PageVital

Privacy Policy

Last updated: April 12, 2026

1. What We Collect

When you use PageVital, we may collect the following information depending on how you interact with the service:

Account information

  • Email and password— collected when you create an account. Passwords are hashed and stored by our authentication provider (Supabase); we never have access to your plaintext password.
  • Google profile data— if you sign up via Google OAuth, we receive your email address and display name from Google. We do not request access to your contacts, calendar, or other Google services.

Scan data

  • URLs you scan— we store the URLs you submit and the resulting scan reports (grades, check results, recommendations).
  • Website content— during a scan, we retrieve the publicly accessible HTML content and HTTP headers of the target URL. We do not access authenticated areas, admin panels, or any content behind a login.

Payment information

  • Billing data— when you subscribe to a paid plan, payment details (credit card number, billing address) are collected and processed directly by Stripe. We store only your Stripe customer ID and subscription status — never your full card number.

Lead information

  • Email capture— if you provide your email via the scan results email prompt (without creating an account), we store your email address alongside the associated scan data to send you the report.

Google Ads data (PPC Audit feature)

  • Google Ads account data— if you connect a Google Ads account via the PPC Audit feature, we access campaign performance data (impressions, clicks, cost, conversions) through the Google Ads API. OAuth tokens are encrypted at rest. We do not modify your Google Ads campaigns.

Usage and analytics data

  • Analytics— we collect page views, feature usage, and performance data through Vercel Analytics, Vercel Speed Insights, and (with your consent) Google Analytics. See Section 6 (Cookies) for details.
  • Error data— we use Sentry to capture application errors and crashes. Error reports may include your IP address, browser type, and the page you were visiting.

2. How We Use Your Data

We use the data we collect to:

  • Operate and deliver the PageVital scanning service
  • Generate and store scan reports
  • Manage your account, process payments, and enforce usage limits
  • Send transactional emails (welcome, scan alerts, weekly digests)
  • Improve the service through analytics and error monitoring
  • Prevent abuse, enforce rate limits, and maintain service security

We do not use your data for advertising or sell it to third parties.

3. Third-Party Services

We share data with the following service providers, only to the extent necessary for them to provide their services:

  • Supabase(database, authentication) — stores account data, scan results, and session tokens. Privacy policy
  • Stripe(payment processing) — processes subscription payments and stores billing information. Privacy policy
  • Amazon Web Services (SES)(email delivery) — sends transactional emails (welcome, alerts, digests). Privacy policy
  • Vercel(hosting, analytics, speed insights) — hosts the application and collects first-party analytics. Privacy policy
  • Google(PageSpeed Insights API, Analytics, Ads API, OAuth) — provides performance data for scans, website analytics (with consent), and Google Ads account access for PPC Audit. Privacy policy
  • Sentry(error monitoring) — captures application errors to help us fix bugs. Privacy policy
  • Anthropic(AI-generated narratives) — used to generate PPC and portfolio digest summaries. Scan data sent to Anthropic is not used to train their models. Privacy policy

4. Data Retention

  • Account data— retained for as long as your account is active. Upon account deletion, we remove your profile and associated data within 30 days.
  • Scan results— retained for the lifetime of your account. Anonymous (no-account) scan results are retained for 90 days.
  • Lead emails— retained for 12 months or until you create an account, whichever comes first.
  • Payment records— retained as required by applicable tax and financial regulations (typically 7 years).
  • Error logs— retained for 90 days in Sentry, then automatically purged.

5. Healthcare Website Scanning

When scanning healthcare websites, PageVital retrieves only publicly accessible HTML content. We do not access patient portals, electronic health records, protected health information (PHI), or any systems requiring authentication.

Scan data from healthcare websites is processed and stored under the same policies as all other scan data. Healthcare scanning features detect website-level indicators (form providers, cookie consent, email authentication) and do not constitute a HIPAA compliance assessment. See our Terms of Service for the full healthcare disclaimer.

6. Cookies and Tracking

We use the following cookies and tracking technologies:

  • Essential cookies— session and authentication cookies set by Supabase. Required for the service to function. Cannot be disabled.
  • First-party analytics— Vercel Analytics and Vercel Speed Insights collect aggregated, anonymized performance data. These use first-party data collection without setting third-party cookies.
  • Third-party analytics (consent required)— Google Analytics is loaded only after you accept cookies via our consent banner. You may decline at any time.
  • Preference cookies— we store your cookie consent preference and theme choice in local storage.

We do not use advertising cookies or retargeting pixels.

7. International Data Transfers

PageVital is operated from the United States. If you access the service from outside the US, your data may be transferred to and processed in the US. Our third-party service providers (Supabase, Stripe, AWS, Vercel, Google, Sentry, Anthropic) maintain appropriate data protection mechanisms including Standard Contractual Clauses (SCCs) where required for transfers from the European Economic Area, United Kingdom, or Switzerland.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access— request a copy of the personal data we hold about you.
  • Rectification— request correction of inaccurate personal data.
  • Erasure— request deletion of your personal data and account.
  • Data portability— request an export of your data in a machine-readable format.
  • Restrict processing— request that we limit how we use your data.
  • Object— object to processing based on legitimate interests.
  • Withdraw consent— withdraw your consent for analytics cookies at any time via the cookie consent banner or by clearing your browser's local storage.

To exercise any of these rights, contact us at hello@pagevital.com. We will respond within 30 days.

California residents (CCPA): We do not sell your personal information. You have the right to know what data we collect, request deletion, and opt out of any future sale (though we do not sell data).

9. Children's Privacy

PageVital is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Continued use of PageVital after changes constitutes acceptance of the revised policy.

11. Contact

If you have questions about this privacy policy or how we handle your data, contact us at hello@pagevital.com.