Privacy Policy

Last updated: June 12, 2026

TL;DR: This Privacy Policy explains what data LoudPixel collects, how we use it, and the controls you have. Short version: we collect email and display name from your OAuth login, the URLs you scan, and anonymized benchmark data. We never sell user data. You can export, delete, or opt out anytime via account settings. The LoudPixel attribution pixel is cookieless, IP addresses are never stored, and goal-event payloads are anonymized at four layers before storage.

1. Information We Collect

When you create an account, we collect your email address and display name via Google OAuth. When you use our scanning services, we process the URLs you submit and the AI engine responses. We also process the queries run by the LoudPixel workflows (Get Cited, Fix Decay, Beat Competitor X, Monday Battle Plan, Auto-Repair PRD, Counter-Attack, Revenue-Pixel GEO) on your behalf.

2. How We Use Data

We use your data to provide AI visibility scanning services, run the workflows you trigger from your IDE, track your AI-citation performance, and improve our recipes. Anonymized benchmark data is used to provide industry comparisons and to seed the Niche Power Index recipes. We never sell user data and never share PII with third parties beyond the sub-processors listed in §4.

3. Data Storage and Retention

Your data is stored on Google Cloud Platform infrastructure with encryption at rest and in transit. We follow industry-standard security practices.

Retention windows:

  • Account and authentication data: kept while your account is active; deleted within 30 days of account closure.
  • Scan and workflow results (URLs, citation data, PRDs): retained for 90 days by default; longer retention available on the Premium plan for trend analytics.
  • Pixel telemetry (anonymous goal events, session IDs): 90 days, then purged.
  • Workflow PRDs you generate are retained for the life of your subscription so you can re-apply or audit them; export-on-request and delete-on-request both supported.

4. Third-Party Services (Sub-processors)

We integrate with the following sub-processors. Each has its own privacy policy:

  • Firebase (authentication)
  • WorkOS AuthKit (MCP OAuth for Cursor / Claude Code)
  • PostHog (analytics)
  • Google Cloud Platform (hosting + storage)
  • LemonSqueezy (billing + checkout — Merchant of Record)
  • Cloudflare (CDN + DDoS protection)
  • The AI search engines we query on your behalf: Perplexity, ChatGPT (OpenAI), Claude (Anthropic), Gemini (Google), Grok (xAI), Mistral.

5. Your Rights

You can request deletion of your data, export your reports, and opt out of analytics tracking at any time through your account settings or by emailing contact@loudpixel.ai. Under GDPR / UK GDPR / CCPA you have the right to access, rectification, erasure, restriction, portability, and objection — exercised via the same address; we respond within 30 days.

6. Pixel & Goal-Event Anonymization

The LoudPixel attribution pixel (/t.js) is cookieless and uses a per-tab session ID stored in sessionStorage — never localStorage, never cookies. IP addresses are never stored; country is derived server-side from CDN headers (CF-IPCountry) and discarded after classification. Per-tab session IDs are random.

For same-day first-touch survival, LoudPixel also derives a daily-rotating fingerprint from a salted hash of IP + User-Agent + OS platform + browser language + tenant; it rotates every UTC day, so no cross-day reconstruction is possible and the raw IP is never stored. This fingerprint is a pseudonymized online identifier (not anonymous) processed under legitimate interest (GDPR Art 6(1)(f)) — cookieless attribution that needs no consent banner because nothing is stored on or read from your device (ePrivacy Art 5(3)); you may object at contact@loudpixel.ai, and the fingerprint table is purged after 90 days. AI-source first-touch attribution is resolved server-side within a single UTC day from that fingerprint, or supplied by your own backend on an HMAC-signed goal event. In all cases LoudPixel writes no durable identifier to the visitor's device.

Goal events (lp.track(name, {value, currency, plan})) are anonymized at four layers:

  1. The browser snippet enforces a property-key allowlist (value, currency, plan only — any other key is dropped with a console warning).
  2. The server route rejects with HTTP 400 if any property string matches an email / phone / SSN regex.
  3. Storage caps the JSONB envelope at 1KB and clamps value to $10,000 (CHECK database constraint).
  4. Per-tenant HMAC signing is supported via the X-LP-Goal-Signature header so customer backends can prove provenance — only signed events feed our revenue-attribution workflows (anti-fraud).

Customer-side goal events should never include PII. If your funnel needs identifiers, hash them in your backend before signing the payload.

Data Processing Agreement (DPA): a standard DPA template is available on request at contact@loudpixel.ai. Enterprise tenants in the EU / UK can countersign before installing the Pixel.

7. International Transfers

Data is processed in Google Cloud's US regions by default. EU / UK customers can request EU-region processing as part of their DPA; we use Standard Contractual Clauses (SCCs) for any cross-border transfer.

8. Children's Privacy

LoudPixel is not directed to children under 16 and we do not knowingly collect data from minors. Contact contact@loudpixel.ai if you believe a minor has provided us data.

9. Changes to This Policy

We post material changes here with an updated "Last updated" date at the top. For changes that affect how we use existing customer data, we notify account emails at least 14 days before the change takes effect.

10. LoudPixel Chrome Extension

The LoudPixel Chrome Extension is designed as a local-first diagnostic tool:

  • Local Audits: All diagnostic SEO and GEO checklist reviews run entirely on your device inside your browser context. No page content, URLs, or scores are transmitted to our servers for the local checklist audit.
  • AI Answer Optimizer: If you choose to run the AI Answer Optimizer feature, the HTML content of the active tab is securely sent to our backend API to generate citable summaries via Gemini Flash. This content is processed in memory in real-time and is discarded immediately afterwards. We do not store or retain this website content, nor is it used to train AI models.
  • Core Web Vitals: If you enable the Core Web Vitals check, the URL is submitted anonymously to the Google PageSpeed Insights API to retrieve LCP, INP, and CLS metrics.
  • Data Storage: The extension caches your local audit history and settings on your device using Chrome extension storage (chrome.storage.local). This data never leaves your device and can be cleared at any time by clearing the extension's local storage or uninstalling it.

11. Contact

For privacy inquiries, contact contact@loudpixel.ai. For DPA / DPIA requests, the same address — we typically return a signed DPA within 5 business days.