Privacy Policy

Last updated: June 2026

LocalAudit ("we", "us") is a web application that helps freelance web designers find local businesses with weak websites. This Privacy Policy explains what data we collect, how we use it, and the choices you have. By using LocalAudit you agree to the practices below.

1. Data we collect about you

• Account data. When you sign in with Google, we receive your name, email address, and a Google-issued account identifier. We do not receive your Google password.
• Profile & settings. Studio name, location, voice preferences, services, signatures — only what you enter yourself.
• Usage data. Scans you run, leads you save, statuses you set, notes you write. This is the working data of your account.
• Billing data. If you subscribe to a paid plan, payment processing is handled by Stripe. We never see your full card number. We store a Stripe customer/subscription ID linked to your account.
• Server logs. Standard request metadata — IP address, user agent, timestamps — kept for security and abuse prevention.

2. Data we collect about local businesses

LocalAudit indexes publicly available information about local businesses to help users prospect:

• Listings from the Google Places API: business name, category, address, phone, public ratings & review counts, public website URL, latitude/longitude.
• Website quality measurements from Google PageSpeed Insights and our own public-page fetch (mobile viewport, HTTPS use, builder detection).

We do not collect non-public information about businesses, and we do not access any private systems or accounts on a business's behalf.

3. How we use your data

• To operate the product — display your scans, store your settings, run the AI brief and prototype agents on data you submit.
• To bill you correctly (Stripe).
• To prevent abuse and secure the service.
• To improve LocalAudit in aggregate (e.g. fixing reliability issues based on logs).

We do not sell your personal data, and we do not show third-party advertising inside LocalAudit.

4. Sub-processors we rely on

LocalAudit depends on the following sub-processors. Each handles a narrow slice of data:

• Google Cloud (Places API, PageSpeed Insights) — sends queries about cities and websites; receives only public results.
• Anthropic (Claude API) — generates AI audit reports, briefs, and prototype HTML from the lead data you select.
• Supabase — authentication (Google OAuth) and Postgres database hosting.
• Fly.io — application server hosting.
• Vercel — static frontend hosting and CDN.
• Stripe — payment processing.

5. Data retention

We keep your account data while your account is active. If you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required (e.g. tax records for paid subscriptions).

6. Your rights

You can: access the data we hold about you, correct it, export it, or delete your account. Email [email protected] and we will respond within 30 days. If you're in the EU/UK or California, you have additional rights under GDPR/CCPA — we honor those requests on the same channel.

7. Security

All traffic is encrypted in transit with HTTPS. Authentication uses signed tokens from Supabase verified server-side. Database connections are encrypted. Sensitive credentials (API keys) live as platform secrets, not in source code.

8. Children

LocalAudit is not intended for, or directed to, anyone under 16. We do not knowingly collect data from children.

9. Changes

If we materially change this policy we will update the "Last updated" date above and, for active paid subscribers, notify by email at least 14 days before the change takes effect.

10. Contact

Questions or requests: [email protected].