Your Privacy Matters: PolicyGen is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information.
1. Introduction
PolicyGen ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains:
- What information we collect
- How we use your information
- Your rights regarding your data
- How we protect your information
2. Data Controller
Data Controller: PolicyGen (operated by the team behind policygen.org) is the data controller for personal data processed through this Service. As data controller, we determine the purposes and means of processing your personal information.
Contact: For all privacy-related matters, contact our Data Protection Officer at [email protected]. We aim to respond within 30 days.
Business contact: PolicyGen, support contact: [email protected]
3. Information We Collect
3.1 Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email, password | Account creation and authentication |
| Business Information | Company name, website URL | Setting up and identifying monitored websites |
| Payment Information | Credit card, billing address | Processing payments (via Stripe) |
| Scan Data | URLs submitted for scanning | Running trust scans and delivering monitoring results |
| Communications | Support messages, feedback | Customer support |
3.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent
- Device Information: Browser type, operating system, IP address
- Cookies: Small files stored on your device (see Cookie Policy)
- Analytics: How you interact with our Service
3.3 Information from Third Parties
If you sign up using Google or GitHub, we receive:
- Name and email address
- Profile picture (optional)
- No access to your passwords or private data
4. How We Use Your Information
4.1 Lawful Basis for Processing (EU / UK / EEA Users)
We process your personal data on the following lawful basis under GDPR and UK GDPR:
| Processing Activity | Lawful Basis |
|---|---|
| Account creation and authentication | Contractual necessity (Art. 6(1)(b) GDPR) |
| Running scans and delivering results | Contractual necessity (Art. 6(1)(b) GDPR) |
| Payment processing | Contractual necessity (Art. 6(1)(b) GDPR) |
| Sending transactional emails | Contractual necessity (Art. 6(1)(b) GDPR) |
| Marketing emails / newsletters | Consent (Art. 6(1)(a) GDPR) — opt-in only |
| Analytics and service improvement | Legitimate interest (Art. 6(1)(f) GDPR) |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f) GDPR) |
| Legal compliance and record-keeping | Legal obligation (Art. 6(1)(c) GDPR) |
4.2 Primary Uses
- Service Delivery: Run website trust scans, deliver monitoring alerts, provide support
- Account Management: Create and maintain your account
- Payment Processing: Charge for services, handle refunds
- Communication: Send transactional emails, updates, support responses
- Improvement: Analyze usage to improve our Service
- Security: Detect fraud, prevent abuse, ensure platform security
4.3 Marketing (With Your Consent)
- Send newsletters about new features
- Promotional offers and discounts
- Product updates and tips
You can opt out at any time using the unsubscribe link in emails.
5. How We Share Your Information
We do NOT sell your personal information. We only share data with trusted partners as described below.
5.1 Service Providers
| Provider | Service | Data Shared |
|---|---|---|
| Stripe | Payment processing | Payment info, billing address |
| Google Analytics | Usage analytics | Anonymized usage data |
| DigitalOcean | Hosting & storage | All service data |
| SendGrid | Email delivery | Email address, name |
5.2 Legal Requirements
We may disclose information if required by law or to:
- Comply with legal processes (subpoenas, court orders)
- Protect our rights and property
- Prevent fraud or security threats
- Protect user safety
5.3 Business Transfers
If PolicyGen is acquired or merged, your information may be transferred to the new entity.
6. Data Retention
We retain your information for as long as necessary to provide services:
- Active accounts: Data retained while account is active
- Deleted accounts: Most data deleted within 30 days
- Legal requirements: Some data retained for tax/legal compliance (typically 7 years)
- Backups: May persist in backups for up to 90 days
7. Your Rights
7.1 GDPR / UK GDPR Rights (EU, UK, EEA Users)
If you are located in the European Union, United Kingdom, or European Economic Area, you have the following data subject rights under GDPR and UK GDPR:
- Right to access: Request a copy of your personal data we hold
- Right to rectification: Correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): Request deletion of your personal data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to restriction of processing: Limit how we process your data
- Right to object to processing: Object to processing based on legitimate interest
- Right to withdraw consent: Withdraw consent for marketing at any time
- Right to lodge a complaint: File a complaint with your local supervisory authority (EU: your national DPA; UK: Information Commissioner's Office at ico.org.uk)
To exercise any of these rights, email [email protected]. We will respond within 30 days (extendable to 3 months for complex requests under GDPR).
