🔒 your data is safe with us 🔒 your data is safe with us 🔒

CI HQ

privacy policy

← back to home

Effective Date: January 15, 2025

Last Updated: January 15, 2025

hi! 👋 this is our privacy policy for CI HQ and our chrome extension. we believe in being transparent about how we handle your data.

Contact Information: dashboard.getcihq.com

information we collect

the short version: we only collect what we need to make the tool work well for you.

1. account information

when you create an account with CI HQ, we collect:

  • email address: required for authentication via magic link
  • user id: automatically generated by our authentication system
  • authentication tokens: for secure session management

2. website analysis data

when you use our extension to analyze websites, we collect:

  • urls: of websites you choose to analyze
  • website content: page titles, headings, text content, button labels, navigation elements, form structures (but not form data), image alt text, meta tags, HTML source code (limited portions)
  • analysis results: generated by AI processing
  • timestamps: of when analyses were performed

3. usage and technical data

we automatically collect:

  • browser information: chrome extension usage
  • extension preferences: and settings
  • api usage statistics: for monitoring and billing
  • error logs: for troubleshooting and improvement

4. stored analysis data

your analysis history includes:

  • analysis reports: generated by AI
  • user-defined tags: and categories for organizing analyses
  • favorite analyses: marked by you
  • analysis metadata: model used, token count, analysis type

how we use your information

1. core service functionality

  • website analysis: process website content through AI models to generate competitive intelligence reports
  • data storage: store your analysis results for future reference and comparison
  • account management: maintain your user account and authentication sessions

2. service improvement

  • performance monitoring: track API usage and system performance
  • feature development: understand how users interact with our service to improve functionality
  • error resolution: diagnose and fix technical issues

3. communication

  • authentication: send magic link emails for secure login
  • service updates: notify you of important changes or updates (if you opt-in)

we never: sell your data, share it with competitors, or use it for advertising

data processing and third-party services

1. supabase (database and authentication)

  • purpose: user authentication, data storage, and API management
  • data shared: email addresses, analysis data, user preferences
  • location: supabase infrastructure (various global regions)
  • privacy policy: supabase.com/privacy

2. openai (ai processing)

  • purpose: generate competitive intelligence analysis using AI models
  • data shared: website content and analysis prompts (via our secure edge function)
  • models used: GPT-4o-mini, GPT-4o, o3-mini, o3 (as selected by user)
  • privacy policy: openai.com/privacy
  • note: your OpenAI API key is never stored in the extension; all requests go through our secure server

3. helicone (optional - api monitoring)

  • purpose: monitor API usage and performance (if configured)
  • data shared: API request metadata and user IDs
  • privacy policy: helicone.ai/privacy

data security

1. security measures

  • encryption: all data is encrypted in transit (HTTPS/TLS) and at rest
  • authentication: secure magic link and OAuth authentication
  • access control: row level security (RLS) ensures users can only access their own data
  • api security: all API requests require user authentication

2. data isolation

  • user separation: each user's data is isolated using database-level security policies
  • session management: secure token-based authentication with automatic expiration
  • extension security: no sensitive API keys stored in the browser extension

data retention

1. account data

  • active accounts: retained while your account remains active
  • account deletion: all associated data is permanently deleted when you delete your account

2. analysis data

  • user control: you can delete individual analyses at any time through the dashboard
  • automatic cleanup: we may periodically clean up very old analyses (after 2+ years of inactivity)

3. technical data

  • logs: error logs and usage statistics are retained for up to 90 days
  • session data: authentication sessions expire automatically

your rights and choices

1. data access

  • dashboard access: view all your stored analyses through the web dashboard
  • export: download your analysis data (contact us for assistance)

2. data control

  • delete analyses: remove individual analyses from your account
  • account deletion: delete your entire account and all associated data
  • update information: modify your account settings and preferences

3. communication preferences

  • magic link authentication: required for service functionality
  • marketing communications: we do not send marketing emails unless you explicitly opt-in

data sharing and disclosure

1. no data sale

we do not sell, rent, or trade your personal information to third parties.

2. service providers

we share data only with essential service providers:

  • supabase: for data storage and user authentication
  • openai: for AI-powered analysis (via our secure proxy)
  • helicone: for API monitoring (if configured)

3. legal requirements

we may disclose information if required by law, court order, or to protect our rights and safety.

international data transfers

your data may be processed in countries other than your own, including:

  • supabase: various global regions based on your project configuration
  • openai: united states
  • our infrastructure: based on service provider locations

we ensure appropriate safeguards are in place for international transfers.

children's privacy

our service is not intended for users under 13 years of age. we do not knowingly collect personal information from children under 13.

changes to this privacy policy

we may update this privacy policy periodically. we will notify you of material changes by:

  • updating the "last updated" date at the top of this policy
  • providing notice through the extension or dashboard (for significant changes)

compliance

this privacy policy is designed to comply with:

  • gdpr: general data protection regulation
  • ccpa: california consumer privacy act
  • other applicable privacy laws

contact us

if you have questions about this privacy policy or our data practices:

for GDPR-related requests or concerns, please contact us using the information above.

summary of key points:

  • what we collect: email addresses, website content you choose to analyze, and analysis results
  • how we use it: to provide competitive intelligence analysis and store your results securely
  • who we share with: only essential service providers (supabase, openai) - never sold to third parties
  • your control: you can view, delete, or export your data at any time
  • security: enterprise-grade encryption and security measures protect your data
  • no tracking: we don't track your browsing or use your data for advertising
← back to home 📞 book a call