Privacy Policy
Effective date: June 12, 2026
1. Who we are
2. What data we collect
We collect only what is necessary to provide the service:
- URLs you submit — to run the audit. We do not crawl or store the content of your pages beyond what is needed to generate the report.
- Account data — if you sign up: your email address, provided via Supabase Auth (supports magic link and OAuth).
- Payment data — processed by PayPro Global (Merchant of Record). We never see or store your card details.
- Usage data — scan history linked to your account (URL, scores, timestamp).
- Technical data — standard server logs (IP address, browser, timestamps) retained for up to 30 days.
3. How we use your data
- To run scans and generate reports for you.
- To manage your account and subscription.
- To send transactional emails (scan complete, billing receipts). We do not send marketing emails without your consent.
- To detect abuse and protect the service.
4. Third-party services
- Supabase — database and authentication (EU region). Privacy policy.
- PayPro Global — payment processing and billing (Merchant of Record). Privacy policy.
- Vercel — hosting and edge functions. Privacy policy.
- OpenAI — AI-generated report enrichment and fix prompts. URLs and issue data are sent to generate prompts. Privacy policy.
- RDAP (rdap.org) — public domain registry service used to determine domain age. The scanned domain name is sent to retrieve its registration date.
- Reddit Search API — Reddit's public search API. The domain name is sent to check for mentions of the site on Reddit.
- GitHub Search API — GitHub's public API. The domain name is sent to search for associated repositories.
4a. Payment processing and PayPro Global
PayPro Global acts as Merchant of Record and processes all payment and customer billing data on Glook's behalf. We do not store card numbers, payment credentials, or sensitive payment information — all payment processing is handled exclusively by PayPro Global in accordance with their privacy policy.
We receive webhooks from PayPro Global containing subscription status events (paid, overdue, cancelled). This information is used solely to grant or revoke access to your account and platform features.
5. Cookies
6. Data retention
- Scan results are retained as long as your account is active.
- Anonymous scans (no account) may be deleted after 30 days.
- You can request deletion of your data at any time by emailing us.
6a. Report visibility
7. Your rights (GDPR)
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Object to or restrict processing.
- Data portability.