Privacy Policy

Last updated: March 29, 2026

1. Who we are

roast.page is an AI-powered landing page analysis tool operated by an individual, not a corporation or legal entity. This policy explains what data we collect, why we collect it, and your rights regarding that data.

2. What we collect

  • URLs you submit — the web address you provide for analysis, along with publicly available content from that page (text, metadata, screenshots) used to generate the analysis report.
  • Account information — if you create an account: your email address, display name, and avatar from your OAuth provider (Google or GitHub).
  • Payment information — payment details are collected and processed entirely by our merchant of record (Lemon Squeezy). We do not store your credit card number or payment credentials.
  • Usage data — for users without an account, we use an HttpOnly cookie and IP address to enforce free-tier usage limits. We also collect anonymous, aggregated usage analytics (page views, feature interactions) via Google Analytics and Vercel Analytics.
  • Error reports — our error monitoring service (Sentry) may capture technical error data, which could include the URL being analyzed, to help us diagnose and fix issues.

3. How we use your data

  • To perform the landing page analysis you request and generate your report.
  • To store your analysis history if you have an account.
  • To process purchases and manage your account.
  • To enforce usage limits and prevent abuse of the free tier.
  • To monitor for errors, diagnose issues, and improve the Service.
  • To send transactional communications (e.g., purchase receipts). We do not send marketing emails.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract performance — processing necessary to provide the Service you requested (analyzing URLs, managing your account, processing purchases).
  • Legitimate interest — processing necessary for our legitimate business interests, such as preventing abuse, improving the Service, and monitoring for errors. We balance these interests against your privacy rights.
  • Consent — for optional analytics cookies and any other processing where we ask for your consent. You may withdraw consent at any time.

5. AI analysis and data processing

When you submit a URL, the publicly accessible content of that page (text, metadata, and screenshots) is sent to a third-party AI provider for analysis. The AI provider processes this data in accordance with their own privacy policy and data processing terms. AI-generated results are informational only and may contain inaccuracies.

6. Third-party service providers

We use the following categories of third-party providers to operate the Service. Each provider processes data in accordance with their own privacy policy:

  • Cloud infrastructure and hosting — database, authentication, file storage, and web hosting.
  • AI processing — generates the analysis from page content and screenshots.
  • Screenshot capture — captures images of the submitted URL.
  • Performance metrics — retrieves publicly available page speed and performance data.
  • Payment processing — Lemon Squeezy (merchant of record) handles all payment transactions.
  • Analytics — anonymous, aggregated product analytics.
  • Error monitoring — technical error tracking to maintain service reliability.

7. International data transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your data to these countries. We use commercially reasonable measures to ensure your data is treated securely and in accordance with this policy.

8. Data retention

Analysis reports and associated screenshots are retained for as long as your account is active, or indefinitely for anonymous analyses (to power shared report links). If you delete your account, your profile, credit history, and analysis history are permanently removed within 30 days. Anonymized, aggregated data (e.g., analytics) may be retained indefinitely.

9. Cookies

We use cookies for: (a) authentication and session management; (b) an HttpOnly cookie to track free-tier usage for users without an account. We do not use advertising or tracking cookies. Our analytics provider can operate in cookieless mode for users who decline optional cookies.

10. Data selling and sharing

We do not sell, rent, or trade your personal data. We do not share your data with third parties except as described in this policy (i.e., service providers necessary to operate the product).

11. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate personal data.
  • Erasure — request deletion of your personal data. You can do this directly from your account settings, or by contacting us.
  • Restriction — request that we restrict processing of your personal data in certain circumstances.
  • Portability — request a machine-readable copy of your personal data.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at contact@roast.page. We will respond within 30 days.

12. California residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us using the details below.

13. Children's privacy

roast.page is not directed at children under 16. We do not knowingly collect personal data from anyone under 16 years of age. If we learn that we have collected data from a child under 16, we will delete it promptly.

14. Security

We use commercially reasonable technical and organizational measures to protect your data. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

15. Changes to this policy

We may update this policy from time to time. We will note the date of the last update at the top of this page. Material changes will be communicated through the Service or via email (for account holders). Continued use of the Service after changes constitutes acceptance.

16. Contact

Questions about this policy or your data? Contact us at contact@roast.page or on Twitter/X.