Privacy Policy
Last updated: November 26, 2025

1. Introduction

Welcome to notavailableinyourcountry.com ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services. By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address for authentication via magic link
  • Website Information: Domain names, sitemap URLs, Google Analytics 4 Property IDs, and Google Search Console site URLs that you provide
  • Integration Credentials: OAuth tokens for Google Analytics 4 and Google Search Console (stored encrypted)

2.2 Automatically Collected Information

  • Website Analytics Data: Sessions, page views, engagement metrics, and conversion data from your Google Analytics 4 properties
  • Search Console Data: Search performance metrics from Google Search Console for websites you authorize
  • Screenshots: Automated screenshots of the website pages you import via sitemap
  • Usage Data: Information about how you interact with our service, including pages visited and features used
  • Technical Data: IP address, browser type, device information, and operating system

2.3 Third-Party Data

We retrieve data from the following third-party services on your behalf:

  • Google Analytics 4: Website traffic, user behavior, and conversion metrics
  • Google Search Console: Search query performance, impressions, clicks, and rankings

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, operate, and maintain our website analysis and reporting services
  • Data Analysis: To analyze your website performance using AI-powered classification and generate strategic reports
  • Authentication: To verify your identity and manage your account access
  • Integration Management: To connect and sync data from your Google Analytics and Search Console accounts
  • Report Generation: To create customized reports combining your analytics data with AI-generated insights
  • Service Improvement: To understand usage patterns and improve our features and user experience
  • Communication: To send you service-related emails, including authentication links and important updates
  • Security: To detect, prevent, and address technical issues and potential security threats

4. Data Storage and Security

4.1 Storage Infrastructure

Your data is stored using the following services:

  • Supabase (PostgreSQL): Stores user accounts, workspace data, site information, page classifications, reports, and encrypted integration tokens
  • Supabase Storage: Stores website screenshots with 180-day retention policy
  • Railway: Hosts our application infrastructure in secure data centers

4.2 Security Measures

  • Encryption: OAuth access tokens and refresh tokens are encrypted using AES-256-GCM encryption before storage
  • Authentication: Passwordless authentication via magic link email verification
  • Access Control: Row-level security policies ensure users can only access their own workspace data
  • HTTPS: All data transmission is encrypted in transit using TLS/SSL
  • Token Management: OAuth tokens are automatically refreshed and expired tokens are securely deleted

4.3 Data Retention

  • Screenshots: Automatically deleted after 180 days
  • Analytics Data: Retained as long as your account is active or as needed to provide services
  • Account Data: Retained until you request deletion of your account
  • OAuth Tokens: Stored encrypted until you disconnect the integration or delete your account

5. Third-Party Services

We use the following third-party services to operate our platform:

5.1 Infrastructure and Hosting

  • Railway: Application hosting and deployment infrastructure
  • Supabase: Database, authentication, and file storage services

5.2 Analytics and Data Sources

  • Google Analytics 4: Retrieves website analytics data via Google Analytics Data API (requires your explicit OAuth authorization)
  • Google Search Console: Retrieves search performance data via Google Search Console API (requires your explicit OAuth authorization)

5.3 AI and Processing

  • OpenAI: Powers AI-driven page classification and report generation using GPT-4o. We send page URLs, titles, and analytics metrics to OpenAI for analysis. OpenAI's data usage policies apply to this processing.

5.4 Browser Automation

  • Puppeteer/Chromium: Used to capture screenshots of your website pages for visual analysis

Each third-party service has its own privacy policy and terms of service. We encourage you to review:

6. Data Sharing and Disclosure

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Service Providers

We share data with third-party service providers only to the extent necessary to:

  • Host and operate our services (Railway, Supabase)
  • Process and analyze data (OpenAI for AI-powered features)
  • Authenticate and authorize your access to Google services (Google OAuth)

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to request access to the personal information we hold about you and receive a copy in a structured, commonly used format.

7.2 Correction

You can update your account information and site settings directly through the dashboard interface.

7.3 Deletion

You have the right to request deletion of your account and associated data. You can disconnect Google integrations at any time through the Settings page, which will delete your OAuth tokens.

7.4 Withdraw Consent

You can revoke our access to your Google Analytics and Search Console data at any time by:

7.5 Contact Us

To exercise any of these rights, please contact us at the email address provided in Section 12.

8. Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • Scopes Requested: We request read-only access to Google Analytics (analytics.readonly) and Google Search Console (webmasters.readonly)
  • Purpose: Data is used solely to provide website performance analysis and reporting services to you
  • No Unexpected Use: We do not use Google user data for purposes unrelated to providing our core service functionality
  • No Human Review: Your Google data is processed algorithmically; no human manually reviews your data except for debugging with your explicit permission
  • No Transfers: We do not transfer your Google user data to third parties except as necessary to provide our services (e.g., OpenAI for AI analysis) or as required by law

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. By using our service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

10. Children's Privacy

Our service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes are effective immediately upon posting.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@notavailableinyourcountry.com

Website: notavailableinyourcountry.com

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we collect
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us using the information in Section 12.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on your consent and our legitimate interests in providing services
  • Right to Access: You can request access to your personal data
  • Right to Rectification: You can request correction of inaccurate data
  • Right to Erasure: You can request deletion of your data
  • Right to Restrict Processing: You can request limitation of data processing
  • Right to Data Portability: You can request your data in a portable format
  • Right to Object: You can object to data processing based on legitimate interests
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority