PRIVACY POLICY

Privacy Policy

Last updated: May 11, 2026 · Effective: May 11, 2026

Reffed ("we," "us," "our") is operated by PromptlessPress Technologies, based in Vancouver, BC, Canada. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding that data.

If you have questions, email us at support@reffed.ai.

1. Information we collect

Information you provide directly

  • Account information — your name, email address, business name, and billing details when you sign up.
  • Website information — the URLs you submit for audits, the credentials you provide for site integrations (CMS access tokens, API keys), and any custom settings.
  • Communications — messages you send via our contact form, email, or support channels.
  • Waitlist signups — your email address and the pricing tier you expressed interest in.

Information collected automatically

  • Usage data — pages visited, features used, audit runs, click events. Aggregated, never tied to your identity in our analytics.
  • Device information — browser type, OS, screen size, IP address (for security/abuse prevention only).
  • Cookies — we use a minimal set of first-party cookies for session management and aggregate analytics. We do not use third-party advertising cookies.

Information collected from your site (if you connect one)

  • Content and structure of pages we audit (HTML, meta tags, schema, internal links, copy)
  • Keyword rankings and crawl data
  • AI engine query results that mention or could mention your site

2. How we use your information

  • Provide the service — run audits, deploy fixes, generate reports, send the alerts you signed up for.
  • Communicate with you — send service updates, billing notices, support replies, and (only if you opt in) product newsletters.
  • Improve the product — aggregated, anonymized data informs which features to build and which audit signals correlate with results.
  • Protect against abuse — detect bots, rate-limit, prevent fraud. IP addresses are retained for up to 90 days for this purpose.
  • Legal compliance — comply with applicable laws, respond to lawful requests from authorities.

3. What we don't do

  • We don't sell your data. Ever. Not to advertisers, not to data brokers, not to anyone.
  • We don't train AI models on your content without your explicit consent. We use third-party AI providers (currently Anthropic's Claude) to help generate content for your account, but their data-handling policies apply only to that processing — none of your content enters their training pipelines.
  • We don't use advertising tracking. No retargeting pixels, no third-party ad cookies, no behavioral profiling.
  • We don't share your audit data with competitors or aggregate it into reports that would identify your business.

4. Third-party services we use

We use carefully selected service providers to operate Reffed. Each receives only the minimum data required to perform its function:

  • Stripe — payment processing. They store your billing details; we never see your full card number.
  • Anthropic (Claude API) — AI generation for content drafts and audit analysis. Anthropic's API does not retain or train on data sent through it.
  • Supabase — database hosting (our primary data store). Hosted in US-East region with encryption at rest and in transit.
  • Vercel — application hosting and CDN. They handle traffic routing and basic access logs.
  • Resend — transactional email delivery (audit reports, account notifications).
  • Google PageSpeed Insights — public API used to measure your site's performance. Only your URL is sent; no account data.

If we add or change a service provider in a way that affects data handling, we'll update this policy.

5. How long we keep data

  • Account data — for as long as your account is active, plus 30 days after cancellation (in case you reactivate).
  • Audit reports — kept indefinitely while your account is active. You can delete individual reports at any time.
  • Waitlist signups — until you ask us to remove them or our service launches publicly.
  • Logs & analytics — 90 days for raw logs, longer for aggregated/anonymized data.
  • Billing records — 7 years (required for Canadian tax law).

6. Your rights

Depending on where you live, you have some or all of these rights:

  • Access — request a copy of the personal data we have about you.
  • Correction — fix anything that's inaccurate.
  • Deletion — ask us to delete your account and associated data (subject to legal retention requirements above).
  • Portability — export your data in a structured format.
  • Opt out — unsubscribe from marketing emails at any time. Service-related emails (billing, security) cannot be opted out of while your account is active.
  • Object — object to certain types of processing, including profiling.

To exercise any of these rights, email support@reffed.ai. We respond within 30 days.

7. Security

We use industry-standard security practices: TLS encryption for all data in transit, encrypted storage at rest, principle-of-least-privilege access controls, regular security reviews, and prompt patching of dependencies. No system is 100% secure, but we take this seriously.

If you discover a security vulnerability, please email support@reffed.ai with details. We don't currently run a paid bug bounty but we appreciate responsible disclosure and will acknowledge reporters publicly if they wish.

8. International transfers

Reffed is operated from Canada, but some of our service providers are based in the United States and operate in multiple regions. By using Reffed, you consent to your data being transferred to and processed in these jurisdictions, which may have different data-protection laws than your home country.

9. Children's privacy

Reffed is not directed at children under 16. We don't knowingly collect data from anyone under 16. If you believe we've collected data from a child, email support@reffed.ai and we'll delete it.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we'll email account holders and post a notice on the site at least 30 days before changes take effect. The "Last updated" date at the top of this page always reflects the most recent revision.

11. Contact us

Privacy questions, data requests, or concerns:

support@reffed.ai

PromptlessPress Technologies
Vancouver, BC, Canada