Privacy Policy

Who controls your information

KORDU LTD, registered in England and Wales with company number 16836154, is responsible for personal data processed through isitready.dev. Contact us at legal@kordu.gg.

Information we process

We process submitted scan URLs, normalized target URLs, selected check IDs, generated scan results, report IDs, report paths, report timestamps, request metadata, and operational logs needed to run and protect the service.

Generated reports may include public evidence from the target site, such as HTTP status codes, response headers, titles, meta descriptions, canonicals, robots.txt and sitemap references, structured-data types, DNS and Cloudflare-related signals, public performance evidence, affected public URLs, and remediation text.

When rate limiting is active, we may process a hashed key derived from the client IP address and scan endpoint. We do not store the raw IP address in the fallback rate-limit record. When Cloudflare Turnstile is enabled, Cloudflare may process verification tokens, IP address, hostname, action, and device or browser signals needed to distinguish humans from automated abuse.

We store the isitready-theme cookie if you choose a light, dark, or system theme preference.

Sources of information

We receive submitted scan URLs and optional check selections from the person or tool starting the scan.

We obtain scan evidence from publicly accessible target websites, DNS responses, HTTP responses, and configured public data providers such as Google PageSpeed Insights, Chrome UX Report, MDN Observatory, and Cloudflare DNS-over-HTTPS where those checks are enabled or reachable.

We receive request metadata, security signals, hosting logs, and Turnstile verification results from Cloudflare and the Cloudflare Workers platform.

How we use information

We use this information to provide public scan results, prevent abuse, debug service reliability, enforce rate limits, maintain security, and improve scanner accuracy.

We do not provide user accounts on this service. We do not intentionally collect website login credentials, private analytics, payment card data, or private ownership evidence through the scanner.

Lawful bases

We process scan submissions and reports to provide the service requested by the user and to take steps requested before any contract is formed.

We process rate-limit data, security logs, Turnstile verification data, abuse evidence, and reliability data based on our legitimate interests in securing, operating, debugging, and improving a public scanner.

We may process and retain notices, correspondence, and enforcement records where needed for legal obligations, legal claims, or legitimate business administration.

Retention

Public scan reports are stored in Cloudflare KV for up to 7 days. Report IDs and report paths are unlisted but not account-protected, so a person with the report link can view the report during that retention period.

Reusable report indexes are stored for the same report-retention period. Public enrichment-cache entries, such as PageSpeed or CrUX check results for a site scope, are normally cached for about 12 hours plus a short expiry buffer. Negative scan-failure cache entries are normally retained for minutes.

Fallback rate-limit records expire shortly after the rate-limit window. In-memory operational caches may exist for the lifetime of a Worker isolate and are bounded by entry count.

Some security, platform, and delivery logs may be retained by infrastructure providers for their standard operational periods.

Sharing and processors

We use service providers such as Cloudflare to host, cache, secure, rate-limit, verify, and deliver isitready.dev. These providers process information only as needed to provide their services and protect the platform.

When configured checks use external public-data providers, the normalized public target URL or hostname may be sent to those providers to retrieve performance, field-metric, DNS, or security-observatory evidence.

We may disclose information when required by law, to enforce our policies, to investigate abuse or security incidents, or to protect rights, users, and the service.

International transfers

We operate a globally reachable Cloudflare-hosted service. Cloudflare and other providers may process data in the UK, EEA, United States, or other locations where they or their subprocessors operate, using their applicable transfer safeguards and data-processing terms.

Your choices and obligations

You do not have to submit a URL, but the scanner cannot produce a report without one. Do not submit private URLs, credentials, access tokens, or targets you are not authorized to test.

You can delete or block the theme cookie in your browser. If Turnstile is required and blocked, fresh scans may not start.

Automated decisions and children

The scanner automatically calculates technical scores and report findings from public evidence, but it does not make decisions with legal or similarly significant effects about individuals.

isitready.dev is not directed to children, and we do not knowingly collect children's personal data through the scanner.

Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data. Send privacy requests to legal@kordu.gg.

If you are in the UK, you may also complain to the Information Commissioner's Office. We ask that you contact us first so we can try to resolve the issue.