Privacy Policy

1. What we collect

We collect the information you provide directly: your name and email address when you create an account, your brand name and website URL when you start a session, and the answers you give to the seven survey questions. We also automatically collect your IP address and browser user-agent for security and abuse-prevention purposes.

2. Who we share with

• Anthropic — Your session inputs are sent to Anthropic’s Claude API to generate your brand report. Anthropic’s own privacy policy governs how they handle API data.
• Stripe — Payment processing. Your card details are handled entirely by Stripe; we never see or store them. Stripe’s privacy policy applies to payment data.
• AWS — Your data is stored and processed on Amazon Web Services infrastructure in [AWS_REGION]. AWS is our cloud hosting provider.
• Cloudflare — Traffic to this site passes through Cloudflare’s CDN and DDoS protection. Cloudflare may log request metadata.

We do not sell, rent, or share your data with any other third parties. We do not use your data to train AI models.

3. Retention

Session data (your inputs, answers, and the generated report) is retained for 90 days after the session is created, then automatically and permanently deleted. Your account information (name, email) is retained until you request deletion. Log data (IP, user-agent) is retained for up to 30 days.

4. Your right to delete

You may request deletion of your account and all associated data at any time by emailing [email protected] with the subject line “Delete my account”. We will process your request within 30 days. Note that session data scheduled for automatic deletion will be deleted on its normal schedule.

5. Cookies

We use a single session cookie to keep you signed in. No advertising, tracking, or third-party analytics cookies are set. Cloudflare may set performance cookies as part of its CDN service.

6. Security

All data is transmitted over HTTPS. Your session data is stored encrypted at rest on AWS. Payment processing is handled by Stripe with PCI-DSS compliance.

7. Jurisdiction

This policy is governed by [JURISDICTION] law. If you are in the European Economic Area or the United Kingdom, you have additional rights under GDPR / UK GDPR including the right to access, rectify, and object to processing of your personal data.

8. DPO contact

For privacy-related questions or to exercise your data rights, contact our Data Protection Officer: [DPO_NAME] at [email protected].

9. Changes

We may update this policy; the “Last updated” date at the top reflects the current version. Material changes will be emailed to active users before taking effect.