Privacy Policy

Account information. When you sign up, we collect your name, email address, and authentication credentials via Clerk, our identity provider.

Google account data. When you connect your Google account, we receive OAuth access tokens that allow us to read data from Google Search Console, Google Analytics (GA4), and Google Ads on your behalf. We do not store your Google password. Tokens are used only to fetch the data you explicitly choose to import into your workspace.

Google Search Console data. Click, impression, position, and page-level performance data for the sites you connect.

Google Analytics data. Session counts, user counts, pageviews, traffic sources, and related metrics for the GA4 properties you connect.

Google Ads data. Campaign performance, keyword metrics, spend, and conversion data for the Ads accounts you connect.

AI traffic beacon data. If you install our optional JavaScript snippet or GTM tag on your site, we collect the HTTP referrer, landing page URL, and user agent string for visits that originate from AI platforms (e.g., ChatGPT, Perplexity). No personally identifiable visitor information is collected.

Workspace settings. Configuration you provide such as your workspace name, business context, alert thresholds, and connected third-party integrations (Slack, Cloudflare).

Billing information. Payments are processed by Stripe. We receive a Stripe customer ID and subscription status but do not store your full card number or bank details.

Usage data. We log API requests, feature usage, and error events to monitor service health and improve the product.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Populate your dashboards with SEO, analytics, and advertising data from connected accounts
• Generate AI-powered analyses, alerts, and recommendations using your data as context
• Send daily or scheduled monitoring alerts via email or Slack when you enable them
• Process subscription payments and manage your billing relationship
• Send transactional emails (e.g., team invites, password resets)
• Respond to support requests
• Detect and prevent abuse or unauthorized access

We do not sell your data to third parties. We do not use your Google account data to train machine learning models or for advertising purposes.

When you use the AI chat or automated monitoring features, your SEO and analytics data (along with any business context you have provided) is sent to Anthropic's Claude API to generate responses. Anthropic's use of this data is governed by their Privacy Policy. We do not send personally identifiable information about your website visitors to Anthropic.

Your data is stored in a PostgreSQL database hosted on Neon (neon.tech), a managed cloud database provider. Data is encrypted at rest and in transit (TLS). We apply role-based access controls so that each user can only access their own workspaces.

The Service is deployed on Vercel. Application secrets, API keys, and OAuth tokens are stored as encrypted environment variables and are never exposed to client-side code.

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We encourage you to use a strong, unique password and to report any suspected security issues to tyler@hospitalitylabs.io.

We share your data only with the following categories of sub-processors, and only as necessary to deliver the Service:

We do not share your data with advertisers, data brokers, or any third party for marketing purposes.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request the Google API scopes necessary to provide the features you use.
• We do not use Google user data to serve advertisements.
• We do not allow humans to read your Google data unless you explicitly share access or we are required to do so for security or legal reasons.
• We do not transfer your Google data to third parties except as described in Section 5.

We use cookies and similar technologies solely for authentication (Clerk session cookies) and to maintain your user preferences. We do not use third-party advertising or tracking cookies.

The optional AI traffic beacon you can install on your own website operates server-side and does not set cookies on your visitors' browsers.

We retain your account and workspace data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory reasons.

Aggregated, anonymized usage statistics may be retained indefinitely as they cannot be linked back to any individual.

Depending on your location, you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Ask us to correct inaccurate data.
• Deletion. Request that we delete your account and associated data.
• Portability. Request your data in a machine-readable format.
• Revoke Google access. You can disconnect your Google account at any time from the Integrations settings page, which will stop us from making further API calls.

To exercise any of these rights, email us at tyler@hospitalitylabs.io. We will respond within 30 days.

The Service is intended for business use and is not directed at children under 13. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top and, for material changes, notify you by email or by a notice within the application.

If you have questions about this Privacy Policy or how we handle your data, please contact us at: