Privacy Policy

ConduitScore, Inc. (“ConduitScore,” “we,” “us,” or “our”) operates the website conduitscore.com and the ConduitScore AI visibility audit platform (collectively, the “Service”). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.

Scope: This privacy policy covers the ConduitScore Chrome Extension and the conduitscore.com web application.

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

2.0 Chrome Extension — Data Collected

When you use the ConduitScore Chrome Extension, the only data collected is the domain name you explicitly provide — either by typing it into the extension popup or selecting it via the browser context menu. We collect nothing else from the extension. Specifically, the extension does not collect:

• Your browsing history
• Page content or text
• Any personal information
• Your IP address (beyond standard HTTP transport required to fulfill the request)

The domain name is sent to the ConduitScore public API at https://conduitscore.com/api/public/domain/[domain]/score to compute an AI visibility trust score. The result is returned directly to you. The domain is used solely for this computation — not for advertising, profiling, or any other purpose.

2.1 Information You Provide (Web App)

• Account data: Email address when you register or sign in via magic link or Google OAuth.
• Payment data: Billing information is processed by Stripe. We do not store full card numbers.
• URLs you scan: Website URLs you submit for AI visibility audits.
• Support communications: Any messages you send us.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, scan frequency, and interaction logs.
• Technical data: IP address, browser type, operating system, referral URLs, and device identifiers.
• Cookies and tracking technologies: See our Cookie Policy.

2.3 Google Analytics 4 (product analytics)

We use Google Analytics 4 (GA4) when our team configures a measurement ID for the site. GA4 helps us understand aggregate usage — for example how many people run scans, use sample URLs on the homepage, or hit errors — so we can improve speed and reliability.

For the free scanner we may send event summaries such as: a scan was started, completed successfully, or did not complete. If a scan does not complete, we send a short category label in GA4 (for example: monthly scan limit reached, server or API error, or network error) along with a numeric HTTP status code when the server returns one, and whether you used the scanner from the homepage or the dashboard. We do not send your scan URL or page contents inside these analytics events.

In the Google Analytics account we control, those failure details are available in reports once we register matching custom dimensions for the event parameters named reason, http_status, and source (so we can see counts by failure category, not individual URLs).

For how Google processes data, see Google's Privacy Policy and How Google uses information from sites that use our services.

We use your personal data to:

• Provide, operate, and improve the Service
• Process payments and manage your subscription
• Send transactional emails (magic links, receipts, scan notifications)
• Send product updates and marketing communications (with your consent, opt-out available)
• Analyze usage to improve features and performance
• Prevent fraud, abuse, and security incidents
• Comply with legal obligations

For users in the European Economic Area, we process data under the following legal bases:

• Contract performance: To deliver the Service you signed up for.
• Legitimate interests: Analytics, security, and product improvement.
• Consent: Marketing emails and non-essential cookies.
• Legal obligation: Tax, fraud prevention, and regulatory compliance.

We do not sell your personal data. We may share data with:

• Service providers: Stripe (payments), Resend (email), Vercel (hosting), Neon (database), Supabase (analytics/state).
• Analytics providers: Google LLC (Google Analytics 4) when enabled — see Google Analytics 4 above. We may also use other providers for aggregated, de-identified usage data.
• Law enforcement: When required by applicable law or court order.
• Business transfers: In the event of a merger, acquisition, or asset sale.

We retain your account data for as long as your account is active or as needed to provide the Service. Scan results are retained for 12 months on free plans and 24 months on paid plans. You may request deletion at any time by contacting us.

Chrome Extension: Scan results are cached locally in your browser using chrome.storage.local for one hour. After one hour the cache is automatically purged. ConduitScore does not store per-user scan history server-side from extension requests.

Depending on your location, you may have the right to:

• Access, correct, or delete your personal data
• Object to or restrict processing
• Data portability (receive your data in a structured format)
• Withdraw consent at any time
• Lodge a complaint with your local data protection authority

Chrome Extension users: You can clear all extension data at any time by removing the extension from Chrome (chrome://extensions → Remove) or by using Chrome's built-in Settings → Privacy and security → Clear browsing data controls.

To exercise other rights, email us at privacy@conduitscore.com.

We use cookies and similar technologies. See our Cookie Policy for details on what cookies we use and how to control them.

We implement industry-standard security measures including HTTPS encryption, AES-256 encryption for sensitive vault data, and regular security reviews. However, no method of transmission over the Internet is 100% secure.

The Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us immediately.

Your data may be transferred to and processed in countries other than your own. When transferring data from the EEA, we use Standard Contractual Clauses or other approved mechanisms.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Continued use after the effective date constitutes acceptance of the revised policy.

For privacy-related questions, contact us at: