Privacy Policy

2.1 Account Information

When you create an account with Greadme, we collect:

• Email address: Used for account authentication, communication, and password recovery
• Username: Your display name within the platform
• Password: Securely hashed and encrypted (we never store plain-text passwords)
• Account creation date: Timestamp of when your account was created

2.2 Website Data

To provide our audit and analysis services, we collect:

• Website URLs: The domains and pages you submit for analysis
• Crawl data: Technical information about your website's structure, performance, and SEO elements
• Audit results: Generated reports, recommendations, and analysis data
• Domain visibility preferences: Your settings for public/private sharing of audit results

2.3 Google Search Console Integration

If you choose to connect your Google Search Console account, we collect:

• OAuth authorization tokens: Access and refresh tokens to retrieve your Search Console data
• Property information: List of websites you own in Google Search Console
• Performance data: Search queries, impressions, clicks, and rankings (read-only access)
• Selected property: The specific website you choose to analyze
• Permission level: Your access level for each property

Important: Greadme only requests read-only access to your Google Search Console data. We cannot modify, delete, or alter any of your Search Console information. We use this data solely to provide insights and analytics within our platform.

2.4 Subscription and Payment Information

• Subscription details: Your plan type, status, renewal dates, and payment history
• Payment information: Processed securely through LemonSqueezy (we do not store credit card details)
• Customer ID: Reference number for your subscription account

2.5 Usage and Analytics Data

• Log data: IP address, browser type, operating system, and device information
• Usage patterns: Pages visited, features used, and time spent on the platform
• Cookies: Small data files stored on your device (see Section 9 for details)

4.1 Authorization and Access

When you connect your Google Search Console account to Greadme, we use Google's OAuth 2.0 protocol to securely authorize access. This process:

• Redirects you to Google's authorization page (we never ask for your Google password)
• Requests read-only access to your Search Console data
• Provides us with temporary access and refresh tokens after you grant permission
• Allows you to revoke access at any time through your Google Account settings or Greadme's disconnect feature

4.2 Token Storage and Security

Your Google OAuth tokens are handled with the highest security standards:

• Encryption: All access and refresh tokens are encrypted using industry-standard encryption before being stored in our database
• Secure transmission: Tokens are transmitted only over HTTPS connections
• Limited access: Only authorized Greadme systems can decrypt and use these tokens
• Automatic refresh: Tokens are automatically refreshed as needed, with a 5-minute buffer for validity checks
• Token revocation: When you disconnect Google Search Console or delete your account, we immediately revoke the tokens at Google's API

4.3 Data Usage and Caching

To optimize performance and reduce unnecessary API calls to Google, we implement a caching system:

• Cached insights: Top pages, top queries, device breakdowns, country performance, mobile issues, and trending changes
• Cache duration: Data is refreshed periodically to ensure accuracy while minimizing API usage
• Timestamp tracking: Each cached item includes a "lastFetched" timestamp
• No data modification: We only read and display your Search Console data; we never modify or delete it

4.4 Disconnecting Google Search Console

You can disconnect your Google Search Console integration at any time. When you do:

• We immediately revoke the OAuth tokens at Google's API
• All encrypted tokens are deleted from our database
• Cached Search Console data is cleared from your account
• We can no longer access your Google Search Console information

5.1 Security Measures

We implement comprehensive security measures to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
• Encryption at rest: Sensitive data (including OAuth tokens) is encrypted in our database
• Authentication: We use Clerk, a secure authentication provider, to manage user accounts and sessions
• Password security: Passwords are hashed using industry-standard algorithms (never stored in plain text)
• Access controls: Strict internal access controls limit who can view or modify user data
• Regular security audits: We regularly review and update our security practices

5.2 Database Storage

Your data is stored in MongoDB, a secure and reliable database system. Our data model includes:

• User account information and preferences
• Encrypted Google OAuth tokens
• Audit results and crawl data
• Subscription and payment references (actual payment data is handled by LemonSqueezy)
• Cached Search Console insights for performance optimization

5.3 Third-Party Security

We rely on trusted third-party services for specific functions:

• Clerk: Authentication and user management (SOC 2 Type II certified)
• LemonSqueezy: Payment processing (PCI DSS compliant)
• Google Cloud: OAuth integration and Search Console API access

