Privacy Policy

Last updated: June 2025 · Bug Hutch Ltd

1. Who We Are

Bug Hutch Ltd ("we", "our") operates AIVisibility. We are registered in England and Wales. For data protection queries, contact: privacy@bughutch.com.

2. Data We Collect

We collect: (a) Account data — email address, encrypted password via Supabase Auth; (b) Project data — business names, domains, competitor domains you submit for tracking; (c) Audit data — visibility scores, query results, opportunity flags; (d) Usage data — page views, feature usage, session metadata; (e) Payment data — handled entirely by Stripe; we see only transaction status.

3. How We Use Your Data

Your data is used to: deliver visibility audit results; compare your scores against competitor data; generate opportunity recommendations; send service notifications and product updates (opt-out available); improve our tracking algorithms (aggregated and anonymised only); and comply with legal obligations.

4. Legal Basis for Processing

We process data under: (a) Contract — to deliver the Service you subscribed to; (b) Legitimate interest — to improve the Service and prevent abuse; (c) Consent — for marketing emails and non-essential cookies; (d) Legal obligation — for financial records and compliance requests.

5. Data Storage and Security

All data is stored in Supabase (PostgreSQL) hosted in the EU. Data is encrypted in transit (TLS 1.3) and at rest. We apply row-level security policies so users can only access their own data. Passwords are never stored in plaintext — Supabase Auth handles all credential management.

6. Data Sharing

We do not sell your data. We share data with: Supabase (database and auth infrastructure); Stripe (payment processing); Vercel (hosting and edge functions); Resend (transactional email). All sub-processors are GDPR-compliant.

7. Data Retention

Account data is retained for the duration of your subscription plus 90 days after cancellation. Audit data is retained for 24 months. You may request deletion at any time by contacting privacy@bughutch.com. We will delete or anonymise your data within 30 days.

8. Your Rights

Under GDPR you have the right to: access your personal data; correct inaccurate data; request deletion; restrict processing; data portability; object to processing; and lodge a complaint with the ICO (UK supervisory authority). Email privacy@bughutch.com to exercise any right.

9. Cookies

We use session cookies for authentication (Supabase Auth) and analytics cookies to understand feature usage. You can disable non-essential cookies in your browser. Authentication cookies are required for the app to function.

10. Changes to This Policy

We will notify you by email of material changes to this policy 14 days before they take effect. Continued use of the Service after that date constitutes acceptance.

Questions? privacy@bughutch.com · Terms of Service · AI Disclaimer