Privacy Policy

1. Introduction and Overview

Welcome to PageRoast ("Company," "we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://pageroast.io (the "Website") and use our AI-powered landing page audit services (collectively, the "Services").

This Privacy Policy applies to all information collected through our Services, as well as any related services, sales, marketing, or events. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Website or use our Services.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Website and Services after the date such revised Privacy Policy is posted.

This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and other applicable data protection laws.

2. Data Controller Information

For the purposes of the GDPR and other applicable data protection laws, PageRoast is the data controller responsible for your personal data. This means we determine the purposes and means of processing your personal data.

Contact Information:
PageRoast
Email: contact@pageroast.io
Website: https://pageroast.io

If you have any questions or concerns about this Privacy Policy or our data practices, you may contact our Data Protection Officer at contact@pageroast.io. We will respond to your inquiry within 30 days or as required by applicable law.

3. Information We Collect

3.1 Personal Data You Provide to Us

We collect personal information that you voluntarily provide to us when you register on the Website, express interest in obtaining information about us or our products and Services, participate in activities on the Website, or otherwise contact us. The personal information we collect may include:

• Account Information: Name, email address, username, password, and other registration information you provide when creating an account.
• Payment Information: Credit card numbers, billing address, and other payment details processed through our third-party payment processor Stripe. We do not store complete credit card numbers on our servers.
• Communication Data: Information contained in any correspondence, support tickets, or communications you send to us, including email addresses and message content.
• Profile Information: Any additional information you choose to add to your account profile, such as company name, job title, or profile picture.
• Survey and Feedback Data: Information you provide in response to surveys, questionnaires, or feedback forms.

3.2 Information Collected Automatically

When you visit, use, or navigate our Website and Services, we may automatically collect certain information. This information does not reveal your specific identity but may include:

• Device and Browser Information: Browser type, browser version, operating system, device type, device identifiers, screen resolution, and language preferences.
• Log and Usage Data: IP address, access times, pages viewed, pages visited before and after visiting our Website, links clicked, and other actions taken within our Services.
• Location Data: General geographic location based on IP address (country, region, city). We do not collect precise geolocation data.
• Cookies and Similar Technologies: Information collected through cookies, pixel tags, web beacons, and similar tracking technologies. Please see our Cookie Policy for more details.

3.3 Information Related to Our Services

When you use our landing page audit services, we collect and process the following information:

• URL Information: The URLs of landing pages you submit for analysis.
• Screenshot Data: Visual captures of your landing pages across multiple device viewports (desktop, tablet, mobile) for AI analysis.
• Audit Results: The analysis results, scores, findings, and recommendations generated by our AI system.
• PDF Reports: Generated audit reports that may be stored on our servers and cloud storage providers.

3.4 Information from Third Parties

We may receive personal information about you from third parties, including:

• Authentication Providers: If you choose to sign up or log in using a third-party service (such as Google), we receive your name, email address, and profile information from that service.
• Payment Processors: Our payment processor Stripe may provide us with information related to your transactions, such as transaction status, billing information, and payment method details.
• Analytics Providers: We receive aggregated analytics data from our analytics service providers.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we must have a legal basis for processing your personal data. We rely on the following legal bases:

• Performance of a Contract (Article 6(1)(b) GDPR): We process your personal data to perform our contract with you, including providing our Services, processing payments, managing your account, and communicating with you about your use of our Services.
• Consent (Article 6(1)(a) GDPR): We may process your personal data based on your consent for specific purposes, such as sending marketing communications or using certain cookies. You may withdraw your consent at any time.
• Legitimate Interests (Article 6(1)(f) GDPR): We may process your personal data when it is necessary for our legitimate business interests, such as improving our Services, preventing fraud, ensuring network security, and conducting business analytics. We balance our interests against your rights and freedoms.
• Legal Obligation (Article 6(1)(c) GDPR): We may process your personal data to comply with applicable laws, regulations, legal processes, or governmental requests.

5. How We Use Your Information

We use the personal information we collect for the following purposes:

5.1 Providing and Managing Our Services

• To create and manage your account and authenticate your identity.
• To process and fulfill your requests for landing page audits.
• To capture screenshots, perform AI analysis, and generate audit reports.
• To process payments and manage your subscription or credits.
• To provide customer support and respond to your inquiries.
• To send you transactional communications, including order confirmations, receipts, and service-related notifications.

