Security

Transparency and security are core to our mission

Our Security Commitment

Gecko Advisor is built on the principle that privacy tools should be transparent and trustworthy. As an open-source project, our entire codebase is publicly auditable. We practice what we preach: no tracking, no hidden data collection, and complete transparency about how we operate.

What We Scan

User-Submitted URLs Only

We only scan websites that users explicitly request. No automated crawling or unsolicited scanning.

Shallow, Respectful Crawls

Maximum 10 pages or 10 seconds per scan. We respect robots.txt and server resources.

Public Content Only

No authentication bypass attempts. We only analyze publicly accessible content.

Rate Limiting

Abuse prevention mechanisms protect both our infrastructure and target websites.

What We DON'T Collect

👤

No User Tracking

No analytics, no behavioral tracking, no user profiles

🍪

No Cookies

We analyze cookies but don't use them ourselves

📧

No Personal Data

No email addresses, names, or contact information collected

🔑

No Accounts

Anonymous by design—no login or authentication required

Open Source Advantage

Full Code Transparency

Every line of code is public on GitHub. Community auditable and reproducible.

No Hidden Backdoors

Open source means no hidden data collection or secret functionality.

Community Security

Security researchers and developers worldwide can review and improve our code.

Public Issue Tracking

All bugs and security issues are tracked openly on GitHub.

View Source Code on GitHub

Responsible Vulnerability Disclosure

We welcome security researchers to help us maintain the security of Gecko Advisor. If you discover a vulnerability, please report it responsibly.

📧
⏱️
Response Time: Within 48 hours
📅
Disclosure Timeline: 90-day coordinated disclosure
🏆
Recognition: Security Hall of Fame for responsible reporters

We commit to no legal action against security researchers who report vulnerabilities in good faith.

Data Retention Policy

30-Day Report Retention

Public scan reports are retained for 30 days, then automatically deleted.

No PII Collection

We don't collect personally identifiable information, so there's nothing to retain.

IP Address Handling

IP addresses used only for rate limiting. Not logged or stored persistently.

Right to Deletion

Contact us to request early deletion of any scan report you submitted.

Infrastructure Security

HTTPS Everywhere

TLS encryption for all connections

DDoS Protection

Cloudflare protection against attacks

Dependency Scanning

Automated security updates via Dependabot

Container Isolation

Docker containers for service isolation

CI/CD Security

Automated security scanning in pipeline

Regular Audits

Periodic security reviews and updates

The Irony We Embrace

We analyze websites for privacy violations while committing to never track our own users. Gecko Advisor doesn't use analytics, doesn't set cookies, and doesn't collect personal data. This isn't just philosophy—it's built into our architecture. When you use our scanner, you remain anonymous. That's a promise, not marketing.

Back to Scanner