What does SiteAuditLab check?

SiteAuditLab scans any public URL across six categories: Security (HTTP headers, SSL/TLS, exposed paths), Performance (TTFB, Core Web Vitals, compression), SEO (meta tags, Open Graph, structured data), Uptime (availability, response time), GA4 & Analytics (tracking tag detection and validation), and Tech Stack (frameworks, CMS, CDN, libraries). No signup required.

Is SiteAuditLab free?

Yes. Anyone can scan any public URL for free, with no account required. Signing in unlocks additional features including unlimited scans, full scan history, scheduled monitoring, and deeper analytics detection.

How long does a website audit take?

Most scans complete in under 15 seconds. The tool simultaneously checks security headers, SSL certificates, page performance, SEO meta tags, uptime, analytics tags, and tech stack fingerprinting.

Can I scan multiple URLs at once?

Yes. SiteAuditLab supports batch scanning of up to 5 URLs simultaneously, making it easy to compare your site against competitors or audit multiple pages at once.

Does SiteAuditLab check Google Analytics setup?

Yes. The Analytics category detects GA4 Measurement IDs, Google Tag Manager containers, dataLayer push events, Meta Pixel, Segment, Hotjar, Microsoft Clarity, and other tracking tools — and flags potential misconfigurations.

Back to SiteAuditLab

Privacy Policy

Effective date: March 15, 2025

1. Overview

SiteAuditLab ("we", "our", or "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

2. Information We Collect

Account information: When you sign in with Google or GitHub OAuth, we receive your name, email address, and profile photo from the OAuth provider. We store only your name, email, and avatar URL.

Scan data: We store the URLs you scan along with the results, grades, and timestamps. Authenticated users have scans linked to their account. Anonymous scans are stored without user association.

Scheduled scans: If you set up scheduled monitoring, we store the target URL, frequency, email address, and scan categories.

Usage data: We collect minimal usage data including IP addresses (for rate limiting only) and HTTP request logs. IP addresses used for rate limiting are automatically purged after 1 hour.

Analytics data: If you consent, we collect anonymised interaction data via Google Analytics 4 (GA4) — including pages visited, time on site, country-level location (not precise), device type, and how you arrived at the site. This data is never linked to your account without consent.

3. How We Use Your Information

To provide and improve the scanning service
To authenticate you and maintain your account
To send scheduled scan reports to your specified email address
To enforce rate limits and prevent abuse
To generate aggregated, anonymized statistics about scan patterns
With your consent, to measure site performance and understand how visitors use SiteAuditLab via Google Analytics 4

We do not sell your personal information to third parties. We do not use your data for targeted advertising or personalised ad campaigns.

4. Google Analytics & Advertising Features

We use Google Analytics 4 (GA4) to understand how visitors interact with SiteAuditLab. GA4 is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Analytics data is only collected after you have given explicit consent via our cookie banner.

Features implemented:

Basic measurement (page views, session duration, scroll depth, events)
GA4 standard reports (audience overview, acquisition, engagement)
Google Signals (aggregated cross-device insights) — enabled only with analytics consent

Cookie usage:

First-party cookies set by GA4 (_ga, _ga_*) are used to distinguish users and sessions and to measure interactions on this site only.
Third-party cookies may be set by Google's measurement infrastructure (e.g., _gcl_au for Google Ads conversion linking) if Google Signals is active. These allow Google to associate your activity on our site with your Google account activity in aggregate, where you have enabled ad personalisation in your Google Account settings.
We use Google Consent Mode v2. By default, all analytics and advertising signals are set to denied. They are only activated after you explicitly accept analytics cookies via our consent banner.

No interest-based advertising: We do not currently run Google Ads Remarketing or interest-based advertising campaigns. We have not enabled the Google Analytics Advertising Reporting Features that require separate disclosure (e.g., Demographics & Interests reports). If this changes, this policy will be updated.

How to opt out of Google Analytics:

Use the cookie banner on this site — click "Decline" or toggle off Analytics cookies. You can change your choice at any time via the "Manage Cookies" link in the footer.
Install the Google Analytics Opt-out Browser Add-on to block GA measurement across all websites.
Manage Google's use of your data for personalised advertising via Google Ad Settings.
Opt out of interest-based advertising from participating companies via the NAI consumer opt-out or Your Online Choices (EU).

For more information on how Google uses data collected through our site, see How Google uses information from sites or apps that use our services.

5. Data Retention

Scan reports are retained indefinitely for authenticated users (accessible via your scan history). Anonymous scan reports are retained for 30 days and then permanently deleted.

If you delete your account, all associated scan history, scheduled scans, and personal data will be permanently deleted within 30 days.

Google Analytics data is retained for 14 months in Google's systems, after which it is automatically deleted. You can request deletion of your GA data at any time by opting out via the methods above.

6. Third-Party Services

We use the following third-party services:

Google OAuth & GitHub OAuth — for account authentication. Subject to their respective privacy policies.
Google Analytics 4 — for anonymised usage measurement (analytics consent required). Google LLC, USA. Subject to Google's Privacy Policy and Google Analytics Data Processing Terms.
PostgreSQL database — for storing scan results and account data.
SMTP email provider — for delivering scheduled scan reports.

We do not share your personal data with any other third parties.

7. Cookies

We use the following categories of cookies:

Strictly necessary: A session cookie (next-auth.session-token) to maintain your authenticated state. Cannot be disabled for logged-in users.
Analytics (optional): Google Analytics 4 cookies (_ga, _ga_R4BV5FB59N) — only set after you give analytics consent. These expire after 13 months.

We implement Google Consent Mode v2. All non-essential cookies are blocked by default until you provide consent. You can withdraw or change your consent at any time using the "Manage Cookies" link in the site footer.

We do not use advertising cookies, retargeting cookies, or any cookies for cross-site tracking.

8. International Transfers & Regional Rights

Google Analytics data may be transferred to and processed in the United States by Google LLC. Such transfers are governed by Google's data processing terms which incorporate Standard Contractual Clauses approved by the European Commission.

European Union / EEA / UK users: We comply with the EU User Consent Policy and applicable data protection law (GDPR / UK GDPR). You have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. To exercise these rights, contact us at privacy@siteauditlab.com. You also have the right to lodge a complaint with your local supervisory authority.

California users (CCPA/CPRA): We do not sell or share your personal information for cross-context behavioural advertising. You have the right to know, delete, and opt out. Contact us at the address below to exercise these rights.

Japan: If Google provides us with non-personally identifiable information relating to Japanese users through Google Analytics, we will not merge that information with personally identifiable information without first obtaining all legally required consents under the Act on the Protection of Personal Information (APPI).

9. Security

We implement industry-standard security measures including HTTPS encryption for all data in transit, secure password storage (we never store OAuth passwords), and access controls on all data stores.

10. Your Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and associated data
Export your scan history data
Withdraw analytics consent at any time via the "Manage Cookies" link in the footer

To exercise these rights, contact us at privacy@siteauditlab.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The effective date at the top of this page will always reflect the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests, contact us at privacy@siteauditlab.com.