Legal

Privacy Policy

Effective date: April 3, 2026 · Last updated: April 3, 2026

Plain English summary: FoundInAI collects only what's needed to run the service — your email, your website URL, and usage data. We do not sell your data. We use trusted third-party services (Supabase, Stripe, Anthropic, Google) to operate the platform. You can delete your account and data at any time.

1. Who We Are

FoundInAI ("we," "us," or "our") is operated by IDMB&LHMH Holdings Inc. We provide an AI visibility platform that helps website owners optimize their presence in AI-powered search engines such as ChatGPT, Perplexity, Claude, and Gemini.

Our platform is accessible at foundinai.co and app.foundinai.co.

For privacy-related questions, contact us at: [email protected]

2. Information We Collect

2.1 Information you provide directly

Account information: Email address, name (if provided via Google OAuth)
Website URL: The site URL(s) you submit for AI visibility scanning and monitoring
Keywords: Brand keywords you add for AI Answer Monitoring
Payment information: Processed entirely by Stripe. We never see or store your credit card details.

2.2 Information collected automatically

Usage data: Pages visited within the app, features used, scan history
Log data: IP address, browser type, device information, timestamps
Cookies: Authentication session cookies (required for login), no third-party advertising cookies

2.3 Information from third-party integrations (optional)

Google Analytics 4 (GA4): Only if you connect your GA4 account. We access aggregated AI traffic data through the Google Analytics Data API with your explicit authorization.
Google OAuth: Email address and basic profile from your Google account, only if you choose to sign in with Google.

3. How We Use Your Information

Purpose	Data used	Legal basis
Provide and operate the service	Email, site URL, keywords	Contract performance
AI visibility scanning and llms.txt generation	Site URL, crawled content	Contract performance
AI Answer Monitoring	Keywords, site URL	Contract performance
GA4 AI traffic reporting	GA4 authorization token	Consent (explicit opt-in)
Payment processing	Email (passed to Stripe)	Contract performance
Transactional emails	Email address	Contract performance
Product improvement	Aggregated, anonymized usage data	Legitimate interest
Security and fraud prevention	Log data, IP address	Legitimate interest

We do not use your data for advertising, sell it to third parties, or use it to train AI models.

4. Third-Party Services

We use the following trusted third-party providers to operate FoundInAI. Each has their own privacy policy governing how they handle data.

Provider	Purpose	Data shared
Supabase	Database and authentication	Email, site URL, keywords, scan results
Stripe	Payment processing	Email, payment method (card data stays with Stripe)
Anthropic Claude API	AI scoring and llms.txt generation	Site URL, crawled page content (no personal data)
Resend	Transactional email delivery	Email address, email content
Google APIs	OAuth login, GA4 data access	Google account email (OAuth), GA4 analytics data (if connected)

5. Data Storage and Security

Your data is stored on Supabase's servers. Supabase is SOC 2 Type II certified and stores data on AWS infrastructure.

We implement the following security measures:

All data transmitted over HTTPS/TLS encryption
Row-level security (RLS) in our database — each user can only access their own data
Stripe handles all payment card data — we never see or store raw card numbers
API keys and secrets stored as environment variables, never in code

No system is 100% secure. If you discover a security vulnerability, please contact [email protected].

6. Data Retention

Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
Scan reports and llms.txt files: Retained for the duration of your subscription or one-time purchase validity period.
Keywords and monitoring data: Retained while your account is active.
Payment records: Retained by Stripe per their legal obligations (typically 7 years for tax purposes).
Log data: Retained for up to 90 days for security purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and associated data
Portability: Request your data in a machine-readable format
Withdrawal of consent: Disconnect GA4 at any time via Settings

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Cookies

We use only essential cookies necessary to operate the service:

Authentication cookies: To keep you logged in during your session (managed by Supabase Auth)

We do not use advertising cookies, third-party tracking cookies, or analytics cookies that identify individual users.

9. Children's Privacy

FoundInAI is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify you by email if the changes are material. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related questions or requests:

Email: [email protected]
Website: foundinai.co