Privacy Policy

1. Introduction

Sporal s. r. o. ("we", "us", or "our") operates deadend.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring transparency about our data practices. As an EU-based company, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

• Authentication Data: Email address, name, and profile picture (when using Google, Apple, or GitHub authentication)
• Account Information: Username, password hash (if applicable), account preferences
• Billing Information: Payment details are processed by our payment provider (LemonSqueezy) and we only store transaction IDs and subscription status

2.2 Website Content

To provide our Service, we process and store:

• Sitemap URLs: URLs you submit for indexing
• Page Content: Text content extracted from your website pages through automated crawling
• Vector Embeddings: Mathematical representations of your content used for semantic search and suggestion generation
• Metadata: Page titles, descriptions, last modified dates, and other structural information

Important: We only crawl and process content from websites you explicitly authorize. You should only submit URLs for content you own or have permission to process.

2.3 Usage Data

We automatically collect information about how you use the Service:

• API Usage: API requests, endpoints accessed, response times, error rates
• Dashboard Activity: Features used, pages viewed, actions taken
• 404 Analytics: Paths that triggered 404 errors, suggested alternatives provided, user interactions with suggestions
• Technical Data: IP address, browser type, device information, operating system

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Provide, maintain, and improve the Service
• Process and index your website content
• Generate intelligent page suggestions for 404 errors
• Process payments and manage subscriptions
• Provide customer support
• Send transactional emails (account notifications, invoices, service updates)

3.2 Service Improvement

We analyze aggregated and anonymized data from your website content to:

• Improve our suggestion algorithms and machine learning models
• Enhance content understanding and semantic matching
• Identify patterns in 404 errors and user behavior
• Develop new features and capabilities

Note: When using your content for service improvement, we anonymize and aggregate the data so it cannot be traced back to your specific website or account.

3.3 Analytics and Performance Monitoring

We use your data for:

• Monitoring system performance and reliability
• Analyzing usage patterns and trends
• Detecting and preventing fraud or abuse
• Ensuring compliance with usage quotas and rate limits

4. Third-Party Services and Data Sharing

4.1 Google Analytics (Consent-Based)

We use Google Analytics to understand how visitors interact with our website and Service. Google Analytics uses cookies to collect information such as:

• Pages visited and time spent on pages
• Traffic sources and referrers
• Geographic location (country/city level)
• Device and browser information

Your Control: Google Analytics is only activated after you provide explicit consent through our cookie banner. You can withdraw consent at any time through your browser settings or our cookie preferences.

For more information on how Google processes data, visit: Google Privacy Policy

4.2 Tinybird (Usage Analytics and Performance Tracking)

We use Tinybird.co for real-time analytics and performance monitoring. Tinybird processes:

• API request metrics (endpoints, response times, status codes)
• System performance data
• Usage patterns and quotas
• Error rates and debugging information

This data is used solely for operational purposes to ensure the Service runs efficiently and to identify and resolve technical issues. Tinybird acts as our data processor and is bound by our data processing agreement.

For more information: Tinybird Privacy Policy

4.3 Self-Hosted Content Management System

Our core Service, including the database and content processing systems, is self-hosted and operated by us. This means:

• Your website content and user data remain under our direct control
• We do not share your content with third-party AI providers
• Data is stored on secure servers within the European Union
• We maintain full control over access and security measures

Our infrastructure is hosted on reliable cloud providers (Google Cloud Platform) with data centers in the EU, ensuring GDPR compliance and data sovereignty.

4.4 Payment Processing

Payments are processed by LemonSqueezy, our payment service provider. We do not store your full credit card details. LemonSqueezy collects and processes payment information according to their privacy policy.

For more information: LemonSqueezy Privacy Policy

4.5 Authentication Providers

When you sign in using Google, Apple, or GitHub, we receive limited profile information (name, email, profile picture) from these providers. This data is subject to their respective privacy policies:

• Google Privacy Policy
• Apple Privacy Policy
• GitHub Privacy Statement

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for up to 90 days after account deletion
• Website Content: Retained while your project is active and for up to 30 days after project deletion
• Usage Analytics: Retained for up to 24 months for operational and improvement purposes
• Billing Records: Retained for 7 years to comply with accounting and tax regulations

You can request earlier deletion of your data by contacting us, subject to legal retention requirements.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls and authentication requirements for our systems
• Regular Audits: Regular security assessments and penetration testing
• Monitoring: 24/7 system monitoring and intrusion detection
• Backups: Regular encrypted backups stored in geographically distributed locations

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request restriction of processing in certain circumstances
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at privacy@deadend.ai. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

8.1 Essential Cookies

These cookies are necessary for the Service to function and cannot be disabled:

• Session management and authentication
• Security and fraud prevention
• Load balancing and performance optimization

8.2 Analytics Cookies (Optional)

With your consent, we use analytics cookies to understand how you use the Service:

• Google Analytics cookies (e.g., _ga, _gid)
• Usage pattern analysis
• Feature effectiveness measurement

8.3 Managing Cookies

You can manage your cookie preferences through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect the functionality of the Service.

9. International Data Transfers

Our primary infrastructure is located within the European Union. However, some of our service providers (e.g., Google Analytics, Tinybird) may process data outside the EU.

When data is transferred outside the EU, we ensure adequate safeguards are in place through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for certain countries
• Other legally recognized transfer mechanisms

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

We will notify you of any material changes by:

• Sending an email to your registered email address
• Posting a notice on our website
• Updating the "Last Updated" date at the top of this policy

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

EU Data Protection Authority: If you are located in the European Economic Area and have concerns about our data practices, you have the right to lodge a complaint with your local data protection supervisory authority.