Legal
Privacy Policy
Last updated: May 2026
1. Data Controller
AIClicks operates the aiclicks.net URL intelligence platform. For data protection enquiries, contact: [email protected].
2. Data We Collect
- Scan URLs: The URLs you submit for scanning. Stored with scan results.
- Account data: Email address, hashed password, signup date, and plan tier if you register.
- Scan results: All probe outputs for scans you run, linked to your account or an anonymous session ID.
- Usage data: Page views, scan counts, feature interactions, and error events via Google Analytics 4 (anonymised IP).
- Technical data: Browser type, device type, approximate country (from IP), session duration. Raw IP addresses are hashed (SHA-256) and never stored in plaintext.
- Payment data: Billing is handled entirely by Stripe. We do not store card numbers. We receive a Stripe customer ID and subscription status.
3. How We Use Data
- Delivering scan results and reports to you.
- Enforcing scan quotas and plan limits.
- Sending transactional emails (scan complete, quota warnings, billing receipts): no marketing without explicit opt-in.
- Debugging errors and improving scan accuracy.
- Detecting and preventing abuse (rate limiting, bot detection).
- Aggregated, anonymised product analytics to understand feature usage.
4. Data Retention
- Anonymous scans: Results stored for 24 hours, then permanently deleted.
- Free registered accounts: Scan history retained for 7 days.
- Pro accounts: Scan history retained for 90 days.
- Business / Enterprise: Configurable retention up to 12 months.
- Account data: Retained while account is active. Deleted within 30 days of account closure on request.
5. Third-Party Processors
- Infrastructure: VPS hosting provider for compute and storage.
- Payments: Stripe, Inc.: PCI DSS Level 1 certified. Stripe Privacy Policy at stripe.com/privacy.
- Analytics: Google Analytics 4, operated by Google LLC, with IP anonymisation enabled.
- Email delivery: Transactional email via SMTP provider for account notifications.
6. Your Rights (GDPR / CCPA)
- Access: Request a copy of all personal data we hold about you.
- Rectification: Correct inaccurate data linked to your account.
- Erasure: Request deletion of your account and all associated data.
- Portability: Export your scan history as JSON or CSV.
- Objection: Object to processing for analytics. You can opt out of GA4 tracking via browser settings.
- CCPA Do Not Sell: We do not sell personal data to third parties.
To exercise these rights, email [email protected]. We respond within 30 days.
7. Cookies
We use a single session cookie (aiclicks_session) for authentication. Google Analytics sets first-party cookies for session tracking. No third-party advertising cookies are placed. You can delete cookies at any time via your browser settings.
8. Security
All data is transmitted over TLS 1.3. Passwords are hashed with bcrypt. IP addresses are hashed before storage. Access to production databases is restricted to authenticated infrastructure with audit logging.
9. Contact
For privacy requests, data access, or deletion: [email protected]