Privacy Policy

1. Who this policy applies to

This Policy covers three groups:

• Visitors to unhid.ai who browse the site or use the free audit without creating an Account.
• Customers who create an Account and use the paid prerendering service.
• End Users, meaning visitors to Customer Sites. Human visitor traffic is not intentionally proxied through the prerendering layer, and Unhid is not designed to collect or process End User browsing data.

If you are an End User of a Customer Site, the Customer is the controller of your personal data, not Unhid. Contact the Customer directly with privacy questions about their site.

2. What we collect

2.1 Information you give us

Audit submissions. When you use the free audit, we collect the URL you submit and, if you choose, your email address to receive the report.

Account registration. When you create an Account, we collect your name, email address, password (stored as a cryptographic hash, never in plaintext), company name (optional), and country.

Payment information. When you pay for a Plan, our payment processor [Stripe] collects your card or payment method details. Unhid never sees or stores full card numbers. We receive only the last four digits, card brand, expiration date, billing country, and a payment token.

Communications. When you email us, fill in a form, or chat with us, we keep records of what you send and our reply.

Domain configuration. When you add a domain to your Account, we collect the domain name and DNS configuration details you provide.

2.2 Information we collect automatically

Website analytics. When you visit unhid.ai, we collect standard log information including browser type, device type, operating system, referring URL, pages visited, and time spent. We use Google Analytics for this.

Cookies and similar technologies. We use a small number of cookies. See Section 9.

Dashboard usage. When you use the Unhid dashboard, we log feature usage, button clicks, and errors to help us improve the product.

Service operation logs. When crawlers request pages through Unhid, we log technical data including the requested URL, crawler identification, response time, cache status, and timestamps. Unhid is not designed to retain or profile End User IP addresses, cookies, or browsing behavior as part of the prerendering service.

2.3 Information from third parties

If you sign in with Google, GitHub, or another single sign-on provider, we receive your name, email address, and profile photo from that provider. We do not receive your password or other credentials.

2.4 What we do not do

• We are not designed to retain or profile End User IP addresses, cookies, or browsing behavior as part of the prerendering service.
• We do not buy or rent personal data from data brokers.
• We do not use Customer Content to train AI models, our own or anyone else's.
• We do not sell personal information.

3. What you should not submit

The Service is intended for routing public website content to AI crawlers and search engine bots.

Do not submit to the Audit, or route through the prerendering layer, any content that contains:

1. confidential or non-public business information you do not want shared with third-party AI providers;
2. personal information of identifiable individuals beyond what is already publicly published on your site;
3. special-category personal data under GDPR Article 9, including health data, biometric data, genetic data, racial or ethnic origin, religious beliefs, political opinions, trade union membership, sexual orientation, or sex life;
4. government identifiers, financial account numbers, payment card data, or similar sensitive identifiers;
5. data subject to specific regulatory regimes including HIPAA-protected health information, PCI-DSS payment data, FERPA student records, or similar regulated data;
6. private staging or development URLs containing data you would not publish on a live site.

The Service is not designed, intended, or warranted for the processing of sensitive personal data, regulated data, or special-category data. You are responsible for the content you submit and route through Unhid. If you submit prohibited content, Unhid may suspend your Account and disclaim any responsibility for downstream consequences.

4. How we use this information

We use personal information to:

1. provide, operate, and maintain the Service;
2. process your audit submissions and deliver reports;
3. create and manage your Account;
4. charge you for your Plan and handle billing;
5. respond to your messages and provide support;
6. send service-related emails (billing, renewals, security, legal notices, outage alerts);
7. send marketing emails about new features, content, and offers, where you have not opted out;
8. monitor and improve the Service, including measuring feature usage and performance;
9. detect, prevent, and respond to fraud, abuse, security incidents, and violations of the Terms;
10. comply with legal obligations and respond to lawful requests;
11. defend our legal rights and the rights of others.

We rely on the following legal bases under GDPR and equivalent laws:

• Contract: to provide the Service you signed up for.
• Consent: for marketing emails, optional audit features, and cookies that are not strictly necessary. You can withdraw consent at any time.
• Legitimate interests: for service improvement, security, and fraud prevention, balanced against your rights.
• Legal obligation: when we need to comply with laws, regulations, or court orders.

5. How we share information

We do not sell personal information. We share it only in the situations below.

5.1 Service providers (sub-processors)

We use third-party providers to operate the Service. Each is bound by a data processing agreement requiring them to handle data only as instructed by us. A current, public list is maintained at unhid.ai/subprocessors and includes our hosting provider, payment processor, email provider, analytics provider, and the AI providers used in the audit.

5.2 AI providers (audit only)

When you run the audit, we may send the URL, page metadata, or page content to OpenAI Inc., Anthropic PBC, or Perplexity AI Inc. for the mention check. Where commercially available, we use provider-configured limited or zero-retention modes, which restrict how long providers may store the content and whether it can be used to train their models. These providers may still retain limited operational telemetry for abuse prevention and security purposes under their own terms.

