Privacy Policy

We collect and process the following categories of information:

• Account information. Your email address, email verification records, account identifier, session records, and essential authentication metadata.
• Audit inputs and outputs. The URL you submit, publicly accessible page content needed to analyze the offer, private screenshots, generated findings, scores, recommendations, and your server-side checklist state.
• Payment records. Order status, Stripe identifiers, currency, subtotal, discount, applicable taxes, and total amount. We do not receive or store your full payment card number.
• Security and support data. Abuse-prevention counters, one-way hashes used for rate limiting and financial records, basic request metadata such as IP address and user agent, and logged support actions.
• Usage analytics. Cookie-free, anonymized traffic information collected through Vercel Web Analytics, such as page visits and general device or referrer information.

We use information to:

• authenticate your account and import eligible legacy alpha audits;
• create, process, display, rerun, export, and delete your private audits;
• process one-time payments, calculate taxes, and issue support credits;
• prevent abuse, protect the Service, recover interrupted jobs, and troubleshoot;
• measure aggregate Service usage and improve reliability; and
• comply with legal, accounting, tax, and fraud-prevention obligations.

Audit UUIDs identify database records, but possession of a UUID does not grant access. A verified account session and an ownership check are required before an audit, finding, export, or signed screenshot URL is returned.

A configured Company support administrator may access private audits and payment status when needed to provide support, investigate technical failures, or grant a traceable credit. Support access and actions are logged.

We use service providers to operate the Service. Depending on the feature used, information may be processed by:

• Vercel for hosting and cookie-free web analytics;
• Supabase for database and private file storage;
• Better Auth software for account sessions and email OTP authentication;
• Resend for transactional OTP emails;
• Stripe for Checkout, payment processing, fraud prevention, and tax calculation;
• Firecrawl for extracting submitted public page content and screenshots;
• our configured AI model provider for generating audit analysis; and
• Tavily, where enabled, for competitor discovery used in market analysis.

These providers process information on our behalf or under their own terms where applicable. We do not sell personal information or share it for cross-context behavioral advertising.

The Service uses essential, HTTP-only session cookies for authentication and security. Vercel Web Analytics is configured as cookie-free analytics. We do not currently use advertising cookies.

We send transactional messages such as login codes and important service-related communications. These operational emails are not marketing messages.

You can delete individual audits or your account from the Service. Deleting an audit removes its generated findings and private screenshots. Deleting an account removes its private audits, findings, screenshots, credits, sessions, and checklist state.

We retain a minimal payment registry where reasonably necessary for accounting, tax, fraud prevention, and exceptional refund handling. Stored order URLs are redacted after the related audit or account is deleted. Historical alpha lead emails are anonymized after an eligible audit is claimed. Limited records may also remain in backups or provider systems for a reasonable period.

We use technical and organizational safeguards designed to protect your information, including private storage, signed screenshot URLs, access checks, hashed OTP storage, rate limiting, and encrypted transport. No system can guarantee absolute security.

Depending on where you live, you may have rights to request access, correction, deletion, or a copy of certain personal information, or to object to certain processing. You may also delete your account directly in the Service. To submit a privacy request, email contact@fixmyoffer.ai. We may need to verify your identity before completing a request.

The Service is operated from the United States. Our providers may process information in the United States and other countries, subject to their applicable safeguards.

The Service is not directed to children under 18, and we do not knowingly collect personal information from children under 18.

We may update this Privacy Policy as the Service evolves. Material changes will be posted on this page and, where appropriate, communicated by email or through the Service.

ItsaYes Labs, LLC
31 Continental Dr, Suite 305
Newark, Delaware 19713
Email: contact@fixmyoffer.ai