Synced 17 Jun 2026 22:27 UTC Account
← Home

Privacy Policy

Last updated June 2026

IsItPatched (a CheeseBridge project) respects your privacy. This explains what we collect and why.

What we collect

  • Analytics — we use Google Analytics to understand usage (pages viewed, approximate location, device type). This uses cookies and is loaded only with your consent.
  • "My Stack" & SBOM scans — the products you choose to monitor (and your last in-browser SBOM scan summary) are stored only in your browser (localStorage) by default. They never reach our servers unless you sign in to sync (see Accounts).
  • Account (optional) — if you sign in, we store your email address (for passwordless sign-in) and the product slugs you choose to sync (plus, optionally, the version you run for a product, if you enter it), tied to your account and protected by per-user row-level security so only you can read them. No password is ever set or stored.
  • Emails you send us — if you contact us (or submit feedback), we keep your message to respond.
  • Email alerts & Pro waitlist (optional) — if you subscribe to alerts or join the Pro waitlist, we store your email address, the products you choose to watch, a one-time confirmation/unsubscribe token, and a hashed (not raw) IP address used only to rate-limit abuse.

Email alerts

Email alerts are opt-in with double confirmation — you must click a link in a confirmation email before anything is sent, so our lawful basis is your consent. We email you only when software you've chosen to watch becomes actively exploited or reaches end of life. No marketing, ever.

Every email has a one-click unsubscribe, and you can withdraw consent at any time — we stop immediately. Your data is processed in the EU (Ireland). We keep your subscription until you unsubscribe; to have it erased entirely, just ask (see Your rights).

Accounts (optional)

You don't need an account for the core tools. If you choose to sign in, it's passwordless: we email you a one-time code (there's no password to store or leak). We keep only your email and the product slugs you sync — nothing about your wider environment — locked to your account by row-level security, so no other user and no unauthenticated request can read them. Delete your account and synced data any time by asking (see Your rights); we erase it on request.

What we don't do

We don't sell your data and we don't track your lookups. The core tools work with no account; an account is optional and only adds cross-device sync of the products you choose.

Third parties

We use a small set of trusted processors, each handling only what's needed: Vercel (hosting), Google Analytics (usage analytics, loaded only with consent), Supabase (passwordless accounts/sign-in, alert & sync database, EU region), Resend (sending alert & sign-in emails, EU region), Cloudflare Turnstile (spam/bot protection on the forms), and FormSubmit (delivering feedback-form messages). None of them sell your data.

Your rights

Under UK/EU GDPR you can request access to, or deletion of, any personal data we hold. Contact privacy@isitpatched.com.