Privacy Policy

Effective date: July 5, 2026

2643194 Ontario Inc. ("we", "us", "our") operates digitaldiscoverability.com (the "Service"). This policy explains what personal data we collect, why, how long we keep it, and your rights. We are the data controller for the personal data described here. Contact: dd@digitaldiscoverability.com.

1. What we collect

  • Email address — you provide it at checkout so we can deliver your report, receipt, and expiry reminder. Collected for order fulfillment.
  • Newsletter / tool-launch alerts (optional) — if you subscribe to updates or ask to be alerted when a tool launches, we store your email and, for a launch alert, which tool you're interested in, so we can send those emails. This is separate from a purchase, consent-based, and you can unsubscribe at any time.
  • Submitted website URL — the site you ask us to analyze.
  • Payment information — processed by Stripe (our merchant of record). We do not receive or store your full card number. We store a payment/transaction reference (e.g. payment intent ID), amount, currency, and date.
  • The report we generate — derived from public data about the submitted website and third-party AI and search-data sources. Stored with your job so you can access it during the retention window.
  • Technical and usage data — via cookies and analytics (see our Cookie Policy): device/browser information, pages viewed, and, where you have consented, session-replay and product analytics. IP address is processed transiently for rate limiting and abuse prevention.

We do not knowingly collect data from children, and the Service is not directed to anyone under 18.

2. Why we use it (legal bases)

  • Deliver the report, receipt, and reminders (email, URL, report) — performance of a contract.
  • Process payment and meet tax/accounting obligations (payment reference, amount, date) — contract; legal obligation.
  • Security, rate limiting, and fraud/abuse prevention (IP, request metadata) — legitimate interests.
  • Analytics, session replay, and marketing tags (usage data, cookies) — consent.
  • Send product news and tool-launch alerts you signed up for (email) — consent.
  • Respond to your enquiries (contact form data) — legitimate interests / consent.

Where we rely on consent (analytics, replay, non-essential cookies), you may withdraw it at any time without affecting prior processing.

3. Who we share it with (sub-processors)

The only personal information we share is your email address, and only with the two providers that need it to fulfill your order:

  • Stripe — processes your payment (as merchant of record) and issues your receipt.
  • Resend — delivers your receipt, results, and reminder emails.

Everything else in the analysis runs on publicly available data — the website URL you submit and the public content on that page — not your personal information. These providers never receive your email:

  • Firecrawl — crawls the public pages of the URL you submit.
  • Google (Web Risk) — checks that URL against known-unsafe sites.
  • DataForSEO — looks up public search-keyword data for the domain.
  • AI model providers (OpenAI, Anthropic, Google Gemini, Perplexity, xAI; OpenRouter for overflow) — run the analysis over the public website content.
  • Braintrust — records diagnostics for those AI calls (no email attached).

Finally, a few providers help us run and protect the site itself:

  • Railway — our hosting and database; stores your order record (including your email) on our behalf.
  • hCaptcha — spam/abuse protection on forms (processes your IP and interaction signals).
  • Plausible — privacy-focused, cookieless website analytics: aggregate traffic only, with no cookies, no cross-site identifiers, and no personal data that could identify you. It runs for all visitors and needs no cookie banner.
  • Google Analytics / Google Tag Manager and PostHog — website analytics, loaded only if you consent via our cookie banner.

Some providers are located outside your country (including the United States); where personal data is transferred internationally we rely on appropriate safeguards such as Standard Contractual Clauses. We never sell your personal data.

4. How long we keep it

  • Report content and the interactive results page: available for 90 days after your analysis completes. After that window (plus a short grace period) we delete the report content and anonymize the personal data associated with it (including removing your email from the report record).
  • Transaction records: we retain minimal, non-report financial records (order reference, amount, currency, date) for the period required by tax and accounting law (typically 6-7 years), after which they are deleted. Stripe, as merchant of record, retains its own transaction and receipt records under its policies.
  • Analytics data: retained per the retention settings of the analytics providers (see the Cookie Policy).

5. Your rights

Depending on where you live (e.g. the EU/UK under GDPR, or California under the CCPA/CPRA), you may have the right to: access the personal data we hold about you; correct it; delete it ("right to erasure"); restrict or object to processing; data portability; and to withdraw consent. You also have the right to complain to your local data-protection authority.

To exercise any right — including deleting your data before the automatic 90-day purge — email dd@digitaldiscoverability.com with the email address and, if applicable, the report link involved. We will respond within the timeframe required by applicable law.

6. Security

We use industry-standard measures (encryption in transit, access controls, secret scanning) to protect your data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Changes

We may update this policy. The "Effective date" reflects the latest version; material changes will be noted on this page.

8. Contact

Privacy questions or requests: dd@digitaldiscoverability.com — 2643194 Ontario Inc.