Rumored
Scan Your Brand

Privacy Policy

Last updated: March 25, 2026

1. What We Collect

We collect the following information:

  • Account information: your email address and name when you sign up.
  • Brand data: domain URLs, brand names, competitor names, and other brand-related information you provide.
  • AI model responses: what AI models say about your brand when we query them on your behalf. These are publicly queryable by anyone.
  • Ground truth data: information sourced from your public website and public third-party sources (reviews, news, knowledge graphs).
  • Usage data: basic analytics about how you use the Service (pages visited, features used).
  • Payment information: processed entirely by Stripe. We never see or store your full card number.

2. How We Use It

  • Deliver the Service: run scans, generate threat reports, and monitor AI model outputs.
  • Process payments and manage your subscription.
  • Send transactional emails (scan results, weekly digests, threat alerts).
  • Improve the Service based on aggregate usage patterns.

We do not sell, rent, or trade your personal information.

3. Payment Processing

All payment processing is handled by Stripe. We never see or store your full credit card number. Stripe’s privacy policy governs the handling of your payment data.

4. Data Sharing

We share data only with the following third parties, and only as necessary to operate the Service:

  • Stripe — payment processing.
  • AI model providers (OpenAI, Google, Anthropic, Perplexity) — we send brand names and queries to these APIs. We do not send your personal information, email, or account details.
  • Email service provider — for transactional email delivery.

We do not share your findings with other customers or competitors.

5. Cookies

We use session cookies for authentication. These are essential cookies required for the Service to function. We do not use third-party tracking cookies or advertising cookies.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all associated data within 30 days. You can request immediate deletion by emailing us.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Export your data in a standard format.

To exercise any of these rights, email [email protected].

8. Security

All data is encrypted in transit (TLS) and at rest. Sensitive credentials such as API keys and OAuth tokens are encrypted at the application level using Rails encrypted attributes. We follow industry-standard security practices to protect your data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before they take effect.

10. Contact

Questions about this policy? Email us at [email protected].