Privacy Policy

Last updated: June 2026 This Privacy Policy explains how CrawlVitals collects, uses, stores, and protects information when you use the website, free tools, app dashboard, APIs, integrations, plugins, billing flows, and support channels. 1. Information We Collect Account information: name, email address, authentication provider identifiers, workspace membership, role, login activity, and billing status. Website and scan data: submitted domains, URLs, sitemaps, robots.txt results, HTTP headers, metadata, structured data, crawlability findings, indexability findings, GEO findings, agent-readiness findings, scan history, and generated reports. Integration data: OAuth tokens, integration identifiers, connected property IDs, Search Console properties, WordPress plugin settings, Shopify/Webflow identifiers, webhook payloads, and API-key metadata. Sensitive integration tokens should be encrypted at rest and are used only to provide the connected features. Billing data: plan, subscription status, Stripe customer/subscription IDs, coupon/comp access, invoices, payment events, and usage limits. Full payment card details are processed by Stripe and are not stored by CrawlVitals. Usage and security data: IP-derived hashes, request logs, tool runs, API usage, error logs, device/browser metadata, abuse-prevention signals, and audit logs. 2. How We Use Information We use information to provide scans, reports, dashboards, URL submissions, IndexNow setup, Search Console status checks, API access, billing, support, security, abuse prevention, product analytics, and service improvement. 3. OAuth and Connected Services If you connect Google Search Console, we request the minimum scopes needed for the selected features, such as reading verified properties, submitting sitemaps, inspecting URL status, and retrieving search performance where applicable. You can disconnect integrations through the app or through the provider account settings. 4. AI and Research Features CrawlVitals may use scan results and technical findings to generate fix prompts, summaries, and recommendations. Customer private data should not be sold to advertisers. Internal research-watcher features monitor trusted public sources to update scanner rules and do not require customer content. 5. Sharing We share data with service providers required to operate the service, including hosting, database, authentication, email, payments, monitoring, and connected integration providers. We do not sell customer data. 6. Retention We retain account, scan, billing, and security records as needed to provide the service, comply with legal obligations, prevent abuse, resolve disputes, and enforce agreements. Customers may request deletion, subject to security, billing, legal, and backup retention requirements. 7. Security We use reasonable technical and organizational safeguards, including environment-variable secrets, token encryption, access controls, and server-side authorization. No system can be guaranteed perfectly secure. 8. International Use Data may be processed in countries where our providers operate. By using the service, you understand that data may be transferred and processed outside your location. 9. Your Choices You can update account information, disconnect integrations, revoke OAuth grants, delete API keys, request account deletion, and contact support about privacy rights. 10. Contact Questions about privacy can be sent to the support contact listed on the website.