Privacy Policy

Account Information: When you sign up, we collect your email address, name, and profile photo (if signing in via GitHub or Google OAuth).

Scan Data: We store the URLs you scan, the bugs detected, scan results, and debate verdicts. This data is tied to your user account.

Usage Data: We collect information about how you use the Service — pages visited, features used, scan frequency, and error logs — to improve the product.

Payment Information: Payment details are processed by Lemon Squeezy. We do not store your credit card number. We only receive confirmation of successful payment and your subscription tier.

Cookies: We use cookies for authentication sessions and analytics. See our Cookie Policy for full details.

To provide the Service: Your scan data is used to display results, history, and debate verdicts in your dashboard.

To improve the Service: Aggregated, anonymized usage data helps us understand what features work and what needs improvement.

To communicate with you: We may send transactional emails (scan complete, payment receipt) and occasional product updates. You can opt out of marketing emails at any time.

To enforce our Terms: We use account data to detect abuse, enforce scan limits, and protect the integrity of the platform.

Anthropic: Bug data is sent to Anthropic's Claude API to generate debate arguments and verdicts. Anthropic's data policies apply to this processing.

Browserless.io: URLs you scan are sent to Browserless.io for browser automation. No personal data beyond the URL is shared.

Supabase: Your account and scan data is stored in Supabase. Data is encrypted at rest and in transit.

GitHub: If you connect GitHub, we use OAuth tokens only to create issues on your behalf. We do not read your private repositories.

No selling: We do not sell, rent, or trade your personal information to any third party for marketing purposes.

Scan history: Scan results are retained for 30 days and then automatically deleted from active storage.

Account data: Your account data is retained while your account is active. You may request deletion at any time.

Backups: Backup copies may be retained for up to 90 days after deletion for disaster recovery purposes.

Access: You can request a copy of all personal data we hold about you.

Correction: You can update your account information at any time.

Deletion: You can request deletion of your account and all associated data by emailing us.

Portability: You can request your scan data in a machine-readable format.

Encryption: All data is transmitted over HTTPS. Database data is encrypted at rest.

Access control: Only authorized personnel have access to production data. Access is logged and audited.

Breach notification: In the event of a data breach, we will notify affected users within 72 hours.

Age restriction: The Service is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If we become aware we have collected such data, we will delete it immediately.

Updates: We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice. Continued use of the Service after changes constitutes acceptance.

Privacy questions: For any privacy-related questions, data requests, or to exercise your rights, contact us at privacy@redblueqa.com.