Privacy Policy

Last updated: 17 May 2026

This policy explains clearly what data we collect, why we collect it, how we store it, and what rights you have. We have written it in plain language on purpose — no legal fog.

1. Who We Are

AuditAI ("we", "our", "us") operates the website audit and SEO analysis platform at auditai.fyi. We are an independent product, not affiliated with any large corporation.

2. Information We Collect

We only collect what is genuinely needed to run the service.

Email address — collected when you join the waitlist, sign in via magic link, or complete a payment as a guest. Used for login, receipts, and product updates. You can opt out of product updates at any time.
URLs and code you submit — the websites and code snippets you paste for auditing. These are processed to generate your report and stored anonymously in our database for up to 12 months. We do not link your scan content to your email address in the public database.
Payment information — handled entirely by Razorpay (our payment processor). We never see, store, or have access to your card number, UPI ID, or bank details. We only receive a payment confirmation and your email from Razorpay.
Plan and subscription data — which plan you are on (Free, Starter, Pro, Agency), when you subscribed, your billing cycle (monthly / yearly / one-time), and renewal dates. Stored in our database tied to your account.
Scan usage counts— how many scans you have run (for free-tier rate limiting). Stored as an anonymous counter in your browser's localStorage and server-side for registered users.
Approximate IP address — logged server-side for abuse prevention and rate limiting only. Not linked to your account or shared with third parties.

3. Browser Storage (Cookies, localStorage, sessionStorage)

We use three types of browser storage. Here is exactly what each one stores:

HTTP-only Cookie — `user_session`

Set when you log in. Contains a signed JWT token with your user ID and email. HTTP-only means JavaScript cannot read it — it is purely for server authentication. Expires after 7 days. No third-party tracking cookies are used anywhere on the site.

localStorage — `auditai_plan_v2` & `auditai_free_scans_v1`

auditai_plan_v2 stores your plan tier (pro or agency) so the UI can show your access level instantly without a server round-trip. This is overwritten on every page load by the server confirmation. It persists until you log out or clear your browser data.

auditai_free_scans_v1 stores a count of how many free scans you have used (0–3). Resets when you clear browser data.

sessionStorage — `auditai_plan_session_v2`

Used only for Starter plan users. Stores the value "starter"to grant session-based scan access. sessionStorage is automatically cleared by the browser when you close the tab or browser window — this is how Starter's "session" access model works by design. If you are signed in, your Starter access is re-granted automatically on every page visit via server confirmation.

4. How We Use Your Information

To deliver audit results and AI-generated summaries.
To send magic link emails for passwordless login.
To process payments and manage your plan/subscription.
To send your payment receipt and access confirmation.
To send product updates and announcements — you can opt out at any time.
To enforce free-tier rate limits and prevent API abuse.
To improve the accuracy of audit checks over time (using anonymised, aggregated data only).

5. Data Sharing

We do not sell your personal data to anyone. We do not use advertising networks or tracking pixels. We share data only with these specific service providers, and only the minimum data needed:

Anthropic — receives the URL or code snippet content for AI-powered analysis. No personally identifiable information (PII) is included in prompts.
Resend — receives your email address to deliver transactional emails (magic links, receipts). No marketing emails are sent via Resend without your consent.
Razorpay — receives your email and payment details for processing. Governed by Razorpay's Privacy Policy.
Hostinger — our server hosting provider. Stores all database and application data in their data centres.

6. Data Retention

Scan records (URLs, scores, issue lists) — retained for 12 months, then automatically deleted.
Account data (email, plan, referral code) — retained while your account is active. Deleted within 30 days of an account deletion request.
Payment records — retained for 7 years as required by financial regulations.
Server logs (IP addresses, request timestamps) — retained for 30 days for security monitoring, then deleted.

7. Your Rights

Regardless of where you are located, you have the right to:

Access — request a copy of all data we hold about you.
Correction — ask us to correct inaccurate data.
Deletion — ask us to delete your account and associated data.
Opt-out — unsubscribe from product emails at any time using the link in any email we send.
Data portability — request your scan history in a machine-readable format.

To exercise any of these rights, email support@auditai.fyi. We respond within 30 days.

8. Security

All data is transmitted over HTTPS (TLS 1.2+).
We use passwordless magic-link authentication — no passwords are ever stored.
Session tokens are signed with HMAC-SHA256 and expire after 7 days.
Payment data never touches our servers — handled entirely by Razorpay's PCI-compliant infrastructure.
Database access is restricted to server-side code only. No direct public database access exists.

9. Children

AuditAI is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with personal data, contact us immediately and we will delete it.

10. Changes to This Policy

We will notify registered users by email of any material changes to this policy. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the service after changes constitutes acceptance.

11. Contact

For privacy questions, data requests, or concerns, email us at support@auditai.fyi.