Privacy policy
Last updated: July 2026
Controller
The controller for data processing on scan.mx is Fili Wiese, Friedrichstr 155, 10117 Berlin, Germany. Contact: privacy@scan.mx.
What is processed
When a check runs, the service processes the domain you submit and request metadata: IP address, ASN, country, user agent, and the Cloudflare Ray ID. This is used to run the check, enforce rate limits, and prevent abuse. The lawful basis is legitimate interest (Art. 6(1) (f) GDPR) in operating a functional, non-abused free service.
The domains you check and their results are stored as reports and served as public permalinks. Reports contain only publicly available DNS and mail-server configuration data, not personal data about you.
Retention
Reports are cached for a short period (about one hour) and then expire. Audit-log metadata is retained for a limited period for abuse prevention and legal defence, and then deleted by a scheduled cleanup, unless longer retention is required for a specific incident or legal obligation.
Processors and infrastructure
The service runs on Cloudflare (edge compute and storage). Cloudflare processes requests as a data processor and may set security-related cookies. DNS lookups are made to public DNS-over-HTTPS resolvers. Blacklist checks may query third-party blacklist operators.
Analytics
Aggregate, privacy-oriented analytics are collected with a self-hosted Plausible instance. It records page views without cookies and without cross-site tracking or advertising use.
Your rights
Under the GDPR you have the right to access, rectification, erasure, restriction, objection, and data portability, and the right to lodge a complaint with a supervisory authority. To exercise these rights, contact privacy@scan.mx.
Domain owners
Domain owners can de-index a report or block scanning of a domain on the opt-out page.