Privacy Policy

Final wording is pending counsel review. The substance below is accurate but the exact legal language will be adjusted before general availability.

Account data — name, email, hashed password or auth provider id, organization membership.

Billing data — managed by Stripe; we store only customer ids and subscription state, never raw payment instruments.

Audit data — URLs you submit, generated reports, Lighthouse runs, screenshots, AI reasoning traces.

Telemetry — request logs, error traces (Sentry), Inngest run records. We do not run third-party analytics that profile end users.

To deliver and operate the service, including running audits and rendering reports.

To process payments via Stripe and send transactional email via Resend.

To improve product quality through aggregate, deidentified usage analysis.

To detect abuse and enforce acceptable use.

Subprocessors listed on the Security trust center page — Vercel (hosting), Supabase (database + auth + storage), Stripe (payments), Resend (transactional email), Sentry (errors), Inngest (durable execution), Jina Reader (page extraction), Google PageSpeed Insights (lab metrics), OpenAI (report reasoning).

Law enforcement only in response to valid legal process and only the minimum data required.

Access, correct, or delete your data through the dashboard. For requests we cannot complete in-app, email privacy@pagereflect.com — we respond within 30 days.

If you are an EU/UK data subject, you have additional rights under GDPR; if you are a California resident, under CCPA/CPRA. Exercise either by emailing privacy@pagereflect.com.

Audit reports default to 90 days; Pro plans extend to 365 days; Enterprise plans are custom.

Account data is retained for the life of the account plus 30 days after deletion (to allow recovery).

Sentry / Inngest logs follow their providers' defaults.

Email privacy@pagereflect.com with any privacy question. Postal address available on request.