5.2 Improving and Developing Our Services

• To analyze usage patterns and trends to improve our Website and Services.
• To develop new features, products, and services.
• To conduct research and analytics to better understand our users.
• To train and improve our AI models using aggregated and anonymized data.
• To test new features and optimize user experience.

5.3 Marketing and Communications

• To send you promotional communications about our products, services, and offers (with your consent where required).
• To personalize your experience and deliver content and advertising relevant to your interests.
• To conduct surveys and collect feedback.
• To manage your participation in promotions, contests, or sweepstakes.

5.4 Security and Legal Compliance

• To detect, prevent, and address fraud, security breaches, and other harmful activities.
• To enforce our Terms of Service and other legal agreements.
• To comply with applicable laws, regulations, and legal processes.
• To protect our rights, property, and safety, and that of our users and third parties.
• To verify your identity and prevent unauthorized access to your account.

6. Sharing Your Information

We may share your personal information in the following circumstances:

6.1 Service Providers

We share your information with third-party service providers who perform services on our behalf, including:

• Supabase: Database hosting and authentication services (based in the United States).
• Google (Gemini AI): AI analysis services for processing landing page audits (based in the United States).
• ScreenshotAPI.net: Screenshot capture services for landing page analysis.
• Cloudflare R2: Cloud storage for screenshots and PDF reports.
• Stripe: Payment processing services (based in the United States).
• Railway: Web hosting and infrastructure services.

These service providers are contractually obligated to protect your personal information and may only use it for the purposes for which it was disclosed to them.

6.2 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court, government agency, or law enforcement). This includes:

• Complying with a legal obligation, such as a subpoena or court order.
• Protecting and defending our rights or property.
• Preventing or investigating possible wrongdoing in connection with our Services.
• Protecting the personal safety of users of our Services or the public.
• Protecting against legal liability.

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal information.

6.4 With Your Consent

We may share your personal information for other purposes with your consent or at your direction.

6.5 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you. For example, we may share aggregated statistics about the use of our Services with partners or the public.

7. International Data Transfers

Our servers and service providers are primarily located in the United States. If you are accessing our Services from outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers are located.

If you are located in the EEA, UK, or Switzerland, we will ensure that any transfer of your personal data to countries outside these regions is protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses to provide appropriate safeguards for international data transfers.
• Adequacy Decisions: We may transfer data to countries that the European Commission has determined provide an adequate level of data protection.
• Data Privacy Framework: Where applicable, we rely on certifications under the EU-U.S. Data Privacy Framework and UK Extension.

By using our Services, you acknowledge that your personal data may be transferred to and processed in countries that may have different data protection laws than your country of residence. We take steps to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements. The retention period may vary depending on the type of data and the purposes for which it is used:

• Account Information: We retain your account information for as long as your account is active or as needed to provide you with our Services. If you request account deletion, we will delete or anonymize your account information within 30 days, except where we are required to retain it for legal purposes.
• Audit Data: Landing page screenshots, audit results, and PDF reports are retained for the lifetime of your account to allow you to access your audit history. You may request deletion of specific audits at any time.
• Transaction Records: We retain payment and transaction records for seven (7) years to comply with tax and accounting requirements.
• Communication Records: We retain records of customer support communications for three (3) years to help us improve our services and resolve disputes.
• Log Data: Server logs and analytics data are typically retained for up to twelve (12) months and then deleted or anonymized.
• Marketing Preferences: We retain records of your marketing preferences until you update them or request deletion.

When your personal information is no longer needed, we will securely delete or anonymize it. If deletion is not possible (for example, because the information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

9. Your Privacy Rights

9.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR:

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
• Right to Rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure (Article 17): You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
• Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Right to Object (Article 21): You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Article 7): If we process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.
• Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe we have violated your data protection rights.

9.2 Rights Under US State Privacy Laws

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other US states with comprehensive privacy laws, you may have the following rights:

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell about you.
• Right to Access: You have the right to request access to the specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for targeted advertising purposes. Note: We do not sell your personal information.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.
• Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information, you have the right to limit its use and disclosure.

9.3 Exercising Your Rights

To exercise any of your privacy rights, you may:

• Email us at contact@pageroast.io with your request.
• Use the account settings in your dashboard to update or delete certain information.
• Contact us using the information provided in the "Contact Us" section below.

We will respond to your request within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request to protect your privacy and security. If we need additional time to process your request, we will notify you of the extension and the reasons for it.

You may designate an authorized agent to make a request on your behalf. If you use an authorized agent, we may require proof that you gave the agent signed permission to submit the request.

