We keep as little as possible.

Short version: we scan publicly available websites, keep short-lived cache data for results and abuse prevention, and don't require accounts or collect marketing data.

What we collect

• URL you submit — the publicly accessible website address you choose to audit.
• IP address — used solely for scan rate limiting (up to 10 fresh scans per hour). Stored in temporary Cloudflare Durable Object state and rolled over automatically every hour.
• Scan results — cached so you can view and share them. Recent-domain cache entries expire after about 5 minutes, and shareable result snapshots expire automatically after 30 days.
• Email address — only if you voluntarily join the optional Pro waitlist.

What we don't collect

• No required user accounts or mandatory signup
• No cookies or browser fingerprinting
• No analytics or tracking scripts
• No third-party data sharing or selling

How the audit works

When you submit a URL, our scanner fetches the publicly available HTML — exactly like any web crawler or search engine would. We analyse the content for AI readiness signals, generate a report, and cache it temporarily in Cloudflare KV (a key-value store with automatic expiry).

We only scan public-facing pages. We don't access password-protected content, private APIs, or anything behind authentication.

Infrastructure

AIAudit runs entirely on Cloudflare Workers. There are no traditional servers or user accounts. Temporary scan data uses Cloudflare KV with TTL-based expiry, and IP rate limiting uses a Cloudflare Durable Object with an hourly reset window.

Rate limiting

To prevent abuse, we allow up to 10 fresh scans per IP address per hour. Recently scanned domains may return cached results for a few minutes instead of launching a fresh run, unless you explicitly request a forced re-scan.

Contact

Questions? Reach out at jack@mcpick.link

Last updated: March 2026