This Privacy Policy explains how Onswer ("we", "our", "us") collects, uses, and protects information when you use onswer.app and our free audit tool. We keep it short and direct.
1. What we collect
When you run a free audit we collect:
- The domain you submit (e.g.
example.com). - Your email address.
- Your IP address and a basic user-agent string, used for abuse prevention.
- The AI audit data we generate for that domain: queries asked, model responses, mentions detected, recommendations produced.
We do not collect anything else: no fingerprinting, no behavioural ads, no third-party trackers beyond the analytics listed in section 4.
2. Why we collect it
- To run your audit: the domain is sent to multiple large-language models via our infrastructure partner OpenRouter to generate the report.
- To return your results: each audit gets a unique URL; the email is used to confirm requests and contact you about the result.
- To prevent abuse: the IP + email + domain triple lets us rate-limit unfair use of the free tier.
- To send relevant follow-ups: if your audit shows clear gaps, we may email tips on how to fix them. You can opt out from every email in one click.
3. Third parties that process your data
We use the smallest possible set of vendors:
- OpenRouter — runs the LLM queries that power audits. Receives the domain and the query text, not your email or IP.
- Vercel — hosts the public site (
onswer.app). - Anthropic — model provider used for query generation and recommendation analysis.
- Hosting provider for the API and database (located in the EU/US — we publish exact regions on request).
We do not sell your data. Ever.
4. Analytics & cookies
We use a minimal analytics stack:
- Google Analytics 4 for aggregate traffic stats (pages viewed, bounce, geography). Cookie-based.
- Meta Pixel for paid-acquisition attribution. Cookie-based.
You can disable these via your browser's privacy controls, an ad-blocker, or by declining the cookie banner where required by law.
5. How long we keep your data
- Free audits and their results: stored for up to 12 months, then anonymised or deleted.
- Email address (audit only, no account): stored for up to 12 months unless you ask earlier.
- Logs (IP, user-agent): kept 90 days for abuse investigation, then rotated out.
6. Your rights
Wherever you live (LGPD in Brazil, GDPR in the EU, CCPA in California, or no specific law at all), we honour these standard rights:
- Access: ask us what we have about you.
- Deletion: ask us to delete it.
- Correction: ask us to fix anything wrong.
- Portability: ask us to export your data in JSON.
- Objection: tell us to stop processing your data.
Send any of these requests to privacy@onswer.app. We respond within 30 days, usually faster.
7. Children
Onswer is not intended for users under 16. We do not knowingly collect data from minors. If you believe we have, email privacy@onswer.app and we'll delete it.
8. Security
We use HTTPS everywhere, hashed passwords (bcrypt) when accounts exist, prepared SQL statements, and host on infrastructure with audited security practices. No system is perfect; if we ever have a breach affecting you we will notify you within 72 hours, as required by GDPR.
9. Changes
If we change this policy materially we'll update the "Effective" date above and notify users with active audits by email at least 14 days before the change takes effect.
10. Contact
For anything privacy-related: privacy@onswer.app.
For everything else: hello@onswer.app.