How is my scanned data handled?

SiteClinic only scans the public-facing content of the URL you submit. We never access pages behind login, admin panels, or any authenticated content. DOM, screenshot, and header data is cached in Redis for 24 hours (to reduce duplicate-scan cost) and then deleted. The report body (scores + findings) is retained while your account exists. See the Privacy Policy and DPA for full detail.