Skip to content

Privacy Policy

Last updated: March 24, 2026

1. Introduction

Welcome to SupaSales ("we," "our," or "us"), operated by SupaSales Inc. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our AI visibility monitoring platform at supasales.co (the "Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name and email address
  • Password (stored as a cryptographic hash, never in plain text)
  • Subscription plan and billing information (payment details are processed by our payment provider and are never stored on our servers)

2.2 Domain and Business Information

When you add a domain for monitoring, we collect:

  • Domain URL and website metadata (title, description, sitemap URL)
  • Brand name and brand variations you provide
  • Business category and detected niche
  • Competitor domains you specify or that are discovered during scans
  • Keywords and tracked prompts associated with your domain

2.3 AI Visibility Scan Data

When we run visibility scans, we collect and store:

  • AI platform responses from ChatGPT, Claude, Gemini, Perplexity, and Google AI Mode
  • Citation data (whether and where your domain is mentioned in AI responses)
  • Visibility scores, citation rates, and position metrics
  • Sentiment analysis of AI responses mentioning your brand
  • Cost tracking for API usage associated with your scans

2.4 Google Search Console Data

If you choose to connect Google Search Console, we collect:

  • An OAuth 2.0 refresh token (encrypted at rest using AES-128 encryption) to access your Search Console data on your behalf
  • Search analytics data: queries, page URLs, clicks, impressions, click-through rate, and average position
  • We request read-only access (webmasters.readonly scope) and cannot modify your Search Console data
  • You can disconnect Google Search Console at any time from your Settings page, which immediately revokes our access and deletes all synced data

2.5 Free Audit Data

When you use our free audit tool without creating an account, we collect:

  • Domain URL and email address (for delivering results)
  • IP address (for rate limiting: one audit per IP per 72 hours)

2.6 Automatically Collected Information

  • IP address, browser type, operating system, and device information
  • Pages visited, features used, and interaction patterns
  • Error logs and performance data (via Sentry error monitoring)
  • Bot protection verification data (via Cloudflare Turnstile)

2.7 Newsletter and Contact Form

  • Newsletter subscriptions: email address and subscription source
  • Contact form submissions: name, email, subject, and message content

3. How We Use Your Information

  • Run AI visibility scans and generate analytics for your domains
  • Compute correlation insights between organic search and AI citation data
  • Send scan completion notifications, weekly digest emails, and visibility alerts
  • Process subscription payments and manage your account
  • Provide customer support and respond to inquiries
  • Monitor system performance and detect technical issues
  • Improve our scan algorithms and analytics accuracy
  • Send marketing communications (only with your explicit consent; you can unsubscribe at any time)

4. Third-Party Services

We use the following third-party services to operate SupaSales. Each service processes data as described:

  • Supabase: Database hosting and user authentication (stores your account data and scan results)
  • Google Search Console API: Fetches your organic search data when you connect GSC (read-only OAuth 2.0 access)
  • DataForSEO: Provides keyword data, AI platform response scraping, and AI mention intelligence
  • OpenRouter: AI model access for generating search queries and analyzing responses
  • Perplexity API: Provides AI search responses for citation testing
  • Freemius: Payment processing and subscription management (handles all payment card data; we never store card numbers)
  • Amazon Web Services (SES): Email delivery for notifications and transactional emails
  • Cloudflare Turnstile: Bot protection for free audit and public forms
  • Sentry: Error monitoring and performance tracking (receives error logs, not personal data)

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

  • Service Providers: With the third-party services listed above, strictly to provide the Service functionality
  • Business Transfers: In connection with any merger, acquisition, or sale of assets, with prior notice to you
  • Legal Requirements: When required by law, regulation, or legal process, or to protect our rights, safety, or property
  • Shared Reports: If you generate a shared report link, the report data is accessible to anyone with that link until you revoke it

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data is transmitted over HTTPS/TLS encryption
  • Passwords are stored as cryptographic hashes (bcrypt)
  • OAuth tokens are encrypted at rest using AES-128 (Fernet symmetric encryption)
  • Database access is restricted and authenticated
  • Admin access is protected by email whitelist verification
  • Payment webhook signatures are verified using HMAC-SHA256

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Data Retention

  • Account data: Retained for the lifetime of your account. Deleted upon account deletion.
  • Scan data: Retained for the lifetime of your account to provide historical trend analysis.
  • Google Search Console data: Retained while GSC is connected. All synced data is deleted immediately when you disconnect GSC.
  • Free audit data: Audit results are retained for 30 days. Rate-limiting records (IP + domain) expire after 72 hours.
  • Contact form and newsletter: Retained until you request removal or unsubscribe.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete data via your Settings page
  • Deletion: Request deletion of your account and all associated data
  • Restriction: Request that we restrict processing of your data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent for marketing communications at any time

To exercise any of these rights, contact us at support@supasales.co. We will respond within 30 days.

9. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and core Service functionality (session tokens, CSRF protection)
  • Preference cookies: Store your UI preferences (dismissed banners, filter selections) via localStorage

We do not use third-party advertising or tracking cookies. You can configure your browser to reject cookies, but this may affect your ability to use the Service.

10. Children's Privacy

Our Service is intended for business users and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

11. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. Our primary database is hosted in the US-West region via Supabase. We ensure appropriate safeguards are in place for international transfers in accordance with applicable data protection laws.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also notify you via email. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, please contact us:

  • Email: support@supasales.co
  • Website: https://supasales.co/contact