Privacy Policy
Last updated June 8, 2026
This policy explains what AuditSpark (a product of Purple Kiwi Advisory, LLC, doing business as Purple Kiwi AI — “we”, “us”) collects when you use auditspark.io, how we use it, who processes it on our behalf, and how long we keep it. We use cookie-free analytics, so the site does not set tracking cookies.
1. Information We Collect
Audit inputs
The website URL you submit and any optional context you provide (such as brand name, goal, target audience, competitors, market, or specific concerns). To produce an audit, we fetch the public content of the URL you submit.
Account information
If you create a subscription, your email address (used for magic-link sign-in and account communications). We do not store passwords — authentication is passwordless.
Payment information
Payments are processed by Polar as our merchant of record. We do not collect or store your card details. We receive transaction metadata (such as order and subscription identifiers, plan, amount, and the email used for purchase).
Technical & usage data
Your IP address (used transiently for rate limiting and abuse prevention), and operational metrics for each audit (timing, token usage, cost, and score). Aggregate, cookie-free analytics about site usage.
2. How We Use Information
- To generate, deliver, and store your audit reports and PDFs.
- To operate your account, subscription, quotas, and dashboard.
- To send transactional email (magic-link sign-in, welcome, purchase, and account notices) via our email provider.
- To prevent abuse and enforce rate limits and usage caps.
- To understand and improve the service using aggregate, de-identified data.
We do not sell or share your personal information (including as “sale” or “sharing” are defined under California law), and we do not use it for cross-context behavioral advertising.
3. Cookies & Analytics
We use Plausible Analytics, a privacy-friendly, cookieless analytics tool — it does not set cookies or collect personal data, so no cookie-consent banner is required. We use browser localStorage only for strictly functional purposes (keeping you signed in and remembering display preferences). We use Cloudflare Turnstile for bot protection, which is a security function.
Do Not Track. Because we do not track you across websites or over time, we honor “Do Not Track” signals by default — there is no cross-site tracking to disable.
4. Data Retention
We retain website audit reports as follows:
| Type | Retention |
|---|---|
| Free audits | 30 days from creation, then automatically deleted. |
| One-time Pro Reports | 12 months from purchase; your report and PDF remain accessible during this period. |
| Active subscriptions (Freelance, Agency) | Your audit history is retained for the life of your active subscription. |
| After cancellation | Your audit history is retained for 30 days after your subscription ends, then permanently deleted. |
If you cancel, please export anything you wish to keep before the 30-day grace period ends. We may retain aggregate, de-identified statistics derived from audits (which do not identify you, your website, or your report) to operate and improve the service, and we retain billing records as required for tax and accounting.
5. How We Share Information
We share data only with the service providers (subprocessors) needed to run AuditSpark, each acting on our behalf:
- Anthropic — AI analysis of the submitted site’s public content and your audit context.
- Neon — database hosting (stores audits, account, and subscription data).
- Netlify — application hosting and serverless functions.
- Resend — transactional email delivery.
- PDFShift — rendering reports to PDF.
- Polar — payment processing as merchant of record.
- Cloudflare — Turnstile bot protection and R2 object storage (e.g. logos, generated assets).
- browserless.io — rendering JavaScript-heavy sites during a fetch, when needed.
- Plausible — cookieless analytics.
We may also disclose information if required by law, or to protect the rights, safety, and security of AuditSpark and its users.
6. Data Security
We protect data with measures including encrypted connections, passwordless authentication, signed session tokens, scoped access controls, bot protection, and protections against server-side request forgery. No system is perfectly secure, but we work to safeguard your information.
7. Your Rights
Depending on your location, you may have the right to access, correct, export, or delete your personal information, to object to or restrict certain processing, and to withdraw consent. California residents may also request the categories and specific pieces of personal information we collect, the purposes for collection, and any disclosures, and may exercise these rights without discrimination.
To make a request, email support@auditspark.io. We may need to verify your identity before acting, and we will respond within the time required by applicable law (generally within 30–45 days). You may use an authorized agent where the law permits. Subscribers can also view and manage their audit history from the dashboard.
8. International Users
AuditSpark is operated from the United States, and our subprocessors may process data in the United States, the European Union, and elsewhere. By using the service, you understand your information may be processed in these locations.
9. Children
AuditSpark is not directed to children under 16 and we do not knowingly collect their personal information.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above.
Contact
For privacy questions or to exercise your rights, email support@auditspark.io.
See also our Refund Policy.