Privacy Policy
How we collect, use, and protect your data.
1. Who we are
AngryRobot Scanner is operated by Angry Robot Labs s.r.o., a company registered in the Slovak Republic. When this policy refers to "we", "us", or "our", it means Angry Robot Labs s.r.o.
Contact: [email protected]
2. What data we collect
Account data
When you register with email and password, we collect your name and email address. Your name and email address are encrypted at rest in our database. If you sign in with Google, we receive your name, email address, and Google account identifier from Google — we do not receive your Google password or access to any other Google services. If you upgrade to a paid plan, billing is handled by Stripe — we do not store your payment card details.
Website and scan data
When you use AngryRobot Scanner, we store the domain names and URLs you submit, along with the results of each scan — SEO scores, AI visibility signals, page content extracted during crawling, and generated recommendations. This data is tied to your account and is necessary to provide the service.
AI Research and Advisor data
When you run an AI Research report, the domain name and publicly accessible content of your website are sent to third-party AI APIs (see section 4) for analysis. No personal account data is included in these requests. When you use the AI Advisor, your conversation messages are stored on our servers to provide context across sessions.
Shared reports
When you share a report with a client, we create a frozen snapshot of that report accessible via a unique link. The snapshot contains scan scores and recommendations but no personal account data.
Usage and log data
We collect standard server logs (IP address, browser type, pages visited, timestamps) for security and operational purposes. These logs are retained for up to 90 days.
Cookies and tracking
We use a session cookie (name: sid) to keep you logged in — this is strictly necessary for the service to function and does not require consent.
With your consent, we also use:
- Google Analytics 4 — collects anonymised usage statistics (pages visited, session duration, device type). Sets cookies prefixed
_ga. - Microsoft Clarity — records anonymised session behaviour (mouse movements, clicks, scroll depth) to help us improve the interface. Does not record passwords or payment details.
Analytics and session recording cookies are only set after you click Accept all in the cookie banner. You may decline or withdraw consent at any time by clearing cookies in your browser — the banner will reappear and you can choose again.
Google reCAPTCHA v3 is used on login and registration forms to detect automated bot activity. This is a security-essential service and operates under Google's Privacy Policy.
3. How we use your data
- To create and maintain your account
- To run Site Audits, AI Perception reports, and generate recommendations on your behalf
- To power the AI Advisor using your stored conversation context
- To send transactional emails (email verification, password reset, billing receipts)
- To improve the Service based on aggregate, anonymised usage patterns, and to refine the scoring algorithms and models that power it using anonymised data derived from scan reports
- To prevent fraud and abuse (reCAPTCHA, server logs)
- To comply with legal obligations
We process your personal data on the following legal bases under GDPR Article 6:
- Account creation, service delivery, and transactional emails — performance of a contract (Art. 6(1)(b))
- Analytics and session recording — consent (Art. 6(1)(a)), only where you have accepted cookies
- Security logs, fraud prevention, service improvement, and algorithm development using anonymised report data — legitimate interests (Art. 6(1)(f))
- Compliance with tax, billing, and legal obligations — legal obligation (Art. 6(1)(c))
We do not sell your data. We do not use your data for advertising.
4. Third-party data processors
We act as a data controller. The following third parties process data on our behalf as data processors or independent controllers:
| Processor | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, billing details — Privacy Policy |
| Google (Gemini API, Vertex AI) | AI research reports, brand analysis | Domain name, website content — Privacy Policy |
| Anthropic (Claude) | AI research reports, AI Advisor | Domain name, website content, advisor messages — Privacy Policy |
| OpenAI (GPT-4o) | AI research reports | Domain name, website content — Privacy Policy |
| Microsoft Clarity | Session recording and heatmaps (with consent) | Anonymised interaction data — Privacy Policy |
| Google Analytics | Usage analytics (with consent) | Anonymised usage data — Privacy Policy |
| Google (OAuth, reCAPTCHA, PageSpeed) | Sign-in, bot prevention, performance analysis | Email/name (OAuth), form interaction data (reCAPTCHA), URLs (PageSpeed) — Privacy Policy |
| Hetzner Cloud | Hosting and infrastructure | All data stored on EU servers — Privacy Policy |
| Perplexity AI | AI citation research (Business/Agency plans) | Domain name — Privacy Policy |
When you scan a website, only the URL and publicly accessible page content of that website are sent to AI processors. Your account email, name, and personal details are never included in these requests.
5. Data retention
We retain your account data and scan history for as long as your account is active. You can delete your account at any time from Settings → Delete account. Account deletion is immediate and permanent — all personal data, scans, reports, and advisor conversations are erased from our systems at the moment of deletion. No 30-day waiting period.
Server logs are retained for up to 90 days. Anonymised, aggregated analytics data may be retained longer as it contains no personal information.
6. Your rights (GDPR)
As a data subject under the GDPR, you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data (you can update your name directly in Settings)
- Erasure — delete your account and all associated data instantly via Settings, or contact us
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — withdraw cookie consent at any time by clearing your
cookie_consentcookie - Lodge a complaint — you have the right to lodge a complaint with the Slovak Data Protection Authority (dataprotection.gov.sk)
To exercise any right not available self-service, contact us at [email protected]. We will respond within 30 days.
7. Data security
All data is transmitted over HTTPS. Passwords are hashed using bcrypt and never stored in plain text. Your name and email address are encrypted at rest using AES-256. Our servers are located in the European Union (Hetzner Cloud). We apply reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.
In the event of a personal data breach, we will notify the Office for Personal Data Protection of the Slovak Republic within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay.
8. Children
AngryRobot Scanner is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Significant changes will be communicated by email to registered users.
10. Contact
For any privacy-related questions, requests, or concerns:
Angry Robot Labs s.r.o.
Email: [email protected]
Supervisory authority: Office for Personal Data Protection of the Slovak Republic