Privacy Policy
Ce document est fourni uniquement en anglais.
Effective date: 10 July 2026 · Data controller: Sejder AB, org. no. 559554-8164, Sweden · [email protected]
1. What this site publishes
Gavroux publishes technical information about company domains: DNS records, TLS certificate metadata, email-authentication configuration (SPF/DMARC/DKIM), detected web technologies, SEO characteristics and AI-crawler directives, plus company name, country and registry number from official public company registries. This is information about organizations and their infrastructure, collected exclusively from publicly accessible sources. We do not scan for, collect, or publish personal data such as private individuals’ names, emails, or behaviour.
2. Legal basis
Where registry data incidentally contains personal data (for example a sole trader whose company name is their own name), we process it under legitimate interest (GDPR Art. 6(1)(f)): informing the public about the security posture of the European web, based on data the organizations themselves make publicly available. We balance this against the interests of the persons concerned — and back it with an unconditional, fast opt-out (below).
3. Opt-out — removal within 48 hours
If you want your domain or company removed from the public site, email [email protected] with the domain name, preferably from an address at that domain (so we can verify you represent it). We remove the public pages within 48 hours and exclude the domain from future publication. No justification is required.
4. Data you give us directly
If you email us or purchase a report, we process your email address and the contents of your message to answer and deliver — legal basis: contract (Art. 6(1)(b)). Purchase records are kept as required by Swedish accounting law. We never sell or share your contact details.
5. Cookies & analytics
The site works without tracking cookies. We use only technically necessary storage and privacy-respecting, aggregate traffic metrics (via our CDN). No advertising trackers, no cross-site profiling.
6. Recipients & transfers
The site is served through Cloudflare (CDN) and hosted on Amazon Web Services in the EU (Stockholm region). Both act as processors; data at rest stays in the EU/EES.
7. Your rights
Under the GDPR you can request access, rectification, erasure, restriction, and object to processing — write to [email protected]. You can also complain to the Swedish Authority for Privacy Protection (IMY).
8. Changes
We may update this policy; the effective date above reflects the current version.