Privacy Policy

Last updated: May 26, 2026

AnswerAtlas is operated from Australia.

Plain English Summary

We collect the minimum data needed to run audits, manage accounts, process payments, prevent abuse, and improve AnswerAtlas.
If you submit a website, we may crawl and analyze public page content, metadata, structured data, screenshots, prompts, AI responses, citations, scores, and recommendations.
We use third-party providers for hosting, payments, email, analytics, error monitoring, and AI processing, including providers such as Stripe, PostHog, OpenAI, Anthropic, Google, Resend, Sentry, and hosting/database providers.
We do not receive or store full payment card numbers.
Avoid submitting passwords, private customer records, regulated personal data, or confidential material unless it is necessary and you are authorized to provide it.
You can contact us to request access, correction, deletion, or to ask privacy questions.

What we collect

We collect data that is reasonably necessary to provide AnswerAtlas and support your account.

Email address, login/session data, account preferences, locale, and support messages.
Website URLs, page content, page metadata, structured data, crawl results, screenshots or extracted text where needed for analysis.
Audit inputs and outputs, including prompts, AI responses, citations, scores, issues, recommendations, reports, exports, and monitoring history.
Billing and subscription metadata from Stripe. We do not receive or store full payment card numbers.
Usage events such as pages visited, buttons clicked, report views, checkout consent, and feature usage.
Technical logs such as IP-derived region, browser, device, request timing, errors, rate-limit events, and security events.

Payments and billing

We use Stripe to process payments, subscriptions, invoices, taxes, fraud checks, and billing-related communications. When you make a payment, Stripe may collect and process payment details, billing information, card information, bank/payment method details, IP address, device information, and transaction metadata.

AnswerAtlas does not receive or store full payment card numbers. We receive billing and transaction metadata such as customer ID, payment status, invoice details, subscription status, plan purchased, amount, currency, and timestamps.

Stripe processes payment data according to its own terms and privacy policy. We may retain billing records where needed for accounting, tax, dispute handling, fraud prevention, and legal obligations.

AI processing

To generate audits and recommendations, we may send website content, metadata, prompts, and relevant context to third-party AI providers such as OpenAI, Anthropic, and Google. These providers process the data to return model outputs used in your report.

We configure AI providers according to the options available to us for API/business use. Where available, we use provider settings or terms intended to limit use of submitted data for training general-purpose models. However, third-party AI providers process data under their own terms and policies, and their retention and abuse-monitoring practices may vary.

Do not submit passwords, private customer records, unreleased product strategy, regulated personal data, or confidential material unless it is necessary and you are authorized to provide it.

Third-party providers

We use service providers to host the product, process payments, send email, analyze product usage, run AI model calls, monitor errors, and secure the Service. Providers may include Stripe, PostHog, OpenAI, Anthropic, Google, Resend, Sentry, hosting providers, and database infrastructure.

International processing

Some of our service providers may process or store data in countries outside Australia, including the United States, the European Union, and other locations where they or their subprocessors operate. We use these providers to host the Service, process payments, send email, run AI model calls, monitor reliability, and understand product usage.

Where required, we take reasonable steps to work with reputable providers and use contractual, technical, and organizational safeguards appropriate for the type of data being processed.

Analytics and session replay

We use PostHog to understand product usage, diagnose confusing flows, and improve reliability. PostHog may capture page views, navigation paths, UI interactions, scroll depth, time on page, and session replays.

Form inputs are masked in session replays by default. We do not intentionally record passwords, payment card numbers, or raw audit result content in session replay.

How we use data

We use data to provide audits, generate reports, monitor subscriptions, support customers, prevent abuse, secure the Service, improve scoring methodology, debug issues, and understand aggregate product usage.

We may use anonymized or aggregated insights internally to improve methodology and product quality.
We do not sell your personal information. We do not publicly identify individual audit results without permission.

Security

We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. These may include access controls, secure hosting infrastructure, encryption in transit, logging, rate limiting, and restricted access to production systems.

No internet service can be guaranteed to be completely secure. If you believe you have found a security issue, contact us at [email protected].

Communications

We may use your email address to send service-related messages, audit updates, account notices, billing notices, security alerts, and responses to support or sales requests. If you sign up for early access or updates, we may also send product or marketing updates. You can unsubscribe from non-essential marketing messages where an unsubscribe option is provided, or contact us to opt out.

Retention and deletion

We retain data only as long as reasonably needed for product delivery, security, accounting, dispute handling, and legal obligations.

Audit reports and related crawl/AI response data are retained while your account remains active unless you request deletion.
Cached AI responses may be retained to support report reproducibility, debugging, cost control, and monitoring comparisons.
Email and support logs are generally retained for 90 days or longer where needed for account, billing, or dispute records.
Analytics events are generally retained for up to 12 months. Session replays are generally retained for up to 30 days.
Deletion requests are usually processed within 30 days, subject to backups, fraud prevention, accounting, security, and legal retention requirements.
Deleted data may remain in backups or logs for a limited period before being overwritten or securely removed, unless we need to retain it for legal, security, billing, dispute, or fraud-prevention reasons.

Opt out of analytics capture

You can opt out of PostHog analytics capture in your browser using the button below. The core service will continue to work, although we may still keep essential security, billing, and operational logs.

Technical users can also opt out using their browser console. If you need help opting out, email us at [email protected].

posthog.opt_out_capturing()posthog.opt_in_capturing()

Your rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. Email us to make a request. We may need to verify your identity before acting on it.

Children

AnswerAtlas is intended for business users and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us and we will take reasonable steps to delete it.

Privacy complaints

If you believe we have mishandled your personal information, contact us at [email protected] with details of your concern. We will review your complaint and aim to respond within a reasonable timeframe. We may ask for additional information to verify your identity or understand the issue.

If you are not satisfied with our response, you may have the right to contact your local privacy regulator. In Australia, this may include the Office of the Australian Information Commissioner (oaic.gov.au).

Legal bases for processing

Where laws such as the GDPR require a legal basis for processing, we generally rely on one or more of the following: providing the Service or taking steps before entering into a contract, our legitimate interests in operating and improving the Service, compliance with legal obligations, consent where required, and protecting the security and integrity of the Service.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, provide additional notice through the Service or by email.

Contact

For privacy questions, access/deletion requests, or complaints, contact us at [email protected].