Privacy

What we collect, what we don't.

Self-hosted analytics

We run our own analytics. No Google Analytics, no Facebook Pixel, no third-party tracking scripts. Page-view and event data lives only on our server, in our database.

What we collect on every page view

• The path you visited (e.g. /agencies) and HTTP method
• The response status (200, 404, etc.) and how long it took us to render
• An anonymous visitor cookie (random hex, scoped to your browser, expires after 365 days) so we can count returning visits without linking you to an account
• The site that referred you (host + path), if any — never the full referrer query string beyond UTM tags
• A coarse browser-family bucket (chrome / firefox / safari / etc.) — never the full User-Agent

We do not store your IP address. Bot traffic and authenticated admin visits are excluded entirely. Sending DNT: 1 opts you out of all page-view recording.

Named events

When you do something specific — start an audit, register an account, sign up for an agency — we record a named event with a small JSON payload (audit ID, tier, score). Events never include your email, name, or any personal identifier; they reference your account via internal ID only.

What we share with third parties

Nothing analytics-related. We do call third-party APIs to perform audits (Anthropic, OpenAI, Mistral, Perplexity for AI sentiment; PageSpeed Insights / our self-hosted Lighthouse runner for performance) — but those calls are about the URL you submitted to be audited, not about you.

Retention

Raw page-view rows are deleted after 90 days. Named events are kept longer (they're aggregable and useful for product decisions). You can request deletion of your account and all associated data at any time by emailing support@audora.one.

Cookies

Two cookies: a session cookie (for login) and an anonymous visitor cookie (for analytics attribution). Both are first-party. No third-party cookies. Ever.