AskVardi.ai

Legal

Privacy Policy

Effective date: June 22, 2026  ·  Last updated: June 22, 2026

1. Overview

AskVardi.ai (“AskVardi,” “we,” “our,” or “us”) provides a software-as-a-service platform that tracks brand visibility across AI-generated search results. This Privacy Policy describes how we collect, use, disclose, and protect information about you when you use our website at askvardi.aiand our related services (collectively, the “Service”).

By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

We comply with applicable data protection laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Data We Collect

2.1 Information You Provide

  • Account information: name, email address, and password when you register.
  • Organization details: company name, website URL, and industry category.
  • Brand data: brand names, competitor names, website domains, and custom tracking queries you configure.
  • Payment information: handled by our payment processor (Stripe). We never store your full card number, CVV, or bank account details on our servers.
  • Communications: emails or messages you send us, including support requests.

2.2 Information We Collect Automatically

  • Usage data: pages viewed, features used, button clicks, session duration, and query history.
  • Log data: IP address, browser type and version, operating system, referring URL, date/time of access.
  • Device information: device type, screen resolution, language preferences.
  • Cookies and similar technologies: session tokens, authentication cookies, and analytics identifiers (see Section 5).

2.3 AI Query Results (Platform Data)

When our automated systems run queries against AI platforms (Google, ChatGPT, Gemini, etc.) on your behalf, we store the resulting AI-generated text, source URLs, brand mentions, and metadata. This data belongs to your organization and is used to provide the Service.

2.4 Information from Third Parties

  • Authentication providers: if you sign in via Google OAuth, we receive your name, email, and profile picture from Google.
  • Payment processor (Stripe): billing address, last 4 digits of card, and subscription status.

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and improve the Service.
  • Run your configured queries against AI platforms and generate visibility reports.
  • Process payments and manage subscriptions.
  • Send transactional emails (account creation, billing receipts, password resets).
  • Send product update emails and feature announcements (opt-out available).
  • Send alert notifications you configure (e.g., visibility drop alerts).
  • Detect and prevent fraud, abuse, or security incidents.
  • Comply with legal obligations and enforce our Terms of Service.
  • Analyze aggregate, anonymized usage patterns to improve our product.

Legal Bases for Processing (GDPR)

  • Contract performance: processing necessary to deliver the Service you signed up for.
  • Legitimate interests: security monitoring, fraud prevention, product improvement using anonymized data.
  • Legal obligation: compliance with applicable laws and court orders.
  • Consent: marketing emails (you can withdraw consent at any time).

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

4.1 Service Providers

We use trusted third-party providers to operate our Service. Each is bound by data processing agreements and handles only the data necessary for their function:

  • Supabase: database and authentication hosting (EU/US regions).
  • Trigger.dev: background task queue for running AI queries.
  • Stripe: payment processing.
  • Resend / Postmark: transactional email delivery.
  • Vercel: web application hosting and CDN.
  • OpenAI: AI prompt suggestion feature (only your brand category and existing query list are sent; no personal data).

4.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of AskVardi, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

4.4 Aggregated / Anonymized Data

We may share aggregated, anonymized statistics (e.g., “X% of brands in the EdTech category appear in Google AI Overviews”) that cannot reasonably identify you.

5. Cookies and Tracking Technologies

Essential Cookies

We use session cookies to keep you logged in and protect your account. These are strictly necessary for the Service to function and cannot be disabled.

Analytics Cookies

We use privacy-respecting analytics to understand how users navigate our product. We do not use third-party advertising cookies. Analytics data is aggregated and anonymized.

Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies will prevent you from signing in to the Service.

6. Data Retention

  • Account data: retained for the lifetime of your account plus 30 days after deletion, to allow for account recovery.
  • Query results and reports: retained per your plan (Free: 7 days, Pro: 90 days, Advanced: 1 year). You can delete individual batches at any time.
  • Billing records: retained for 7 years as required by tax and financial regulations.
  • Log data: retained for 90 days for security and debugging purposes.
  • Backups: encrypted backups are retained for up to 30 days before being purged.

7. Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Data at rest is encrypted using AES-256.
  • Passwords are hashed using bcrypt with a salt.
  • Database access is restricted via Row Level Security (RLS) policies — each organization can only access its own data.
  • We conduct regular security reviews and dependency audits.
  • Two-factor authentication is available and encouraged.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at privacy@askvardi.ai.

8. Your Rights

Depending on your location, you have the following rights regarding your personal data:

Rights under GDPR (EEA, UK, Switzerland)

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data (“right to be forgotten”).
  • Right to restriction: request that we limit the processing of your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: where processing is based on consent, withdraw at any time.
  • Right to lodge a complaint: with your national data protection authority.

Rights under CCPA (California Residents)

  • Know what personal information we collect and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale of personal information (we do not sell personal information).
  • Non-discrimination for exercising your CCPA rights.

Exercising Your Rights

To exercise any of these rights, email us at privacy@askvardi.ai with the subject line “Privacy Request.” We will respond within 30 days (GDPR) or 45 days (CCPA) of receiving a verifiable request.

9. Children's Privacy

Our Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@askvardi.ai and we will delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the “Effective date” at the top of this page.
  • Send an email notification to all registered users at least 14 days before the change takes effect.
  • Display a prominent notice in the application dashboard.

Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy. If you do not agree, you may delete your account before the changes take effect.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

AskVardi.ai — Privacy Team

Email: privacy@askvardi.ai

We aim to respond to all privacy requests within 5 business days.

For EU/EEA residents: if you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

→ Terms of Service← Back to home