Privacy
Last updated 21 May 2026
SOURCE Audit is a free tool by StudioHawk. We try to be obviously honest about data — no dark patterns, no surprise emails, no selling your data. This page explains what we collect and how to make us forget about you.
1. What we collect
- The domain you submit. The whole point of the audit.
- Your IP address. For rate limiting and abuse prevention. We don't link it to identities.
- Your browser user-agent. For abuse-pattern detection and to debug rendering issues.
- The audit results. Scores, findings, screenshots, criterion-level evidence — programmatic plus an LLM analysis of your site.
- UTM parameters if your visit came from a tagged link (helps us know which channels work).
2. Why we collect it
To run the audit, prevent abuse of a free tool, and improve the rubric over time. That's it. We don't track you across the web. There's no third-party advertising pixel on this domain.
3. Where it lives
- Cloudflare D1 — audit metadata + criterion scores.
- Cloudflare R2 — screenshots from the audit. Auto-deleted after 90 days.
- Cloudflare KV — rate-limit counters. 24-hour retention.
All data lives in Cloudflare's global network. We don't ship audit data to third-party analytics warehouses.
4. Report URLs are public
Anyone with the /report/{uuid} URL can view it. The UUID is unguessable, but it isn't password-protected. Treat sharing a report link the same way you'd treat sharing a screenshot of your site — be deliberate about who you send it to.
If a report URL leaks and you want it taken down, use the removal form.
5. How long we keep it
By default, reports are kept indefinitely so you can re-share old URLs and we can compare scores across runs. Screenshots auto-expire after 90 days.
You can opt out and have a report (or all reports from your email) deleted via the remove form. We action requests within 7 days.
6. Third-party services we use to build your audit
- Anthropic (Claude API) — runs the LLM-based parts of the audit (uniqueness, relevance, verdict). Anthropic receives page content as part of the prompt; per Anthropic's terms, that content is not used to train their models.
- Brave Search API — for off-platform signals (do other sites cite you?). Brave sees only the brand-search query, not your site contents.
- Google PageSpeed Insights — for Core Web Vitals data. Google sees the URL we audit.
- Wikipedia / Wikidata — public API lookups by brand name for credibility signals.
- Cloudflare — hosts the tool. Sees standard HTTP request metadata (IP, headers).
- Slack — if you click the "Book a call" CTA on a report, we notify our sales channel with the domain + score. No personal info unless you supply it when you actually book.
7. Opting out / removing your audit
Submit the remove form with your email. Add the audit UUID if you have it (it's in the report URL). Leave the UUID blank to ask us to remove every audit associated with your email. We process within 7 business days.
8. Governing law
This tool is operated by StudioHawk in Australia. Your data is handled under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. If you have a concern we haven't resolved, you can contact the Office of the Australian Information Commissioner (OAIC).
9. Contact
Privacy questions: [email protected]