Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

• Account Information: Email address (via Clerk Authentication), name, company name
• Authentication Data: Google account information (if you choose Google sign-in)
• Website URLs: URLs of websites you submit for auditing and analysis
• Marketing Preferences: Your choices regarding promotional communications

1.2 Information We Collect Automatically

• Usage Data: How you interact with our platform, features used, audits run, reports viewed
• Device Information: IP address, browser type, operating system, device identifiers
• Analytics Data: Time spent on platform, click patterns, feature engagement metrics
• Log Data: Server logs, error reports, performance data

1.3 Information from Third-Party Sources

• Website Data: Publicly accessible data from websites you submit for auditing
• SEO Data: Search engine and performance metrics from third-party APIs
• Performance Metrics: Website speed, accessibility, and technical data collected during audits

1.4 Payment Information

We do not store payment information. All payment processing and storage is handled securely by Stripe, our payment processor, in accordance with PCI DSS standards.

2. How We Use Your Information

2.1 To Provide Our Services

• Authenticate your account via Clerk Authentication
• Conduct website audits and performance analysis
• Generate comprehensive audit reports
• Track audit history and compare results over time
• Enable shareable audit links
• Process subscription management through Stripe

2.2 To Improve Our Services

• Analyze usage patterns to enhance platform functionality
• Develop new features and capabilities
• Improve our audit algorithms and scoring methods
• Conduct research on web performance trends

2.3 To Communicate with You

• Send service updates and platform notifications
• Provide customer support and respond to inquiries
• Share relevant web performance insights and platform news
• Send subscription-related communications
• Send promotional emails about our services and other Kaizhen LLC divisions' services (you can opt out at any time)

2.4 For Legal and Security Purposes

• Comply with legal obligations and regulatory requirements
• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service
• Respond to legal requests and court orders

3. How We Share Your Information

3.1 We Do Not Sell Personal Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3.2 Corporate Family

We may share your information within the Kaizhen LLC corporate family, including with other divisions and subsidiaries, for:

• Joint marketing and promotional communications
• Customer service and support
• Business operations and administration
• Product development and improvement

3.3 Service Providers

We share information with trusted third-party service providers who help us operate our platform:

• Authentication: Clerk for account authentication and management
• Payment Processing: Stripe for subscription billing and payment processing
• Database: Supabase for data storage and management
• Hosting: Vercel for platform hosting and infrastructure
• Analytics Services: Vercel Analytics for usage analysis

3.4 Business Transfers

If we undergo a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

3.5 Legal Requirements

We may disclose information when required by law, regulation, legal process, or governmental request.

3.6 Data You Access Through Our Platform

• Audit Reports: Generated reports contain analysis of publicly accessible website data
• Shared Links: Shareable audit links contain anonymized report data
• Performance Data: Website metrics collected during audits (not your personal data)

4. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Authentication Security: Clerk Authentication with industry-standard security practices
• Payment Security: Stripe's PCI DSS compliant payment processing
• Encryption: Data encrypted in transit and at rest
• Access Controls: Limited access to personal information on a need-to-know basis
• Security Monitoring: Continuous monitoring for security threats and vulnerabilities

5. Data Retention and User Control

5.1 Information You Control

• Audit History: Stored until you delete them. You have complete control over your audit reports.
• Shareable Links: You can create, view, and revoke shareable links at any time.

5.2 Information We Retain

• Account Information: Retained while your account is active and for 30 days after account deletion (for account recovery)
• Usage Analytics: Anonymized usage data retained for 24 months for service improvement
• Payment Records: Managed by Stripe according to their retention policies and legal requirements

5.3 Account Deletion

When you delete your account:

• Your audit history is permanently deleted
• Your authentication data is removed from Clerk
• Your payment information remains with Stripe as required for financial recordkeeping
• Analytics data is anonymized and disassociated from your account

6. Your Rights and Choices

6.1 Data You Control Directly

• Audit Reports: View, share, and delete your audit reports at any time
• Shareable Links: Create and revoke shareable links whenever you choose
• Account Management: Update your account information or delete your account entirely

6.2 Communication Preferences

• Email Preferences: Opt out of promotional and marketing emails from SiteGrader and other Kaizhen LLC divisions while continuing to receive service-related communications
• Notification Settings: Control platform notifications and alerts

6.3 Data Access and Portability

• Access: View your account information and audit history
• Export: Download your audit reports and data

6.4 Additional Rights (EU/UK Users)

If you're in the EU or UK, you have additional rights under GDPR/UK GDPR:

• Right to object to processing
• Right to restrict processing
• Right to lodge a complaint with supervisory authorities

7. Third-Party Services

7.1 Clerk Authentication

We use Clerk for secure account management and authentication.

Clerk's privacy policy applies to authentication data: https://clerk.com/privacy

7.2 Stripe Payment Processing

We use Stripe for payment processing. Stripe's privacy policy applies to payment data: https://stripe.com/privacy

7.3 Supabase Database

We use Supabase for database and backend services. Supabase's privacy policy applies: https://supabase.com/privacy

7.4 Vercel Hosting and Analytics

We use Vercel for hosting and analytics. Vercel's privacy policy applies: https://vercel.com/legal/privacy-policy

7.5 Data Processing Agreements

We maintain appropriate data processing agreements with all service providers to ensure your data is protected according to applicable privacy laws.

8. International Data Transfers

Your data may be processed in countries outside your residence, including the United States, where our service providers operate. We ensure appropriate safeguards are in place:

• Clerk: Operates under appropriate international data transfer mechanisms
• Stripe: Maintains compliance with international data protection requirements
• Supabase: Provides data residency options and complies with privacy regulations

9. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

10. California Privacy Rights

If you're a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: We collect email, name, company name, and website audit data
• Right to Delete: Delete your account and associated data (excluding legally required payment records)
• Right to Opt-Out: We don't sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, contact us at damian.k@kaizhenai.com.

11. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email and post the updated policy with a new "Last updated" date.

12. Legal Basis for Processing (EU/UK Users)

We process your personal information based on:

• Contract Performance: To provide our services as agreed
• Legitimate Interests: To improve our services and communicate with you
• Legal Obligations: To comply with applicable laws
• Consent: Where you've provided specific consent (you can withdraw at any time)

13. Contact Us

For questions about this Privacy Policy or our privacy practices: