Privacy Policy
Last updated: June 1, 2026
Findable is operated by Ziguru LLC ("we", "us"). This policy explains what data we collect, why we collect it, who we share it with, how long we keep it, and what rights you have over it. Questions: support@usefindable.ai.
What we collect and why
Each row names the data, the purpose, and the legal basis we rely on under GDPR Art. 6. Where consent is the basis, you can withdraw it at any time without affecting the lawfulness of prior processing.
| Data | Purpose | Legal basis |
|---|---|---|
| Email, name (via Clerk) | Account, sign-in, billing receipts | Contract performance |
| Payment details (via Stripe) | Subscription billing | Contract performance |
| Your website URL + content | Run scans, generate articles | Contract performance |
| Scan + article history | Show your dashboard, compute trends | Contract performance |
| Product analytics events | Understand which features are used | Consent (cookie banner) |
| Error reports (Sentry) | Detect + diagnose bugs | Legitimate interest |
| Anti-spam signal (Cloudflare Turnstile) | Block automated abuse of the free scan | Legitimate interest (security) |
| Service emails (Resend) | Scan completion + billing notices | Contract performance |
How long we keep it
- Account + scan history: for the lifetime of your account. Deleted within 30 days of account closure.
- Generated articles: yours to keep. They remain in your dashboard and on any blog you published them to even after cancellation.
- Payment records: 7 years (tax + accounting requirements).
- Product analytics: 12 months in PostHog, then aggregated.
- Error reports: 90 days in Sentry.
- Service emails: 30 days of delivery logs in Resend.
Sub-processors
We use the following third-party services to operate Findable. Each processes user data on our behalf under their own privacy terms.
| Service | What it does | Data location |
|---|---|---|
| Clerk | Authentication | USA |
| Stripe | Payment processing | USA |
| Vercel | Frontend hosting | USA + global edge |
| Render / DigitalOcean | Backend + database hosting | USA |
| Cloudflare | Anti-spam (Turnstile), R2 storage, analytics proxy | USA + global edge |
| Resend | Transactional email delivery | USA |
| Sentry | Error monitoring | USA |
| PostHog | Product analytics (consent-gated) | USA |
| Google Analytics | Marketing analytics (consent-gated) | USA |
| Anthropic, OpenAI | AI for scan analysis + article generation | USA |
| Perplexity, Google Gemini | AI engines we query for citation visibility | USA |
| Firecrawl, Jina, Serper | Web scraping for competitor + source data | USA |
We update this list when we add or remove a sub-processor. Material changes ship in a Findable update post + a banner in the dashboard.
AI providers and your content
Running a scan or generating an article sends your website URL, page content, and the resulting prompts to Anthropic, OpenAI, Perplexity, and Google Gemini. We use these providers' enterprise / API tiers, which by default do not train on customer inputs:
- Anthropic API: Anthropic does not train on data submitted via the API.
- OpenAI API: OpenAI does not train on API inputs by default.
- Perplexity, Google Gemini: we send only the buyer-style queries we generate, not your account or content data.
We do not train any models ourselves. We do not sell your data to anyone, ever, for any purpose.
International data transfers
All sub-processors above are located in the United States or operate global edge networks that include the US. If you're in the EU, UK, or another jurisdiction with cross-border transfer rules, we rely on the following mechanisms: Standard Contractual Clauses (SCCs) with each sub-processor where adequacy decisions don't apply, and the EU-US Data Privacy Framework where the sub-processor self-certifies. Copies of the SCCs we hold are available on request.
Cookies and similar technologies
We split cookies into two categories. The banner you see on first visit lets you accept or decline the second category. You can change your decision later by clearing site data for usefindable.ai in your browser, which re-prompts on next visit.
- Strictly necessary: sign-in (Clerk), payment session (Stripe), CSRF protection, anti-spam token (Cloudflare Turnstile). Loaded regardless of consent because the site does not function without them.
- Analytics: Google Analytics, PostHog, the BoostToad feedback widget. Loaded only after you click Accept on the cookie banner.
Your rights
If GDPR or a comparable framework (UK GDPR, CCPA, LGPD) applies to you, you have the right to:
- Access: request a copy of the data we hold about you.
- Rectify: correct anything that's wrong.
- Delete: close your account and have associated data removed within 30 days, subject to retention obligations (e.g. tax records).
- Port: receive your generated content + scan history in a machine-readable format.
- Restrict + object: limit how we process your data, including objecting to processing based on legitimate interest.
- Withdraw consent for anything we process under that basis (analytics).
- Lodge a complaint with your local data protection authority. EU users can find theirs at edpb.europa.eu. UK users: ico.org.uk.
To exercise any of these rights, email support@usefindable.ai with the request and the email on your account. We respond within 30 days.
Security and breach notification
All data is transmitted over HTTPS. Passwords are handled by Clerk (we never see them). Payment card details are handled by Stripe (we never see them). Database access is restricted to our backend services and is audited.
If we discover a personal data breach likely to result in risk to you, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Art. 33-34.
Children
Findable is intended for businesses and is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided data, email support@usefindable.ai and we will delete it.
Changes to this policy
When we change this policy materially, we update the "Last updated" date at the top, post a note in the changelog, and for changes to sub-processors or data categories, surface a banner in the dashboard. Continued use after a material update means you accept the revised policy.
Contact
Privacy questions, rights requests, or sub-processor SCC requests: support@usefindable.ai. We're a small team, so there's no separate DPO yet, but the founders read this inbox directly. Postal mail: Ziguru LLC, 1021 E Lincolnway, Cheyenne, WY 82001, USA.