6.1 Active Account Data

• Account information: Retained for the duration of your active account
• Audit results: Stored according to your subscription plan limits
• Usage logs: Retained for up to 90 days for security and troubleshooting purposes
• Cached data: Refreshed periodically; older cached data is automatically replaced

6.2 Account Deletion

When you delete your Greadme account, we execute a comprehensive cleanup process to ensure your data is permanently removed:

Immediate Actions:

• Subscription cancellation: Active subscriptions are immediately cancelled with LemonSqueezy
• Google OAuth revocation: All Google Search Console access tokens are revoked at Google's API
• Token deletion: Encrypted OAuth tokens are deleted from our database
• Scan data deletion: All deep scan results, crawler results, and audit reports are permanently deleted
• Folder deletion: All user-created folders and organizational structures are removed
• Account record deletion: Your user account and all associated personal information are permanently deleted from our database

Complete Data Removal: Upon account deletion, ALL of your personal data, audit results, and associated information are permanently and irreversibly removed from our systems. We cannot recover this data after deletion.

6.3 Anonymized Data

We may retain anonymized, aggregated data that cannot be linked to you personally for analytical and service improvement purposes. This data includes:

• General usage statistics (e.g., "X users performed Y audits this month")
• Performance metrics to optimize our infrastructure
• Trend analysis to improve our features

This anonymized data does not contain any personally identifiable information.

7.1 Our Policy

We do not sell, rent, or trade your personal information to third parties.

We only share your information in the following limited circumstances:

7.2 Service Providers

We share data with trusted third-party service providers who assist in operating our platform:

• Clerk: Authentication and user account management
• LemonSqueezy: Subscription billing and payment processing
• Google Cloud Platform: OAuth services and Search Console API integration
• MongoDB Atlas: Secure database hosting
• Vercel: Application hosting and deployment

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

7.3 Legal Requirements

We may disclose your information if required by law, such as:

• To comply with a subpoena, court order, or legal process
• To protect our rights, property, or safety, or that of our users or the public
• To investigate or prevent fraud, security issues, or illegal activity
• In connection with a merger, acquisition, or sale of company assets (with advance notice to affected users)

7.4 Public Sharing Features

Greadme allows you to control the visibility of your audit results:

• Private (default): Only you can view your audit results
• Public sharing: You can choose to make specific domain results publicly accessible
• Domain visibility settings: You control which domains are public and can change this at any time

When you make audit results public, anyone with the link can view them. Be mindful of what you choose to share.

8.1 Access and Portability

• View your data: Access all your account information and audit results through your Greadme dashboard
• Export your data: Download your audit reports and results
• Request a copy: Contact us to request a comprehensive copy of your personal data

8.2 Correction and Updates

• Update account info: Modify your email, username, and other account details at any time
• Correct inaccuracies: Contact us to correct any inaccurate personal information

8.3 Deletion

• Delete your account: Permanently remove your account and all associated data through your account settings
• Delete specific data: Remove individual audit results or folders you no longer need
• Disconnect integrations: Revoke Google Search Console access at any time

8.4 Communication Preferences

• Marketing emails: Opt out of promotional communications (you'll still receive important account notifications)
• Email notifications: Manage which notifications you receive

8.5 Exercising Your Rights

To exercise any of these rights, please contact us at support@greadme.com or use the settings within your Greadme account. We will respond to your request within 30 days.

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how our service is used.

9.2 Cookies We Use

• Essential cookies: Required for authentication, security, and basic site functionality (e.g., Clerk session cookies)
• Analytics cookies: Google Analytics (tracking ID: GA-TDMDEQR58L) to understand usage patterns and improve our service
• Preference cookies: Remember your settings and preferences (e.g., theme, language)

9.3 Third-Party Tracking

• Google Analytics: We use Google Analytics to collect anonymized usage data. You can opt out using the Google Analytics Opt-out Browser Add-on.
• UserWay Accessibility Widget: We use UserWay to provide accessibility features. This widget may collect basic usage data to improve accessibility functionality.

9.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit your ability to use some features of Greadme. Most browsers allow you to:

• View and delete cookies
• Block all cookies
• Block third-party cookies
• Receive notifications before cookies are set