10. California-Specific Disclosures (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section provides information required by these laws.

10.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, IP address, account name, unique personal identifiers.
• Commercial Information: Records of products or services purchased, purchasing histories, and tendencies.
• Internet or Network Activity: Browsing history, search history, interactions with our Website and Services.
• Geolocation Data: General location based on IP address.
• Professional Information: Job title, company name (if provided).
• Inferences: Inferences drawn from the above categories to create a profile about you.

10.2 Sale and Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

10.3 Sensitive Personal Information

We do not collect sensitive personal information as defined under the CPRA (such as Social Security numbers, financial account numbers, precise geolocation, racial or ethnic origin, religious beliefs, genetic data, biometric information, health information, or information about sexual orientation).

10.4 Retention Periods

Please refer to Section 8 (Data Retention) for information about how long we retain different categories of personal information.

10.5 Financial Incentives

We do not offer financial incentives or price differences in exchange for the retention or sale of your personal information.

10.6 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

10.7 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. We currently do not respond to DNT signals because there is no industry-standard interpretation of DNT signals.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use personal information about you, including to serve interest-based advertising. For detailed information about the types of cookies we use, the purposes for which we use them, and how you can control cookies, please see our Cookie Policy.

Types of cookies we use:

• Strictly Necessary Cookies: Required for the Website to function properly (e.g., authentication, security).
• Functional Cookies: Enable enhanced functionality and personalization.
• Analytics Cookies: Help us understand how visitors interact with our Website.
• Advertising Cookies: Used to deliver relevant advertisements (with your consent where required).

You can control cookies through your browser settings and other tools. However, disabling certain cookies may impact your ability to use some features of our Services.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: We use industry-standard TLS/SSL encryption for data in transit and encryption at rest for sensitive data.
• Access Controls: We limit access to personal information to employees and contractors who need it to perform their job duties.
• Authentication: We use secure authentication mechanisms, including password hashing and optional two-factor authentication.
• Monitoring: We monitor our systems for potential vulnerabilities and attacks.
• Vendor Security: We require our service providers to maintain appropriate security measures.
• Data Minimization: We only collect and retain personal information that is necessary for the purposes described in this Privacy Policy.
• Regular Audits: We conduct regular security assessments and audits of our systems and processes.

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

13. Children's Privacy

Our Services are not directed to children under 16 years of age (or 13 in some jurisdictions). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at contact@pageroast.io. If we learn that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

If you are between 16 and 18 years of age, you may only use our Services with the consent and supervision of a parent or legal guardian.

14. Third-Party Websites and Services

Our Website and Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you visit.

When you use our Services to analyze landing pages, we capture screenshots of those third-party websites for the purpose of providing our audit services. We do not share these screenshots with any third parties other than our AI service provider for analysis purposes.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy.
• Notify you by email (if you have provided your email address) or through a notice on our Website.
• Obtain your consent for any material changes that require consent under applicable law.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the changes.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

PageRoast
Email: contact@pageroast.io
Website: https://pageroast.io

Data Protection Officer:
Email: contact@pageroast.io

For GDPR-related inquiries, you may also contact your local data protection authority. A list of EU data protection authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en

We aim to respond to all legitimate requests within 30 days. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

17. Supplemental Disclosures for Specific Jurisdictions

17.1 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, the data controller responsible for your personal data is PageRoast. You have the rights described in Section 9.1 above. To exercise these rights, please contact us using the information provided in Section 16.

17.2 Brazil (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Protecao de Dados (LGPD), including the right to access, correct, delete, and port your personal data, and the right to object to processing. To exercise these rights, please contact us using the information provided in Section 16.

17.3 Australia

If you are located in Australia, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. You may access and correct your personal information and make complaints about our handling of your information. To exercise these rights, please contact us using the information provided in Section 16.

17.4 Canada

If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. You have the right to access, correct, and withdraw consent to the collection, use, or disclosure of your personal information. To exercise these rights, please contact us using the information provided in Section 16.

18. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" or "Personal Information" means any information relating to an identified or identifiable natural person, including but not limited to name, email address, IP address, location data, and online identifiers.
• "Processing" means any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
• "Data Controller" means the entity that determines the purposes and means of processing personal data.
• "Data Processor" means an entity that processes personal data on behalf of the data controller.
• "Data Subject" means the individual whose personal data is being processed.
• "Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.
• "Services" means the AI-powered landing page audit services and related features provided through our Website.