Privacy Policy

Effective date: 18 April 2026

Pozitioning.AI ("we", "us", "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data when you use the Pozitioning.AI platform ("Service").

1. Data We Collect

Account Data

  • Email address (business email required for signup)
  • Company name
  • Password (stored as a bcrypt hash — we never store plaintext passwords)

Project Data

  • Brand name and website URL you provide
  • Competitor names you enter
  • Custom prompts you configure
  • Industry selection

Scan Data

  • AI engine responses about your brand (from ChatGPT, Google AI Overview, Gemini, Perplexity, Claude, Grok)
  • Derived scores, rankings, mentions, citations, and sentiment analysis
  • Historical scan results and trend data

Payment Data

  • Stripe customer ID and subscription status
  • We do not store credit card numbers, CVVs, or full payment details — Stripe handles all payment processing securely

Usage Data

  • Scan counts for quota tracking
  • Error logs for debugging (via Sentry in production)

2. How We Use Your Data

  • Provide the Service: Run brand scans, generate analytics, display dashboards
  • Account management: Authentication, email verification, password reset
  • Billing: Process payments and manage subscriptions via Stripe
  • Communicate: Send transactional emails (verification, password reset, scan notifications)
  • Improve the Service: Debug errors, monitor performance, improve scan accuracy

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services to operate the platform:

  • Stripe — Payment processing. See Stripe's Privacy Policy.
  • OpenAI, Google, Anthropic, Perplexity, xAI — AI engine queries for brand scans. Queries contain your brand name and industry-related prompts. No personal user data is sent to these services.
  • Sentry — Error monitoring in production. May capture technical error data. See Sentry's Privacy Policy.
  • Neon — PostgreSQL database hosting. See Neon's Privacy Policy.

4. Cookies

We use minimal cookies:

  • Session cookie (NextAuth) — Stores your encrypted login session. Essential for authentication. Expires after 24 hours.

We do not use advertising cookies, tracking pixels, or analytics cookies.

5. Data Retention

  • Account data: Retained while your account is active. Deleted when you delete your account.
  • Scan data: Retained while the associated project exists. Deleted when you delete the project or your account.
  • Payment records: Stripe retains payment history per their own retention policy. We store only the Stripe customer ID and subscription status.
  • Response cache: AI engine responses are cached for 24 hours to reduce API costs, then automatically deleted.

6. Your Rights

You have the right to:

  • Access your data: View all your project and scan data through the dashboard.
  • Delete your data: Delete your account at any time through account settings. This permanently removes all your data including projects, scans, and account information.
  • Export your data: Download PDF reports of your scan results from the dashboard.
  • Correct your data: Update your project settings, competitors, and prompts at any time.
  • Withdraw consent: You can stop using the Service and delete your account at any time.

7. Data Security

  • Passwords are hashed using bcrypt with a cost factor of 12
  • All data in transit is encrypted via HTTPS/TLS
  • Database connections use SSL
  • API endpoints are protected by authentication and rate limiting
  • Brute-force login protection with automatic lockout
  • Security headers (HSTS, X-Frame-Options, CSP) applied to all responses

8. International Data Transfers

Your data may be processed in Australia, the United States, and other countries where our infrastructure providers operate. By using the Service, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place with our service providers.

9. Children's Privacy

The Service is designed for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related questions or to exercise your data rights, contact us at pozitioning.ai@pozitioning.ai.