BrokenApp

Legal

Privacy Policy

Last updated: February 14, 2026

1. Introduction

BrokenApp.io ("BrokenApp," "we," "our," or "us") operates the brokenapp.io website and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

We collect information in the following ways:

Information you provide

  • Account information (name, email address)
  • URLs submitted for scanning
  • Communications you send to us
  • Challenge submissions and public posts

Information collected automatically

  • Device and browser information
  • IP address and approximate location
  • Usage data (pages visited, features used)
  • Cookies and similar tracking technologies

Scan data

When you submit a URL for scanning, we crawl publicly accessible pages of that application. We collect information about the application's publicly visible behavior, including HTTP responses, page load metrics, console errors, and security header configurations. We do not access private data, databases, or source code.

3. How We Use Your Information

  • To provide, maintain, and improve our services
  • To generate scan reports for applications you submit
  • To administer the Clean Code Challenge
  • To send you service-related communications
  • To publish aggregate, anonymized research data
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers — hosting, analytics, and email delivery services that help us operate
  • Aggregate research — we publish anonymized, aggregate data about scanning results (e.g., common bug categories across frameworks). Individual applications are never identified
  • Legal requirements — when required by law, subpoena, or government request

5. Scan Report Privacy

Scan reports are private by default. Each report is accessible only via a unique, unguessable URL. Reports are not publicly indexed, listed, or shared unless you explicitly choose to share them. We do not use individual scan results for marketing or public disclosure without your consent.

6. Data Retention

We retain your account information for as long as your account is active. Scan reports are retained for 12 months after generation unless you request earlier deletion. You may request deletion of your data at any time by contacting [email protected].

7. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security audits. No system is 100% secure, but we take reasonable steps to protect the information you provide.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact [email protected].

9. Cookies

We use essential cookies to maintain session state and remember your preferences (such as theme selection). We use analytics cookies to understand how our services are used. You can control cookie settings through your browser preferences.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact

Questions about this Privacy Policy? Contact us at [email protected] or visit our contact page.