Privacy policy
Last updated: 2026-05-18
1. What we collect
Account: name, email, organization. Usage: scan results, recommendations, fix status. Billing metadata: billing address and company name (Stripe handles the card data itself). Technical: IP address, browser, page views.
2. What we DO NOT collect
We don't store cards in plaintext. We don't collect sensitive personal data. We don't store passwords in plaintext — only bcrypt hashes.
3. Why we collect it
To deliver the service (scanning, reporting), support you, bill you, improve the product based on aggregate usage, and comply with law.
4. Retention
Free plan: raw HTML deleted after 30 days. Paid plans: per plan. Billing data: retained 7 years per US IRS requirements. Email logs: 12 months.
5. Subprocessors
Hosting: Hetzner (EU). Billing: Stripe (US + EU). Email: SMTP2GO. LLM analysis: Anthropic (US — only website content is sent, not data about your visitors).
6. Cookies
We only use strictly necessary cookies (session, CSRF). No tracking cookies, no Google Analytics, no Facebook Pixel.
7. Your GDPR rights
You have the right to access, deletion, data portability and objection. Email hello@pazaai.com — we respond within 30 days.
8. Right to complain
EU users still have GDPR rights and can complain to their local data protection authority (in Denmark: Datatilsynet, datatilsynet.dk). US users can contact us directly at hello@pazaai.com.
9. Changes
Material changes to this policy are announced by email at least 30 days before they take effect.
10. Contact
Data controller: Profectify LLC (Delaware, USA). Email: hello@pazaai.com. PazaAI is a product of Profectify LLC.