Note: This document is a template for review by qualified legal counsel before use in production. It does not constitute legal advice.

Legal

Privacy Policy

Effective: 2026-01-01

1. Who We Are

SnagTrace, Inc. ("SnagTrace," "we," "us," or "our") operates the website snagtrace.com and the SnagTrace grading service. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our Service.

If you have questions about this policy, contact us at privacy@snagtrace.com. For GDPR-related inquiries, contact our Data Protection Officer at dpo@snagtrace.com.

2. What Data We Collect

We collect information in two ways: data you provide to us directly, and data we collect automatically when you use the Service.

Data you provide: When you create an account, we collect your email address and the name you provide. When you subscribe to a paid plan, our payment processor (Stripe) collects your payment information. We do not store full card numbers. When you submit a URL for grading, we record the URL and the resulting grade and signal data.

Data collected automatically: We collect standard web server logs including IP addresses, browser user agent strings, referrer URLs, and timestamps of requests, used only for security, debugging, and abuse prevention. We do not run third-party analytics or cross-site tracking. We use session cookies only for authentication and preference storage.

Data from crawling: When you submit a URL for grading, our crawler fetches the publicly accessible content of that URL. We store the computed grade and signal metrics, not the full page content. We do not access password-protected or private content.

3. How We Use Your Data

We use the data we collect to:

  • Provide and improve the Service, including generating grades and monitoring scores over time
  • Process payments and manage your subscription
  • Send transactional emails such as grade change alerts, receipts, and account notifications (you cannot opt out of these while subscribed)
  • Send product update emails and occasional educational content (you can opt out at any time via the unsubscribe link)
  • Detect and prevent abuse, fraud, and violations of our Terms of Service
  • Analyze aggregate, anonymized usage patterns to improve the Service
  • Comply with legal obligations

We do not use your data to train AI models. We do not sell your personal data. We do not show you advertising.

Automated grading: Your AI-readiness grades and citation results are produced by automated analysis and AI models. They are indicative estimates of how AI engines may treat your site, not guarantees of any engine’s behaviour, and they do not make legal or financial decisions about you. You can contact us to ask how a grade was produced or to request human review.

4. Third-Party Services

We use a limited set of third-party services to operate the Service. Each receives only the data necessary for its function.

  • Stripe: payment processing. Stripe's privacy policy applies to payment data.
  • Clerk: authentication and identity. Clerk stores your email address and session tokens.
  • Vercel: cloud hosting. Our application runs on Vercel's infrastructure in the US.
  • Resend: transactional email delivery.
  • Neon: database hosting (Sydney, Australia). Stores your account, sites, and grading history.
  • Anthropic and OpenAI: AI inference for the citation and recommendation checks. We send the buyer-intent query and brand names (e.g. “best CRM for startups”), not your account or personal data. These providers do not use this input to train their models, per their data-processing terms.

We do not use Google Analytics, Meta Pixel, or other advertising tracking tools. We maintain this list as our sub-processors; we will give notice before adding a new one that handles your data.

5. Data Retention

We retain account data and grading history for the duration of your account plus 90 days after account deletion, unless you request earlier deletion. Server logs are retained for 30 days. Anonymized aggregate metrics are retained indefinitely.

Free-tier grade results (submitted without an account) are retained for 7 days, then deleted.

6. Cookies and Tracking

We use the following cookies:

  • Session cookies: required for authentication. Set by Clerk. Cannot be disabled while using the authenticated parts of the Service.
  • Preference cookies: optional. Store UI preferences such as billing interval selection.

We do not use third-party advertising cookies. We do not use cross-site tracking.

7. Your Rights (GDPR and CCPA)

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@snagtrace.com. We will respond within 30 days.

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your personal data. Deletion of your account removes your grading history and personal information, subject to retention requirements for payment records.
  • Portability: request an export of your data in a machine-readable format.
  • Objection: object to processing of your data for marketing purposes at any time.
  • CCPA: Do Not Sell: we do not sell personal data. This right is automatically satisfied.

If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

SnagTrace is operated from the United States. If you are accessing the Service from outside the US, your data may be transferred to and processed in the US. For transfers of personal data from the EEA to the US, we rely on Standard Contractual Clauses (SCCs) with our service providers where applicable.

9. Security

We use industry-standard security practices including TLS encryption in transit, encrypted storage for sensitive data, and role-based access controls. However, no system is perfectly secure. We cannot guarantee absolute security of your data.

If you believe your account has been compromised or you have discovered a security vulnerability, contact us at privacy@snagtrace.com immediately.

10. Children

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have collected data from a child under 13, contact us at privacy@snagtrace.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service at least 30 days before the changes take effect. The effective date at the top of this page reflects the most recent update.

12. Contact

Privacy questions: privacy@snagtrace.com

GDPR Data Protection Officer: dpo@snagtrace.com

SnagTrace, Inc.