Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you register for an account or use our Service, you may provide us with:

• Account Information: Email address, name, and password
• Profile Information: Company name, job title, and business details
• Payment Information: Billing address and payment method details (processed securely by our payment providers)
• Communication Data: Information you provide when contacting us for support or inquiries
• Domain Data: Domains you add for competitor analysis and tracking

1.2 Information Collected Automatically

When you access our Service, we automatically collect certain information:

• Device Information: Browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent on pages, click patterns
• Log Data: IP address, access times, referring URLs, error logs
• Cookies and Tracking: We use cookies and similar technologies as described in Section 7

1.3 Information from Third Parties

We may receive information from third-party services:

• Google OAuth: If you sign in with Google, we receive your Google profile information (name, email, profile picture)
• DataForSEO: We obtain publicly available domain metrics, backlink data, and SEO analytics to power our Service

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain the Service: Process your requests, manage your account, and deliver the features you use
• Improve the Service: Analyze usage patterns to enhance functionality and user experience
• Communicate with You: Send service updates, security alerts, technical notices, and respond to inquiries
• Process Payments: Handle billing and subscription management
• Security: Detect, prevent, and address fraud, abuse, and security issues
• Legal Compliance: Comply with applicable laws, regulations, and legal processes
• Marketing: With your consent, send promotional communications about new features and offers (you can opt out at any time)

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Supabase: Cloud infrastructure, authentication, and database hosting (data stored securely in their infrastructure)
• DataForSEO: SEO data and analytics services (we send domain queries to retrieve public backlink and ranking data)
• Inngest: Background job processing for scan operations
• Payment Processors: Secure payment processing (they handle payment data directly)

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

• To comply with a legal obligation
• To protect our rights, privacy, safety, or property
• To prevent or investigate possible wrongdoing
• To protect against legal liability

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.

4. Data Retention

We retain your personal information for as long as necessary to:

• Provide the Service and fulfill the purposes described in this policy
• Comply with legal obligations
• Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

Scan data and analytics generated through the Service may be retained in anonymized or aggregated form for product improvement purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication mechanisms including OAuth 2.0
• Regular security assessments and monitoring
• Access controls limiting employee access to personal data
• Secure cloud infrastructure through Supabase

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

6.1 Access and Portability

You have the right to request access to your personal data and receive a copy in a portable format.

6.2 Correction

You can update your account information at any time through your account settings, or request correction of inaccurate data.

6.3 Deletion

You can request deletion of your account and personal data. Some information may be retained as required by law or for legitimate business purposes.

6.4 Objection and Restriction

You may object to certain processing of your data or request that we restrict processing in certain circumstances.

6.5 Marketing Opt-Out

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us directly.

To exercise any of these rights, please contact us at contact@affiliatespy.io. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

7.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function, including authentication and session management
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how visitors interact with the Service

7.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. However, disabling certain cookies may limit your ability to use some features of the Service.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our service providers, including Supabase and DataForSEO, may process data in various locations.

When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses approved by relevant data protection authorities.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:

10.1 Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

• Contract: Processing necessary to perform our contract with you (providing the Service)
• Legitimate Interests: Processing necessary for our legitimate business interests (improving the Service, security)
• Consent: Where you have given consent for specific processing (marketing communications)
• Legal Obligation: Processing necessary to comply with legal requirements

10.2 Data Controller

Wayfinity Ltd is the data controller responsible for your personal data under GDPR.

10.3 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about personal data collected, used, and disclosed
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt out of the "sale" of personal data (we do not sell personal data)
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at contact@affiliatespy.io.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: