Privacy Policy

Audit data. When you run an audit, we receive the URL you submit. We crawl the publicly accessible pages of that domain (up to 1,000 pages), extract page content (HTML, headings, meta tags, JSON-LD structured data), take screenshots, and run our measurement pipeline. We store the audit results, scores, issues, and generated reports.

No personally identifiable information (PII). We do not require signup for free audits. We do not collect names, email addresses, or any PII unless you explicitly provide it (e.g., contacting us by email or signing up for a paid plan). Our scrubSensitive() function actively strips email addresses, tokens, card numbers, and phone numbers from any crawled page content before storage.

Usage metadata. We log IP addresses for rate limiting (capped at 64 characters, sourced from standard request headers). We use standard web analytics. We do not fingerprint browsers.

Payment data. If you subscribe to a paid plan, payment processing is handled by Razorpay. We store the Razorpay payment ID for reference. We never see or store your full card number.

• To run the audit you requested and generate your report.
• To cache results (48-hour TTL) so repeated audits of the same URL return faster.
• To improve our measurement pipeline, scoring weights, and model calibration.
• To send you audit results, alerts, and reports if you're on a paid plan.
• To enforce rate limits and prevent abuse of the free tier.

We do not sell your data. We do not share audit results with third parties. We do not use your audit data to train our own models.

Audit cache: 48 hours. After that, the cached entry expires and is eligible for cleanup via our cleanup_expired() database function.

Audit results: Retained for as long as your account is active, or 12 months for free-tier anonymous audits.

Deletion requests: We support GDPR right-to-erasure via our delete_audit_for_gdpr() database function. Email privacy@resourceai.in and we will delete all data associated with your audits within 30 days.

We use the following third-party services in the course of running audits:

• LLM providers (OpenAI, Anthropic, Google Gemini, DeepSeek, Perplexity) -- we send page content snippets and category queries to these providers as part of the judge pipeline. We do not send PII.
• Supabase -- PostgreSQL database hosting. Data stored in the seo_audit schema with row-level security.
• Upstash Redis -- job queue management. Audit jobs are transient; completed jobs are purged automatically.
• Vercel -- frontend hosting and serverless function execution.
• Razorpay -- payment processing for paid plans.

We use essential cookies for session management and rate limiting. We do not use advertising cookies or third-party tracking cookies. We do not participate in ad networks.

We take the following measures:

• SSRF hardening on all URL inputs (private IP and metadata host blocking).
• URL parameter denylist (token, email, JWT, etc.).
• Sensitive data scrubbing on all crawled content before database storage.
• HTTPS enforced on all endpoints. TLS on all database connections.
• Row-level security on database tables.
• SOC 2 Type II certification is in progress. Expected completion: Q3 2026.

If you are located in the European Economic Area, you have the right to:

• Access the data we hold about your audits.
• Rectify inaccurate data.
• Erase your data (we have a dedicated GDPR deletion function).
• Port your data -- the Receipts tab in every audit lets you download the full JSON.
• Object to processing.

Our legal basis for processing is legitimate interest (providing the service you requested). For paid plans, the basis is contractual necessity.

ResourceAI is a business tool. We do not knowingly collect data from anyone under the age of 16. If you believe a child has used the service, contact us and we will delete the data.

We will update this page when the policy changes and note the date at the top. For material changes, we will notify paid subscribers by email.

Privacy questions: privacy@resourceai.in

ResourceAI
Bangalore, India · New York, USA