Privacy Policy

Who we are

VistaCite (“we”, “us”) is a website audit tool operated by Vamfi Inc. This policy explains what data we collect, how we use it, and your rights over it. If you have questions, email jay@vamfi.org.

What data we collect

We collect only what we need to run audits and operate the service:

• Account data: your email address and a unique user identifier from our authentication provider (Clerk). Optionally your name if you sign in with Google.
• URLs you submit for audit: the web addresses you ask us to analyze, and the resulting score and findings.
• Page content we fetch:when you submit a URL, we fetch the page’s public HTML to analyze it. We do not store the full HTML — only extracted structured data (title, meta tags, headings, schemas, link counts, etc.) and the audit results.
• Usage telemetry: page views, audit events, and basic performance data via PostHog and Vercel Analytics to understand how the product is used.
• Error data: uncaught errors and relevant stack traces sent to Sentry for debugging. We strip PII from stack traces where possible.
• Billing data: none currently. VistaCite is free in its current form. When we add paid plans, this policy will be updated to cover payment processors.

How we use your data

• To run the audit you requested and show you results.
• To send you transactional email when your audit completes or if you request a password reset.
• To prevent abuse (rate limiting, SSRF defense, authentication).
• To understand product usage and improve VistaCite. Aggregate analytics are not tied back to individual identifiers for marketing purposes.
• To comply with legal obligations if they arise.

We do not sell your data. We do not use your submitted URLs or audit results to train machine learning models.

Third-party processors

VistaCite is built on standard SaaS infrastructure. We share the minimum necessary data with each processor to operate the service. All are bound by their own privacy policies, which are linked below.

• Clerk — authentication and session management. clerk.com/privacy
• Neon — managed PostgreSQL database (US East). neon.tech/privacy
• Anthropic (Claude) — LLM used to generate copy-paste fixes. Page excerpts sent to Claude are wrapped in untrusted-content delimiters. Anthropic does not train on API traffic by default. anthropic.com/legal/privacy
• Vercel — hosting and edge network. vercel.com/legal/privacy-policy
• Sentry — error and performance monitoring. sentry.io/privacy
• PostHog — product analytics and session replay. Hosted on US Cloud. posthog.com/privacy
• Upstash — Redis used for rate limiting. upstash.com/trust/privacy
• Resend — transactional email delivery. resend.com/legal/privacy-policy
• Cloudflare — DNS management for vistacite.com. cloudflare.com/privacypolicy

Your rights

You can exercise the following rights at any time:

• Access — request a copy of the data we hold about you.
• Deletion — delete your account. When you do, we receive a webhook from Clerk and automatically cascade-delete all of your audit history from our database within seconds. No manual request required.
• Correction — update inaccurate data about you.
• Portability — export your audits (the .md download button on any audit is a portable artifact of your data).
• Opt out of analytics — if you do not want us to track usage telemetry, email us and we will add your identifier to our exclusion list.

Data retention

Audit results are retained for as long as your account exists. When you delete your account, audits are deleted within seconds via the Clerk user.deleted webhook. Error logs in Sentry follow Sentry’s retention policy (typically 90 days on the free plan). Analytics events in PostHog follow PostHog’s retention policy (typically 365 days on the free plan).

Cookies and local storage

VistaCite uses strictly necessary cookies for authentication (via Clerk). We use PostHog and Vercel Analytics cookies for product analytics. We do not use advertising or tracking cookies.

Children’s data

VistaCite is not intended for anyone under 13. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

Changes to this policy

We may update this policy as VistaCite evolves. Material changes will be announced on the homepage or via email to registered users. The “Last updated” date at the top always reflects the most recent version.

Contact

Questions or requests? Email jay@vamfi.org. We aim to respond within 7 days.