Legal

Privacy Policy

Last updated: [DATE - fill in on publish]

This is a starting draft covering what Clyru actually collects and where it actually goes - not a substitute for legal advice. If you expect visitors from the EU/UK or California, have a lawyer confirm what additional consent banners or data-subject-request handling you need; this draft doesn't implement a cookie-consent banner or an automated deletion flow yet.

What we collect

  • The email address and website URL you submit when starting a scan.
  • Your IP address, to enforce the daily scan limit and detect abuse.
  • The public content of the site you submit (text, headings, meta tags) - fetched at scan time, not stored beyond what's needed to generate your report.
  • Payment details, if you buy the full report - handled entirely by Stripe. We receive confirmation that you paid, never your card number.

How we use it

  • To run the scan and generate your SEO/AEO/GEO scores and recommendations.
  • To email you a link to your report so you don't lose access to it.
  • To enforce free-scan rate limits and prevent abuse.
  • To process payment for the full report.

Who we share it with

We use the following service providers to run Clyru. Each processes only what it needs to do its job:

  • Stripe - payment processing.
  • Neon - our database host, stores scan records.
  • Vercel - application hosting.
  • Vercel AI Gateway / Anthropic - the scanned site's public content is sent to an AI model to generate scores and fix recommendations.
  • Resend - delivers the report-link email.

We don't sell your data, and we don't share it with anyone outside this list.

How long we keep it

Scan records (the URL, email, scores, and report) are kept so you can revisit your report link at any time. To request deletion of your data, email us at andrew@alderlake.io and we'll remove it - this is currently a manual process, not an automated self-service tool.

Cookies and tracking

Clyru uses Vercel Web Analytics, which is cookieless and does not collect personally identifiable information. We don't use advertising or cross-site tracking cookies.

Security

All traffic is encrypted (HTTPS). We block scan requests aimed at private, internal, or non-public network addresses. Payment data never touches our servers - it goes directly to Stripe.

Children

Clyru is not directed at children under 16, and we don't knowingly collect their data.

Changes to this policy

We may update this policy as the product changes. Material changes will be reflected here with a new date.

Contact

Questions or a data deletion request: andrew@alderlake.io.