Privacy Policy

1. Data We Collect

Account data: email address, name, and agency information you provide during registration.

Workspace data: brand names, domains, keywords, competitors, and subreddit targets you configure.

Scan results: AI engine responses, visibility scores, audit results, opportunity data, and draft content generated by the service.

Usage data: page views, feature usage, scan activity, and IP addresses for service improvement and abuse prevention.

Payment data: billing information is collected and processed by Stripe. We store your Stripe customer ID and subscription status but never your payment card details.

2. How We Use Your Data

We use your data to provide and improve the Appearly service, including:

• Running AI visibility scans across search engines
• Detecting Reddit opportunities relevant to your brand
• Generating audit reports and action plans
• Computing visibility scores and trend analysis
• Monitoring reviews from Google and Trustpilot
• Tracking YouTube channel engagement signals
• Sending service notifications (scan results, alerts)

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract: processing necessary to provide the service you subscribed to (account management, scans, reports, billing).
• Legitimate interest: service improvement, abuse prevention, security monitoring, and aggregate analytics.
• Consent: cookie-based analytics (Google Analytics) and marketing communications, where applicable.
• Legal obligation: compliance with tax, fraud prevention, or law enforcement requirements.

You may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.

4. Third-Party Services

To provide the service, we send queries to the following third-party APIs:

• OpenAI (ChatGPT queries, analysis, draft generation)
• Google (Gemini queries, Google AIO via SerpApi, Places API, YouTube Data API)
• Anthropic (Claude queries)
• xAI (Grok queries)
• Perplexity (search engine queries)
• Reddit (public post search via Reddit API)
• Trustpilot (public review data)
• Stripe (payment processing)
• CookieYes (cookie consent management)
• Google Analytics (GA4, anonymized usage analytics)

Each provider's use of data is governed by their own privacy policy. We send the minimum data necessary (keywords, brand name) to perform queries.

5. Data Retention

Scan results, visibility scores, opportunities, and audit data are retained according to your plan:

• Starter: 3 months
• Growth: 6 months
• Agency: 12 months

Data older than your plan's retention period is automatically deleted on the 1st of each month.

Account data is retained until you delete your account or request removal. After account deletion, we may retain anonymized, aggregated data for analytics purposes.

6. Data Sharing

We do not sell, rent, or share your data with third parties for marketing purposes.

We may share data with:

• Service providers: infrastructure hosting (Railway), payment processing (Stripe), and analytics (Google Analytics) as necessary to operate the platform.
• AI providers: as listed in section 4, to perform the core service functions.
• Legal requirements: when required by law, regulation, or valid legal process.
• Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to you.

7. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our third-party providers operate. These countries may have data protection laws that differ from your jurisdiction.

Where required (particularly for EU/EEA/UK users), we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure adequate protection of your data during international transfers.

8. Security

We use industry-standard security measures including encrypted connections (HTTPS), secure password hashing, and access controls.

Payment information is handled entirely by Stripe and never stored on our servers.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Cookies

Appearly uses cookies to maintain your login session and remember your preferences. We also use Google Analytics (GA4) to understand how visitors use our public pages.

Cookie categories:

• Essential: session management, authentication, CSRF protection. Required for the service to function.
• Analytics: Google Analytics (GA4) for anonymized usage patterns. Requires consent.

You can manage your cookie preferences through the CookieYes consent banner displayed on your first visit. You can also configure your browser to refuse cookies, though some features may not work properly without them.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Deletion: request that we delete your personal data when we have no legal reason to keep it.
• Restriction: request that we restrict processing of your data in certain circumstances.
• Portability: request a machine-readable copy of your data for transfer to another service.
• Objection: object to processing of your data, including opting out of marketing communications.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected] with your full name and a description of your request. We will respond within one calendar month.

If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have the right under the CCPA to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information.

11. Automated Decision-Making

Appearly uses automated processing to compute visibility scores, generate audit recommendations, and suggest action plans. These outputs are informational tools to assist your decision-making, not definitive assessments.

No automated decisions with legal or similarly significant effects are made about you based solely on automated processing.

12. Children's Data

Appearly is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at [email protected] and we will delete it promptly.

13. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify active subscribers by email at least 30 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact

For privacy questions, contact us at [email protected].

DENKHAUS LABS LLC, a Delaware limited liability company.