Privacy Policy
This Privacy Policy describes how AuditAI ("we", "our", "us") collects, uses, and protects your information when you use our website and SEO audit service at auditai.cakcan.com. We process personal data in compliance with the EU General Data Protection Regulation (GDPR) and, where applicable, the Turkish Personal Data Protection Law (KVKK / Law No. 6698).
1. Data We Collect
Email address. When you create an account, we collect your email address. We use it to send account-related communications, password reset links, and subscription receipts. We do not send marketing email without explicit consent.
Submitted URLs and audit history. When you run an audit, we record the URL you submitted, the audit timestamp, the resulting SEO score, and the full audit result. This data is tied to your account and retained as your audit history so you can review past results.
IP address and usage data. We log your IP address and request timestamps for every audit request, whether you are logged in or not. We use this to enforce free-tier limits (3 audits per day per IP address), detect abuse, and produce aggregate usage statistics.
Billing information. If you subscribe to a paid plan, our payment processor Lemon Squeezy collects your name, email address, and payment card details directly. We receive only a customer ID, subscription status, and order details. We never see or store your full card number or CVV.
Cookies. We set cookies in your browser as described in Section 6 below.
2. Why We Collect This Data
- Service delivery: to run the audit you requested, display results, and maintain your audit history.
- Rate limiting and abuse prevention: to enforce the free-tier limit of 3 audits per day per IP and to detect patterns that suggest misuse.
- AI recommendations: we send a structured summary of the audited page (metadata, headings, link structure) to Anthropic's Claude API to generate recommendations. No personally identifiable information about you is included in these requests. Anthropic's own privacy policy governs that processing.
- Billing and subscription management: to process payments and manage your subscription through Lemon Squeezy, our merchant of record.
- Product improvement and analytics: to understand aggregate usage patterns, identify common errors, and improve the audit engine.
- Legal compliance: to comply with tax, accounting, and regulatory obligations.
3. Legal Basis for Processing (GDPR)
For EU/EEA residents, we rely on the following legal bases:
- Contract performance (Art. 6(1)(b)): processing your account data and audit history to deliver the service you signed up for.
- Legitimate interests (Art. 6(1)(f)): logging IP addresses and usage data for abuse prevention and service security.
- Legal obligation (Art. 6(1)(c)): retaining billing records for tax compliance.
- Consent (Art. 6(1)(a)): for analytics cookies, where we request your consent.
4. Third-Party Processors
- Anthropic (Claude API): we transmit a structured page summary to Anthropic's API to generate SEO recommendations. This data contains public web content from the URL you submitted, not your personal details. Anthropic processes this as a data processor under its API terms.
- Lemon Squeezy: acts as our merchant of record and payment processor. It collects and stores your billing details, issues invoices, and handles tax collection on our behalf. Lemon Squeezy's own privacy policy applies to that processing.
- We do not sell, rent, or share your personal data with any other third party for their own marketing purposes.
5. Data Retention
Usage logs (IP address, URL, score, timestamp) are retained for up to 90 days and then deleted or anonymized. Audit results linked to your account are retained for as long as your account is active, plus 90 days after account cancellation.
Subscription and billing records are retained for 7 years from the transaction date to satisfy tax and legal compliance requirements. Your email address and account data are retained for the duration of your account and deleted within 30 days of a verified deletion request.
6. Cookies
We use the following categories of cookies:
- Session cookie (
auditai_sid): a persistent authentication cookie set with theHttpOnlyandSecureflags. It expires 30 days after your last login. This cookie is required for account access; disabling it will log you out. - Preference cookies: a persistent cookie that stores your selected language (EN or TR) so you do not have to re-select it on each visit. It expires after 1 year.
- Analytics cookies: if you consent, we may use a privacy-respecting analytics tool to count page visits and understand which features are used most. These cookies do not track you across other websites and are not shared with advertising networks.
You can manage or delete cookies through your browser settings. Disabling session cookies will prevent you from staying logged in.
7. Your Rights
Depending on your location, you have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Correction: ask us to correct inaccurate data.
- Deletion: ask us to delete your personal data. We will comply within 30 days, subject to legal retention requirements.
- Portability: request your data in a structured, machine-readable format (JSON or CSV).
- Objection: object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds that override your rights.
- Restriction: ask us to restrict processing while a dispute is resolved.
- Withdrawal of consent: where processing is based on consent (e.g., analytics cookies), withdraw it at any time without affecting prior processing.
EU/EEA residents also have the right to lodge a complaint with their national data protection authority. Turkish residents have equivalent rights under KVKK Article 11, including the right to apply to the Personal Data Protection Authority (KVKK Kurumu) if their requests are not resolved.
To exercise any of these rights, reach us via our contact page. We will respond within 30 days.
8. Security
All traffic is encrypted via TLS/HTTPS. Data is stored on a dedicated server with encrypted disks and firewall rules that restrict access by IP. No internet transmission is completely secure; we apply commercially reasonable measures to protect your data.
9. Children
AuditAI is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be announced on this page with a revised date. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact
For privacy-related questions, requests, or complaints, reach us via our contact page.