This Privacy Policy describes how LeakAudit ("we","us","our") collects, uses, and shares information when you use our website and services at leakaudit.app (the"Service").
1. Information We Collect
We collect the following categories of information when you use the Service:
- URLs you submit for audit. These are publicly accessible web pages.
- Email address. Optional on free audits; required to unlock the CPR Playbook and receive emailed results.
- Payment information. Processed exclusively by Stripe. We do not store card numbers.
- Usage data. IP address, browser type, pages viewed, and timestamps, used for rate limiting and analytics.
- Audit artifacts. Screenshots, detected tech stack, and generated audit content tied to the URLs you submit.
2. How We Use Your Information
- To generate, deliver, and improve the audit output you requested.
- To process payments for the CPR Playbook and Agency Plan.
- To email you audit results, receipts, and account-related notifications.
- To prevent abuse and enforce rate limits.
- To comply with legal obligations.
3. How We Share Information
We do not sell personal data. We share information only with service providers that are necessary to run the Service:
- Stripe — payment processing.
- Resend — transactional email delivery.
- Supabase — database and file storage.
- OpenRouter, OpenAI, Anthropic — AI model inference on audit data.
- Microlink and thum.io — screenshot capture of submitted URLs.
- Google PageSpeed Insights — performance analysis of submitted URLs.
- PostHog and Google Analytics — product analytics.
4. Public Content
If you opt in to the Wall of Shame, your audit (URL, score, commentary, and screenshot) becomes publicly accessible. You can toggle this off from your dashboard at any time.
5. Data Retention
We retain audit records indefinitely unless you request deletion. Payment records are retained as required by law (typically 7 years).
6. Your Rights
You may request access, correction, or deletion of your personal data by emailing hello@leakaudit.app. EU/UK residents have additional rights under GDPR. California residents have additional rights under the CCPA.
7. Cookies
We use strictly necessary cookies for session management and analytics cookies from PostHog and Google Analytics. You can disable cookies in your browser, but parts of the Service may not function.
8. Security
We use TLS encryption in transit and encryption at rest through our infrastructure providers. No system is perfectly secure — in the event of a breach affecting your data, we will notify you per applicable law.
9. Children
The Service is not intended for users under 13. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be announced via email or a banner on the site. Continued use of the Service after changes constitutes acceptance.
11. Contact
Privacy questions: hello@leakaudit.app.