Overview
We store only what we need to render your dashboard: account identity, the URLs you track, and the response excerpts we parsed. Full model responses are kept for a short evidence window and then rolled off.
Auth basics
Email + password with bcrypt hashing. Sessions use HTTP-only, secure, same-site cookies. Password reset links are single-use and expire after thirty minutes.
Stored data scope
We store the minimum required to run the product and surface evidence.
- Account
- Email, hashed password, plan, billing metadata.
- Projects
- Normalized domain and a few display attributes.
- Runs
- Run state, score, and per-prompt evidence rows.
- Evidence
- Response excerpts (not full transcripts) for 90 days.
Data retention
Run records and scores are retained for the lifetime of the account. Raw response excerpts roll off after 90 days — the parsed evidence rows remain. Account deletion requests are processed manually within five business days.
From Settings → Data Controls, click Request deletion. We'll confirm by email before purging.