Laudia

Privacy Policy

Last updated

This policy explains what personal data Laudia collects when you use laudia.ai, why we collect it, and the rights you have. We keep this short and specific: we collect very little.

What we collect, and why

When you use the free audit, here is what we collect directly:

  • Your email address and the website you submit, when you unlock the full AI-engine report. We use them to run the report, email it to you, and, as the form says, follow up once about your results and Laudia. Legal basis: to provide the report you asked for, and the notice you see when you submit the form. Every email carries an unsubscribe link, and we record which notice wording you saw and when.
  • Your details when you register interest in a paid plan: your email, your company or website, and, if you add them, your name, a comment, and the early-test-customer preference. We use them to contact you about that request. Legal basis: your consent when you submit the form. Please do not put sensitive personal information in the comment field; we do not ask for any.
  • Your IP address, used only in the moment to rate-limit abuse and to run the Cloudflare Turnstile spam check. It is not written to our database. Legal basis: our legitimate interest in keeping the free audit available and free of abuse.
  • Basic error logs, if something breaks, so we can fix it. We switch off automatic collection of IPs and request bodies, so they are not used to gather personal data. Legal basis: our legitimate interest in a reliable service.

The website you audit

When you submit a domain, we fetch its public pages, the same pages anyone can view, to compute your Laudia Score. We then ask public AI assistants how they describe that brand.

Only the public brand name and domain reach those AI assistants. We never send them your email or any other personal data.

When you connect your online store

If you subscribe and connect your store or CMS (for example Shopify or WordPress), you authorise Laudia to publish the fixes you approve. We access only what is needed for that, your theme or site files, and we publish nothing without your explicit approval of the exact change.

If you turn on AI-referral attribution, we also read order-level referrer data for your orders: the referring site, the landing page, the order total, the currency, and the order date. We use this only to show you which of your orders arrived from AI assistants. We store no customer names, email addresses, phone numbers, or postal addresses. None of your customers' personal data reaches or stays with us.

Legal basis: performing the subscription service you asked for. You can disconnect at any time, which deletes the stored access. If you uninstall our Shopify app, or ask us to erase this data, we delete it, and we honour Shopify's data-erasure requests.

Cookies and local storage

We use functional storage that the site needs to work: your language, your currency choice, and display preferences. These are necessary and are not used for advertising.

We count page visits anonymously, without cookies or any identifier, which needs no consent. For deeper analytics we use PostHog (on EU servers), and only after you accept: this uses cookies and may include your approximate location (country, derived from your IP), your device and browser, and a session replay of your visit with all form fields masked (we never capture what you type). It is never used for advertising, we do not sell your data, and you can decline or withdraw at any time.

Who processes data for us

We rely on a small set of service providers to run laudia.ai. Each processes data only on our instructions.

ProviderPurposeLocation
SupabaseDatabase and file storage (your report, lead record)Switzerland (Zurich)
InfomaniakEmail inbox and domain hostingSwitzerland
VercelWebsite hosting and the app runtimeEU (Frankfurt)
UpstashShort-lived cache and rate-limitingEU (Frankfurt)
InngestRuns the audit pipeline in the backgroundUSA
ResendSends your report by emailUSA
CloudflareSpam and bot protection (Turnstile)USA / global
SentryError monitoring (no personal data)USA
PostHogProduct analytics + session replayEU (Frankfurt)
Anthropic, OpenAI, Google, PerplexityAI assistants we query about public brandsUSA

Where your data is stored

Your report and your lead record are stored in Switzerland (Zurich), our email and domain run on Swiss infrastructure (Infomaniak), and the app itself runs in the EU (Frankfurt). Switzerland is recognised by the EU as providing an adequate level of data protection.

A few of the providers above are based in the United States or use global infrastructure. Where data reaches them, the transfer is covered by the EU Standard Contractual Clauses or an equivalent safeguard.

How long we keep it

Your report stays available for 30 days. After that the private link expires and the report can no longer be opened. The short-lived rate-limiting record tied to your IP expires within about an hour.

We keep your email and submitted details to operate and improve the free audit and to follow up as described above. You can ask us to delete them at any time, and we will. We also review inactive lead records ourselves and delete them after at most 24 months of inactivity.

If you opt out of emails, we keep just your email address on our do-not-contact list, together with when and how you opted out, so the opt-out sticks.

Follow-up emails and opting out

When you unlock a report, we email it to you and may follow up once about your results. Beyond that, we email you only when you asked us to, for example after you register interest in a paid plan or in early access.

Our automated emails carry a one-click unsubscribe link, and for any email from us, a plain reply saying no works just as well. Either way we put your address on our do-not-contact list and stop.

If we wrote to you and you never used laudia.ai: we occasionally contact businesses individually, using publicly available business contact details and grounded in a real audit of that business's public website. Legal basis: our legitimate interest in offering a relevant service. Reply once and we stop, permanently, the same way.

Your rights

You can ask to access, correct, or delete your data, to restrict or object to its processing, or to receive it in a portable form. Where we rely on consent, you can withdraw it at any time. Just write to hi@laudia.ai.

You can also complain to a data-protection authority: in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC); in the EU or EEA, your local supervisory authority.

Security

Data is encrypted in transit. Access is restricted, the database enforces row-level security, and report files sit behind unguessable links that expire. We design the audit so it never needs your customer or patient data.

Changes

If we change this policy, we will update the date above and, for material changes, make it clear on the site.

Who is responsible

The controller for the data described here is BlockNovum GmbH (Swiss limited liability company), Josefstrasse 112, 8005 Zürich, Switzerland.

For any privacy question or request, contact hi@laudia.ai.