5.3 Legal and safety

We may disclose personal information if required by law, valid legal process, or in good faith belief that disclosure is necessary to:

1. comply with legal obligations;
2. protect Unhid's rights, property, or safety, or those of our users or the public;
3. detect, prevent, or respond to fraud, security, or technical issues;
4. enforce the Terms.

5.4 Business transfers

If Unhid is involved in a merger, acquisition, financing, restructuring, or sale of assets, personal information may be transferred to the successor entity. We will notify you of any change in ownership or control of your personal data.

5.5 With your direction

We share information with third parties when you explicitly direct us to, such as connecting a third-party integration.

6. International data transfers

Unhid is based in Canada, Ontario. Your information may be processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country.

When we transfer personal data from the EU, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards. Sub-processors in the United States are also covered under the EU-US Data Privacy Framework where applicable.

If you want a copy of the safeguards in place, email us.

7. How long we keep information

We keep personal information only as long as needed for the purposes described in this Policy, or longer if required by law.

Audit data: if you provide an email, we keep audit results for 12 months. If you don't provide an email, we keep aggregated, anonymized records for research but discard the URL-email link.

Account data: for as long as your Account is active.

After cancellation: your dashboard remains accessible for 30 days for data export. After 30 days, Account data is deleted within 90 days, except for billing and tax records, which we retain for seven years to comply with tax and accounting laws.

Logs: operational logs are kept for 90 days for security and debugging. After 90 days they are deleted or aggregated.

Communications: support and email communications are kept for three years.

Marketing data: if you unsubscribe, we keep your email on a suppression list to ensure we don't email you again. We do not use the suppression list for any other purpose.

8. Your rights

Depending on where you live, you may have the following rights:

1. Access: ask for a copy of the personal information we hold about you.
2. Correction: ask us to correct inaccurate or incomplete information.
3. Deletion: ask us to delete your personal information, subject to legal exceptions.
4. Portability: ask for your data in a structured, machine-readable format.
5. Restriction: ask us to limit how we use your information.
6. Objection: object to processing based on legitimate interests, including direct marketing.
7. Withdraw consent: where we rely on consent, withdraw it at any time without affecting prior processing.
8. Complain to a regulator: EU and UK residents can lodge a complaint with their local data protection authority.

To exercise any of these rights, email us. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

8.1 EU and UK residents (GDPR)

You have all rights listed above. You can also contact us for any questions about how we process your personal data.

8.2 California residents (CCPA/CPRA)

You have the right to know what personal information we collect, the right to delete, the right to correct, the right to limit use of sensitive personal information, and the right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law.

8.3 Other US states

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Delaware, New Hampshire, New Jersey, Montana, and other US states with comprehensive privacy laws have rights that are substantially similar to the rights described above, including access, deletion, correction, and opt-out of targeted advertising and sale. We do not engage in targeted advertising or sale of personal information.

To exercise any state privacy right, email us.

9. Cookies and tracking

We use cookies and similar technologies on unhid.ai and the dashboard.

Strictly necessary cookies. Required for the Service to work. These keep you signed in, remember your preferences, and protect against fraud. They cannot be turned off.

Analytics cookies. Help us measure how the website and dashboard are used. We use Google Analytics, which is configured to be privacy-friendly and does not track you across sites.

Functional cookies. Remember choices you make, like your preferred language or interface settings.

We do not use advertising cookies. We do not allow third parties to place advertising cookies on our site.

You can control cookies through your browser settings. Blocking strictly necessary cookies will break parts of the Service.

10. Security

We take reasonable administrative, technical, and physical measures to protect personal information, including:

1. encryption in transit (TLS 1.2 or higher);
2. encryption at rest for sensitive data;
3. access controls and least-privilege permissions for our team;
4. logging and monitoring;
5. regular security reviews;
6. a documented incident response process.

No system is perfectly secure. If we become aware of a security incident affecting your personal data, we will notify you and any required authority without undue delay, and in any event within 72 hours where required by applicable law.

You play a role in security too. Use a strong, unique password. Don't share your credentials. Tell us right away if you suspect unauthorized access to your Account.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, email us and we will delete it.

12. Third-party links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. Review their privacy policies before sharing information with them.

13. Changes to this Policy

We may update this Policy from time to time. We will post the updated Policy at unhid.ai/privacy with a new "Last updated" date. For material changes, we will give at least 30 days' advance notice by email or through the dashboard.

Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

14. Contact us

For any questions about this Privacy Policy, to exercise your rights, or to request a copy of our data transfer safeguards, email us.

1048035 B.C. LTD.
Office #645 145 ½ Church Street, Unit 5, Toronto, Ontario, M5B 1Y4, Canada