PazaAI

Privacy policy

Last updated: 2026-05-18

This page is a short, readable summary. The legal version is sent at sign-up.

1. What we collect

Account: name, email, organization. Usage: scan results, recommendations, fix status. Billing metadata: billing address and company name (Stripe handles the card data itself). Technical: IP address, browser, page views.

2. What we DO NOT collect

We don't store cards in plaintext. We don't collect sensitive personal data. We don't store passwords in plaintext — only bcrypt hashes.

3. Why we collect it

To deliver the service (scanning, reporting), support you, bill you, improve the product based on aggregate usage, and comply with law.

4. Retention

Free plan: raw HTML deleted after 30 days. Paid plans: per plan. Billing data: retained 7 years per US IRS requirements. Email logs: 12 months.

5. Subprocessors

Hosting: Hetzner (EU). Billing: Stripe (US + EU). Email: SMTP2GO. LLM analysis: Anthropic (US — only website content is sent, not data about your visitors).

6. Cookies

We only use strictly necessary cookies (session, CSRF). No tracking cookies, no Google Analytics, no Facebook Pixel.

7. Your GDPR rights

You have the right to access, deletion, data portability and objection. Email hello@pazaai.com — we respond within 30 days.

8. Right to complain

EU users still have GDPR rights and can complain to their local data protection authority (in Denmark: Datatilsynet, datatilsynet.dk). US users can contact us directly at hello@pazaai.com.

9. Changes

Material changes to this policy are announced by email at least 30 days before they take effect.

10. Contact

Data controller: Profectify LLC (Delaware, USA). Email: hello@pazaai.com. PazaAI is a product of Profectify LLC.