Privacy Policy

Welcome to Confix ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our AI-powered landing page analysis service.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at confix.dev (the "Service"). Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (stored in encrypted/hashed form)
• Name (optional)
• Google account information (if you choose to sign in with Google): email, name, and profile picture

2.2 Usage Data

When you use our Service, we collect:

• Screenshots you upload for analysis (temporarily processed, stored based on your plan)
• Analysis results and history
• Credit usage and subscription information
• Optional context notes you provide with your uploads

2.3 Automatically Collected Information

We automatically collect certain information when you visit our Service:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and time spent on pages
• Referring website
• Cookies and similar tracking technologies

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process your landing page screenshots through our AI analysis engine
• Process payments and manage subscriptions
• Send transactional emails (account verification, password reset, etc.)
• Respond to customer support requests
• Monitor and analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

We share your data with the following third-party service providers who help us operate our Service:

4.1 Cloud Infrastructure & Database

Supabase - We use Supabase for database hosting and file storage. Your account data and uploaded screenshots are stored on Supabase's secure infrastructure.

• Privacy Policy: supabase.com/privacy

4.2 AI Processing

Google Cloud (Vertex AI) & Anthropic Claude - Your uploaded screenshots are processed through AI models to generate analysis results. Images are sent to these services for analysis and are not retained by them after processing.

• Google Cloud Privacy: cloud.google.com/privacy
• Anthropic Privacy: anthropic.com/privacy

4.3 Payment Processing

Polar - We use Polar to process subscription payments. When you subscribe, your payment information is handled directly by Polar. We do not store your full credit card details.

• Privacy Policy: polar.sh/legal/privacy

4.4 Email Services

Resend - We use Resend to send transactional emails such as account verification, password resets, and important service notifications.

• Privacy Policy: resend.com/privacy

4.5 Analytics

PostHog - We use PostHog to understand how users interact with our Service. This helps us improve user experience and identify issues.

• Privacy Policy: posthog.com/privacy

4.6 Authentication

Google OAuth - If you choose to sign in with Google, we receive basic profile information from Google to create your account.

• Privacy Policy: policies.google.com/privacy

We retain your data for the following periods:

• Account Information: Retained until you delete your account
• Analysis History (Free Plan): 7 days
• Analysis History (Pro/Max Plan): 90 days
• Uploaded Screenshots: Deleted after analysis processing, or retained for the duration of your analysis history period if you choose to save them
• Payment Records: Retained as required by law (typically 7 years for tax purposes)

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

Depending on your location, you may have certain rights regarding your personal data:

6.1 For All Users

• Access: You can request a copy of your personal data
• Correction: You can update or correct your account information at any time through your account settings
• Deletion: You can delete your account and associated data through your account settings

6.2 For European Economic Area (EEA) Residents (GDPR)

If you are in the EEA, you have additional rights under GDPR:

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data

To exercise any of these rights, please contact us at support@confix.dev. We will respond to your request within 30 days.

6.3 For California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect about you
• Request deletion of your personal information
• Opt-out of the sale of your personal information (we do not sell your data)
• Non-discrimination for exercising your privacy rights

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for the Service to function (e.g., authentication, session management)
• Analytics Cookies: Help us understand how users interact with our Service (PostHog)
• Preference Cookies: Remember your settings and preferences (e.g., dark mode)

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of our Service.

We implement appropriate technical and organizational measures to protect your personal data:

• All data transmitted to and from our Service is encrypted using HTTPS/TLS
• Passwords are securely hashed and never stored in plain text
• Access to personal data is restricted to authorized personnel only
• Regular security assessments and updates
• Secure cloud infrastructure with industry-standard protections

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@confix.dev. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your information, including:

• Standard contractual clauses approved by the European Commission
• Data processing agreements with our service providers
• Compliance with applicable data protection frameworks

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification for significant changes (if you have an account)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

For users in the EEA, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Service to you (account creation, analysis processing)
• Legitimate Interests: Processing for our legitimate business interests (analytics, service improvement, security)
• Legal Obligation: Processing required to comply with legal requirements (tax records, fraud prevention)
• Consent: Processing based on your explicit consent (marketing communications, optional features)

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your privacy rights, please contact us: