Privacy Policy

Findably is operated by a Kansas limited liability company (“Findably,” “we,” “us”). We provide an AI Visibility Audit tool that helps businesses understand how they appear to AI agents like ChatGPT, Gemini, and Perplexity. Questions about this policy can be sent to privacy@getfindably.com.

We collect only the data needed to deliver the audit:

• Business search inputs. The business name, address, and category you select when starting an audit. This data is fetched from public sources (Google Places API) and is not personal information about you.
• Email address. When you request your full report, we collect your email so we can deliver the report and follow-up communications. You can unsubscribe at any time.
• IP address. Your IP address is logged briefly for rate-limiting and abuse prevention. For server-side funnel analytics, we never store the raw IP; instead, we compute a salted, daily-rotating hash of it and use that as an opaque identifier. The hash cannot be reversed to recover your IP and changes every day, so it cannot be used to track you across days.
• Cookies and local storage. Only if you accept analytics cookies, we set first-party cookies to attribute usage and improve the product. See “Cookies” below.
• Payment information. If you start a paid subscription, payment details are handled directly by Stripe. We never see or store your card number.

• To run the audit you requested and deliver the report.
• To send you the report PDF and follow-up emails about your score (you can opt out at any time).
• To prevent abuse, throttle excessive use of paid APIs, and keep the service reliable.
• To understand aggregate usage patterns and improve the product (only with your consent for analytics cookies).
• To process payments if you subscribe.

We do not sell your data, share it for cross-context advertising, or use it to train machine learning models.

We rely on the following providers to operate Findably. Each is a data processor that handles your data on our behalf, under their own privacy commitments:

• Vercel — hosting and edge delivery
• Supabase — primary database (Postgres)
• Upstash — Redis for rate-limiting and caching
• Cloudflare — Turnstile bot protection on forms
• Google — Places API for business data
• Anthropic and OpenAI — AI mention checks against their public chat models (your business search query is sent; your email is not)
• Resend — transactional email delivery
• Stripe — subscription billing and payments
• PostHog — product analytics. Browser cookies are set only with your consent. Server-side, we also send a small number of funnel events (audit started, audit completed, email captured, PDF downloaded, checkout started) keyed by a salted, daily-rotating hash of your IP address — never the raw IP. These server events are sent regardless of cookie consent, on the basis of legitimate interest in measuring product usage and detecting abuse.

We use two categories of storage in your browser:

• Consent record. When you make a choice (Accept or Reject), a small first-party cookie records your decision so we can honor it on future visits. This cookie is only set after you interact with the consent banner; nothing is stored in your browser if you ignore or close the banner.
• Analytics (optional). If you accept, PostHog sets first-party cookies and uses local storage to measure pageviews and product usage. If you reject, no analytics cookies are set and PostHog does not collect events from your browser. If you previously accepted and later withdraw consent, we stop new collection immediately, but events captured during the period you consented remain in our analytics provider.

You can change your cookie choice at any time using the Manage cookies link in the site footer.

Audit records and the email address tied to a report are retained while we operate the service. You can request deletion at any time by emailing privacy@getfindably.com. We will delete your record within 30 days, except where we must retain it for legal, tax, or fraud-prevention reasons (for example, transaction records required by payment regulations).

You can ask us to:

• Access the data we hold about you.
• Correct inaccurate data.
• Delete your data.
• Export your data in a portable format.
• Stop processing your data for a specific purpose.

Send any of these requests to privacy@getfindably.com. If you are in the EEA, UK, or California, you also have additional rights under GDPR, UK GDPR, and the CCPA/CPRA respectively, including the right to lodge a complaint with your supervisory authority.

Findably is a business tool. It is not directed at children under 16, and we do not knowingly collect personal information from children.

Our infrastructure is hosted in the United States. If you use Findably from outside the US, your data will be transferred to and processed in the US under standard contractual clauses offered by our processors.

We may update this policy as the product evolves. Material changes will be announced on the site or by email to active subscribers. The “Effective” date at the top reflects the current version.