Surfedo Privacy Policy

We collect the following categories of information:

a) Account & Identity Information

• Full name and email address
• Password (stored in hashed form)
• Company name or team information (if provided)
• Billing name and address

b) Website & Domain Data

• The domain(s) or URL(s) you submit for scanning
• Competitor domains you configure for tracking
• Queries and keywords you set up for position tracking

c) Payment Information

• Credit/debit card details — processed and stored by Stripe, Inc. We do not store full card numbers on our servers.
• Billing address and transaction history

d) Usage & Analytics Data

• Pages visited, features used, and time spent on the platform
• IP address, browser type, device type, and operating system
• Referring URLs and session identifiers
• Crash reports and error logs

e) Communications

• Emails, support tickets, or messages you send us
• Survey responses and feedback

We use the data we collect to:

• Provide, operate, and improve the AgentScore Service
• Create and manage your account
• Process payments and send invoices via Stripe
• Deliver scan results, reports, and fix recommendations
• Send transactional emails (e.g., receipts, scan alerts, password resets)
• Send marketing communications (you may opt out at any time)
• Analyze aggregate usage patterns to improve product features
• Detect fraud, abuse, or security threats
• Comply with legal obligations

We do not sell your personal data. We share information only in the following circumstances:

a) Service Providers

We share data with trusted third-party vendors who help us operate the Service, including:

• Stripe — payment processing
• Amazon Web Services (AWS) — cloud infrastructure and data storage
• Google Analytics / Mixpanel — usage analytics
• Postmark / SendGrid — transactional email delivery
• Intercom / Crisp — customer support chat

These vendors are contractually obligated to use your data only for the purposes we specify and to maintain appropriate security standards.

b) Legal Requirements

We may disclose information if required by law, subpoena, court order, or to protect the rights, property, or safety of Surfedo, our users, or the public.

c) Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email or prominent notice on our website before such transfer occurs.

We retain your personal data for as long as your account is active or as needed to provide the Service. You may request deletion of your account at any time by contacting us at legal@surfedo.com. Upon deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

We use cookies and similar technologies to:

• Keep you logged in to your account
• Remember your preferences
• Understand how users interact with our platform
• Serve relevant marketing if you visit third-party sites

You can control cookies through your browser settings. Disabling cookies may affect certain features of the Service. We honor Do Not Track (DNT) browser signals where feasible.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request that we correct inaccurate or incomplete data
• Deletion — request that we delete your personal data
• Portability — receive your data in a machine-readable format
• Opt-Out — opt out of marketing communications at any time via the unsubscribe link in our emails

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to opt out of the sale of personal information (we do not sell personal information).

EU/UK residents may have rights under the GDPR/UK GDPR. Please contact us at legal@surfedo.com to exercise any of these rights.

We implement industry-standard security measures to protect your data, including:

• TLS/HTTPS encryption for all data in transit
• Encrypted storage for sensitive data at rest
• Access controls and authentication for internal systems
• Regular security audits and monitoring

No method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Our website may contain links to third-party sites (e.g., G2, Capterra, competitor platforms). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. When we do, we will revise the Effective Date at the top of this page and, for material changes, notify you by email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Policy.

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Surfedo
Email: legal@surfedo.com
Website: https://surfedo.com