Legal
Privacy Policy
Effective July 2, 2026
1. The short version
We collect the minimum needed to run a metered API: an email address for your key, usage records for billing and abuse prevention, and the URLs you ask us to analyze. We do not sell personal data and we do not run third-party ad trackers.
2. What we collect
- Email address, when you request a trial key, buy Pro, or join the waitlist. Used to deliver your key and service messages.
- Usage events: for each tool call we record the key, tool name, a truncated argument summary, outcome, timing, and country. This is how metering, billing, and debugging work.
- IP addresses, kept transiently for rate limiting and abuse prevention.
- Submitted URLs and page content: when you run a scan or critique, we fetch and render the page you point us at to analyze it.
- Site analytics: we use Vercel Analytics, which is cookieless and aggregates events like page views and button clicks without building visitor profiles.
We never see or store your card details. Checkout runs entirely through Paddle, our merchant of record. Paddle sets the cookies it needs to process payment when you open checkout.
3. How we use it
- Providing and metering the Service against your plan.
- Preventing abuse (rate limits, fraud checks).
- Transactional email: key delivery, receipts, service notices. No marketing email without your consent.
- Improving the product from aggregate usage patterns.
4. Who processes it for us
We share data only with the processors that run the Service:
- Vercel (hosting, cookieless analytics)
- Supabase (database)
- Paddle (payments, merchant of record)
- Resend (transactional email)
- OpenAI (analysis of scanned page content; API data is not used to train their models)
Each processes data under its own terms and only to provide the Service. We do not sell personal data to anyone.
5. Retention and your rights
Account and usage records are kept while your key is active and for as long as needed for billing records and abuse prevention. Email us to access, correct, or delete the personal data we hold about you, or to close your account; we will respond within 30 days. Deleting your data ends any active key.
6. Children
The Service is not directed at children under 16, and we do not knowingly collect their data.
7. Changes and contact
Material changes to this policy will be posted here with a new effective date. Questions or requests: director@limitlessfiji.org.
See also our Terms of Service.