7.2 CCPA / CPRA Rights (California Residents)
California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know: What personal information we collect, use, disclose, and share
- Right to delete: Request deletion of your personal information (subject to legal exceptions)
- Right to opt-out of sale: We do not sell personal information — no opt-out needed
- Right to opt-out of sharing for cross-context behavioral advertising: We do not share personal information for this purpose
- Right to non-discrimination: Equal service and price regardless of your privacy choices
- Right to correct: Request correction of inaccurate personal information
- Right to limit use of sensitive personal information: We do not use sensitive personal information beyond what is necessary
To submit a CCPA request, email [email protected] with "CCPA Request" in the subject line. We will respond within 45 days.
7.3 LGPD Rights (Brazil)
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to access, correct, delete, and port your personal data. Contact us at [email protected] to exercise these rights.
7.4 PIPEDA Rights (Canada)
If you are located in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including access to your personal information and the right to challenge its accuracy. Contact us at [email protected].
7.5 How to Exercise Your Rights
For any privacy rights request — regardless of your location — email [email protected] and include:
- Your name and email address associated with your account
- The right you wish to exercise
- Any relevant details about your request
We respond within 30 days. We may need to verify your identity before fulfilling the request.
8. Automated Decisions and AI-Generated Scores
PolicyGen uses automated scanning and scoring algorithms to produce website Trust Signal Scores and issue reports. These are informational assessments only based on visible public website signals — they are not legal certificates and do not constitute a formal compliance determination.
How scores are generated: Our system checks publicly visible page signals (policy links, cookie notices, HTTPS, tracking scripts, policy content) and applies weighted scoring rules. The result is an automated estimate of visible trust signals, not a human review.
Disputing a result: If you believe a scan result is inaccurate or incomplete, you can:
- Request a review: Email [email protected] with "Score Review Request" in the subject. Include the URL scanned and the specific issue you believe is incorrect.
- Contact support: Use the in-app contact option or email [email protected] — a human team member will review your request.
- Appeal a finding: Describe the finding and why you believe it is incorrect. We will re-evaluate and update the scan if warranted.
Under GDPR Art. 22, you have the right not to be subject to solely automated decisions that produce legal or similarly significant effects. Our scores are informational tools for businesses and do not produce legal effects — but we are happy to provide human review upon request.
9. Data Security
We implement industry-standard security measures:
- Encryption: SSL/TLS for data in transit
- Secure Storage: Encrypted databases
- Access Controls: Limited employee access
- Regular Audits: Security assessments and updates
- Payment Security: Stripe-hosted payment processing aligned with PCI-DSS controls
No system is 100% secure. While we strive to protect your data, no security program can promise absolute security.
10. Cookies and Tracking
8.1 Types of Cookies We Use
- Essential Cookies: Required for service functionality (login, security)
- Analytics Cookies: Help us understand usage (Google Analytics)
- Preference Cookies: Remember your settings
- Marketing Cookies: Track ad effectiveness (with consent)
8.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.
11. Children's Privacy
PolicyGen is not intended for users under 18. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us immediately.
12. International Data Transfers
PolicyGen is based in the United States. Your data may be transferred to and stored in the US. For transfers from the EU, UK, or EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK ICO as the lawful transfer mechanism. If you have questions about international transfers, contact us at [email protected].
13. Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for their privacy practices. Review their privacy policies before providing information.
14. Changes to This Policy
We may update this Privacy Policy periodically. We'll notify you of significant changes via:
- Email notification
- Notice on our website
- In-app notification
Continued use after changes constitutes acceptance.
15. Data Protection Officer
For privacy-related inquiries, contact our Data Protection Officer at [email protected]. We respond to all privacy inquiries within 30 days.
16. Complaints and Supervisory Authorities
If you believe we've mishandled your data, please contact us first at [email protected]. If you remain unsatisfied, you have the right to lodge a complaint with your local data protection authority:
- EU: Your national data protection supervisory authority
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- US (California): California Attorney General — oag.ca.gov
- Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
- Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca
Contact Us
If you have questions about this Privacy Policy or our data practices:
Email: [email protected]
Website: https://policygen.org
Summary: We collect necessary information to provide our service, protect your data with industry-standard security, don't sell your information, and respect your privacy rights. You control your data and can request access, correction, or deletion at any time.
PolicyGen notice: PolicyGen provides automated website checks and informational recommendations. It does not provide legal advice, certify compliance, or guarantee that your website satisfies any law or regulation. You should review important legal matters with qualified counsel.