← Back to home

Security

LLM Scan is designed for public website analysis. We scan public URLs, generate visibility reports, and avoid collecting private application data unless you explicitly provide it through account, billing, or support workflows.

Public-only scanning

  • Scans run against publicly reachable URLs that you submit.
  • We do not log in, bypass access controls, or crawl private dashboards.
  • Reports focus on public signals such as crawlability, robots.txt, llms.txt, sitemap, structured data, semantic HTML, Markdown support, and content signals.

Report visibility

  • Public scan reports are accessible through their report URL so teams can share scores and fixes.
  • Saved dashboard data is tied to your account and team permissions.
  • Do not scan URLs that expose sensitive information publicly.

Data retention and privacy

  • We retain scan metadata, scores, recommendations, and generated fix content to power reports, history, monitoring, and support.
  • Account, billing, and lead information is used to provide the product, process payments, and send requested reports or updates.
  • You can request data export or deletion through account settings or by contacting support.

Infrastructure

  • Hosting on SOC 2-compliant cloud providers.
  • Encrypted data at rest and in transit (TLS 1.2+).
  • Network segmentation and least-privilege access controls.

Application

  • Secure authentication with bcrypt-hashed credentials.
  • CSRF, XSS, and SQL injection protections by default.
  • Regular dependency audits and timely patching.

Operations

  • Role-based access for staff, with audited admin actions.
  • Encrypted backups with tested recovery procedures.
  • Continuous monitoring and incident response playbooks.

Reporting a vulnerability

If you believe you’ve found a security issue, please email security@llmscan.dev. Include a description of the issue, steps to reproduce, and any relevant context. We’ll acknowledge your report within 2 business days.

Please do not publicly disclose the issue until we’ve had a reasonable chance to investigate and remediate.

Compliance

We are continuously working toward and maintaining alignment with industry frameworks. Specific certifications and reports are available on request for customers under NDA.

// One last check

Scan your site before your customers' agents do.

Free forever. Save your reports with an account.