Privacy Policy

Last updated: 12 April 2026

Scope: this Privacy Policy covers both our marketing website (findalyse.com) and the Findalyse application at app.findalyse.com. Where a practice applies only to one of the two, we call it out explicitly.

This Privacy Policy explains how Findalyse collects, uses, shares, and protects personal data when you visit our website, use our service, or otherwise interact with us. We process personal data in accordance with the EU General Data Protection Regulation (GDPR / AVG).

1. Who we are

Findalyse is a SaaS platform for AI visibility analysis. We help agencies and businesses understand how AI assistants such as ChatGPT, Claude, and Google AI Overviews perceive and recommend their brand.

Findalyse
De Beekjuffer 30, 9766 RD Eelderwolde, The Netherlands
KvK number: 123456789
VAT number: NL123456789
Email: [email protected]

Findalyse is the data controller for the personal data processed through our website and service.

2. To whom this policy applies

This Privacy Policy applies to:

• Visitors to findalyse.com
• People who contact us through the contact form or by email
• Trial users and paying customers of the Findalyse platform
• Team members invited to a customer workspace
• Recipients of reports generated by our customers using Findalyse

3. Personal data we process

Depending on how you use Findalyse, we may process the following categories of personal data:

• Identity and contact data: full name, email address, company name, job title
• Account data: login credentials (hashed password), workspace settings, preferences
• Billing data: billing address, VAT number, payment method details (handled by Stripe)
• Usage data: pages visited, features used, scans performed, reports generated
• Technical data: IP address, browser type, device type, operating system, access logs
• Customer content: domains you add for analysis, branding assets, report configurations
• Support data: messages you send us through support channels
• Cookie and analytics data: limited, privacy-friendly analytics (see our Cookie Policy)
• Spam and abuse prevention data: when you use our contact form, Google reCAPTCHA receives your IP address, device information, browser behavior signals, and a reCAPTCHA cookie, and uses this to score the request as human or bot

4. Why we process this data and on what legal basis

We only process personal data for specific, legitimate purposes and always on a lawful basis under the GDPR:

• Providing the service (creating accounts, running scans, delivering reports) — performance of a contract.
• Billing and invoicing (processing payments, issuing invoices) — performance of a contract and legal obligation.
• Customer support (responding to questions, troubleshooting) — performance of a contract.
• Security, fraud prevention, and abuse detection — legitimate interest.
• Spam and abuse protection on our contact form (via Google reCAPTCHA) — legitimate interest in preventing automated submissions, spam, and abuse.
• Product analytics and improvement (privacy-friendly aggregated usage data) — consent (analytics cookies) or legitimate interest (aggregated server-side metrics).
• Sending service emails (account verification, billing, security alerts) — performance of a contract.
• Legal and tax administration (accounting, audits) — legal obligation.

5. Cookies and similar technologies

We use a minimal set of cookies and similar technologies. Strictly necessary cookies (such as those that remember your cookie-consent choice) do not require consent. Analytics is only activated after you accept cookies through our banner. See our Cookie Policy for the full details.

6. Who we share data with

We do not sell your personal data. We share data only with the service providers we need to deliver and operate Findalyse. These providers act as processors and are bound by data processing agreements.

We only share the minimum data required for each provider to perform its role. Customer content (such as domains and scan results) may be sent to AI providers solely for the purpose of generating the analysis you requested.

7. International data transfers

Most of our infrastructure runs in the European Union. However, some of our processors (notably OpenAI, Anthropic, and certain Google and Stripe services) may process data outside the European Economic Area, primarily in the United States. Where this happens, we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, additional safeguards provided by the processor to ensure an adequate level of protection.

8. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected:

• Account data: up to 12 months after account closure, then deleted or anonymized.
• Invoices and billing records: 7 years (mandatory under Dutch tax law).
• Scan results and reports: for the duration of your subscription plus 6 months.
• Support tickets and correspondence: 24 months.
• Security and audit logs: 90 days.
• Marketing communications: until you unsubscribe or after a reasonable period of inactivity.

9. Security

We take appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These include encrypted connections (HTTPS), access controls and role-based permissions, password hashing, secure credential management, monitoring and logging, regular backups, and careful selection of subprocessors.

No security system is perfect. If we become aware of a data breach affecting your personal data, we will notify you and the relevant supervisory authority in line with our legal obligations.

10. Your rights

Under the GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure — ask us to delete your personal data (subject to legal retention).
• Right to restriction — ask us to temporarily stop processing your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on our legitimate interests.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time (e.g. cookie preferences, marketing emails).
• Right to lodge a complaint — with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

To exercise any of these rights, email us at [email protected]. We will respond within one month. If your request is complex, we may extend this period by up to two months and will let you know within the first month.

11. Automated decision-making

Findalyse uses automated analysis to generate AI visibility scores, recommendations, and prioritized action lists for your domains. These outputs are advisory in nature. They are based on a combination of rule-based checks, AI model responses, and aggregated signals about how AI assistants describe your brand.

No decisions producing legal effects or similarly significant effects on you are made purely by automated means. All business decisions about what to do with the insights remain with you. If you would like a human review of any specific result, contact us and we will be happy to help.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our service, our processors, or the law. The date at the top of this page shows when it was last updated. For material changes we will notify account holders by email or through the application.

13. Contact

If you have any questions about this Privacy Policy or how we handle personal data, please contact us at [email protected].