Privacy Policy

Last Updated: November 27, 2025

Overview

Tyre Kicker is a security reconnaissance tool for authorized testing. This privacy policy explains what data we collect, how we use it, and your rights regarding your information.

            Key Points: Your scan results are stored locally in your browser and never transmitted to our servers. We only collect email addresses for subscription management.
        

1. Information We Collect

A. Data Stored Locally (Never Leaves Your Browser)

URLs of websites you scan
Scan results (detected patterns, security scores, findings)
Your scan history (automatically deleted after 30 days)
Extension preferences and settings
Technology versions detected during scans

B. Data Sent to Tyre Kicker Servers

Your email address (for subscription management only)
Browser extension ID (for subscription validation)
Scan count (to enforce free tier limits: 10 scans per 30 days)
Subscription status and payment information (processed via Stripe)

C. Data Sent to Third Parties

National Vulnerability Database (NVD): We query the public NVD API (nvd.nist.gov) with technology names and versions (e.g., "jQuery 1.8.3") to check for known vulnerabilities. No personal data, URLs, or browsing history are sent to this service.
Stripe: Payment processing only. Credit card information is handled directly by Stripe and never stored on our servers. See Stripe's Privacy Policy.

D. Data We DO NOT Collect

❌ Scan results are never sent to our servers
❌ Browsing history beyond scanned pages
❌ Personal information from scanned websites
❌ Analytics or telemetry data
❌ Third-party tracking cookies
❌ IP addresses or device identifiers

2. How We Use Information

Security Analysis: Perform local pattern matching for API keys, passwords, and vulnerabilities
CVE Detection: Query the NVD API for vulnerability information about detected technologies
Subscription Management: Validate your subscription status and enforce scan limits
Payment Processing: Process subscription payments via Stripe
User Support: Respond to support requests (if you contact us)

3. Data Sharing and Disclosure

We do NOT sell, rent, or share your personal information. The only third parties with access to limited data are:

Stripe: Payment processing (PCI-DSS compliant, receives email and payment info)
NVD (NIST): CVE lookups (receives only technology names/versions, no personal data)
Legal Requirements: We may disclose information if required by law or to protect our rights

4. Data Storage and Security

Local Storage: Scan results stored in Chrome's local storage (never on our servers)
Server Storage: Email and subscription status stored in encrypted SQLite database on our server
Encryption: All API communication uses HTTPS/TLS encryption
Retention: Scan history automatically deleted after 30 days (locally)
Security Measures: Industry-standard encryption, secure server configuration, regular updates

5. Your Rights and Choices

Access: View your subscription status in the extension popup
Delete Scan History: Clear scan history via extension settings or by uninstalling
Cancel Subscription: Cancel at any time via Stripe customer portal
Delete Account: Contact support@tyre-kicker.com to delete your account and all associated data
Uninstall: Removes all local data immediately from your browser

6. Cookies

The Chrome extension does not use cookies. Our website (tyre-kicker.com) may use session cookies for authentication during checkout. These cookies are temporary and deleted when you close your browser.

7. Third-Party Services

Stripe: Payment processing. See Stripe Privacy Policy
National Vulnerability Database (NVD): Public CVE data provided by NIST. No personal data transmitted.

8. Children's Privacy

This extension is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@tyre-kicker.com.

9. International Users

Tyre Kicker is operated from the United States. If you are accessing the service from outside the US, your information may be transferred to, stored, and processed in the US. By using the extension, you consent to this transfer.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Users will be notified of significant changes via extension update notes. Continued use of the extension after changes constitutes acceptance of the updated policy.

11. Legal Basis for Processing (GDPR Compliance)

For users in the European Union, our legal basis for processing personal data is:

Legitimate Interest: Providing security analysis tools to developers and security professionals
Contract: Subscription agreement for paid tier users
Consent: By installing the extension, you consent to this privacy policy

12. Important Disclaimer

Tyre Kicker detects possible security issues using pattern matching and public vulnerability databases. Findings may include false positives. All findings should be manually verified before taking action.

This tool is intended for authorized security testing only. Users are responsible for ensuring they have explicit permission to scan websites. Unauthorized scanning may violate laws or terms of service.

13. Contact Us

If you have questions about this privacy policy or your data, please contact us:

Email: support@tyre-kicker.com
Website: https://www.tyre-kicker.com

We will respond to privacy inquiries within 30 days.

Home | Terms of Service | Get Pro