Privacy Policy

Last updated 9 July 2026

1. What we collect

Account data: your email address and a password (stored as a hash by our authentication provider, Supabase). Workspace and project names you choose.

Analysis data: the website URLs you submit, crawl results, keyword and competitor data, generated reports, strategies and content — stored so your history and reports keep working.

Leads: if you embed our audit widget on your site, the name/email your visitors submit is stored in your workspace for you.

Technical data: IP addresses are used for rate limiting and abuse prevention; standard server logs are kept by our hosting provider.

Crawl session cookies: if you use "Crawl behind a login", the session cookie you paste is used only for the duration of that crawl, is scoped to the audited domain, and is never stored or logged.

Payments: when paid checkout is available it is processed by Stripe — we receive your subscription status, never your card details.

2. How we use it

To run the analyses you request, keep your report history, operate rank tracking and scheduled re-audits you set up, send transactional email (e.g. password resets, scheduled-report notifications), and protect the platform from abuse.

We do not sell your personal data, and we do not use your data for advertising.

3. Who processes it for us

We use a small set of processors to operate the Service: Vercel (hosting), Supabase (database and authentication), Anthropic (AI analysis of the content you submit), DataForSEO (search-engine data), Google APIs (optional Sheets/Slides export and page-speed data), Stripe (payments), and Resend (transactional email), plus stock-image providers when you generate images.

Each processor receives only what it needs to perform its function. Public web pages you ask us to audit are fetched directly from the site in question.

4. Retention and deletion

Analysis history is retained so your workspace keeps working; you can archive projects at any time.

To delete your account, a workspace, or specific data, email us and we will action it within 30 days. (A self-serve deletion control is on our roadmap.)

5. Your rights

Under Singapore's Personal Data Protection Act (PDPA) you may request access to or correction of your personal data, and withdraw consent to its use (which may mean closing your account).

Requests: tanjunsing8@gmail.com. We respond within 30 days.

6. Cookies

We set authentication/session cookies needed to keep you signed in. We do not set third-party advertising or cross-site tracking cookies.

7. Security

Data is encrypted in transit (HTTPS) and at rest by our providers. Access to production data is restricted to the operating team. Row-level tenancy keeps each workspace's data isolated from every other workspace.

No system is perfectly secure — if we learn of a breach affecting your personal data we will notify you as required by law.

8. Changes and contact

We will signpost material changes to this policy in the app or by email.

Data protection contact: tanjunsing8@gmail.com.

See also our Terms of Service.