and, where you opt in, occasional product updates (consent for marketing; legitimate interests for service messages).
Under Canadian privacy law we rely primarily on your consent (express or implied) for the collection, use, and disclosure of personal information, except where the law permits or requires us to act without consent.
4. Sharing of personal information
We share personal information only with:
- Paddle.com Market Limited — our Merchant of Record, who processes payments, manages billing, calculates taxes, and issues invoices and refunds;
- Service providers and subprocessors — hosting, email delivery, error monitoring, and analytics vendors who process data on our behalf under confidentiality and data-protection obligations;
- Professional advisors — accountants and lawyers where reasonably necessary;
- Authorities — where required by law, court order, or to protect our legal rights; and
- Successors — in connection with a merger, acquisition, or sale of assets, subject to equivalent privacy commitments.
We do not sell your personal information.
5. International transfers
Our service providers (including Paddle and our hosting providers) may store and process personal information outside Canada, including in the United States and the European Union. While such information is in another jurisdiction, it may be accessible to the courts, law enforcement, and national security authorities of that jurisdiction. We use providers that offer appropriate contractual and technical safeguards.
6. Retention
We keep personal information only as long as needed for the purposes described in this Policy: order and audit records for up to 7 years to meet Canadian tax and accounting requirements; support correspondence for up to 3 years; and website analytics in aggregated form. After these periods, we delete or anonymize the information.
7. Security
We use reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, and least-privilege access to production systems. No method of transmission or storage is completely secure, but we work to protect your data and will notify you and the appropriate authorities of any breach as required by law.
8. Your rights
Subject to applicable law (including PIPEDA and PIPA), you have the right to:
- request access to the personal information we hold about you;
- request correction of inaccurate or incomplete information;
- withdraw consent to our processing, subject to legal or contractual restrictions, on reasonable notice;
- request deletion of personal information that is no longer required; and
- make a complaint to us, or to the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.
To exercise any of these rights, email stefan@stefanchen.com. We will respond within 30 days, as required by Canadian law.
9. Cookies
We use a small number of strictly necessary cookies to operate the site (for example, to remember session state during checkout) and may use privacy-friendly analytics cookies to understand aggregate usage. You can control cookies through your browser settings; disabling them may affect site functionality.
10. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.
11. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be highlighted on this page, and the "Last updated" date will reflect the change.
12. Contact
For privacy questions or requests, contact Zehan Chen at stefan@stefanchen.com.