GDPR rights

This page describes how the EU and UK General Data Protection Regulation (GDPR) applies to IndexDoctor.io. The product is designed to minimize personal data: there are no accounts, no analytics, and no behavioural tracking. The information here applies whether you are based in the European Economic Area, the United Kingdom, or anywhere else.

• Submitted URLs. Used in memory to perform the requested check and rendered back to your browser.
• Server log metadata. IP address, user-agent, request path, response status, and timing, kept for a short rolling window for security and reliability.
• Cookie consent choice. Stored locally in your browser to remember whether you've dismissed the banner.

We do not process special-category personal data, and we do not sell or share data with advertising or analytics networks.

• Performance of the service. Processing the URL you submit is necessary to deliver the diagnostic you requested.
• Legitimate interest. Short-lived server logs help us keep the service running, secure, and free from abuse.

• Right of access. Ask what personal data we hold about you.
• Right to rectification. Ask us to correct inaccurate data.
• Right to erasure. Ask us to delete personal data we still hold about you.
• Right to restrict processing. Ask us to limit how we use your data while a request is being resolved.
• Right to object. Object to processing based on legitimate interest.
• Right to data portability. Receive a structured copy of any personal data you've provided.
• Right to lodge a complaint with your local data protection authority.

Email hello@indexdoctor.io with your request. Because we do not collect identifying account information, we may need additional context to locate any data associated with your request, for example, the approximate timestamps and URLs you submitted.

IndexDoctor.io is hosted on global cloud infrastructure. Where personal data is transferred outside the EEA or UK, the transfer relies on the appropriate safeguards offered by our hosting providers (such as Standard Contractual Clauses and their own GDPR programs).

We do not maintain a long-term database of submitted URLs or results. Server logs are kept for a short rolling window for operational purposes and then discarded.