Privacy Policy & Data Practices

1. Introduction

AuditBuffet (“we,” “our,” or “us”) operates auditbuffet.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

Please read this Privacy Policy carefully. By accessing and using AuditBuffet, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect information in the following ways:

Authentication & Account Data

When you create an account, we collect your email address. If you sign in via GitHub OAuth or Google OAuth, we receive your profile information (email, name, and profile picture) from the OAuth provider.

Telemetry Data from Audit Submissions

When you run an audit prompt and submit results to AuditBuffet, we collect structured telemetry data including:

Check Results: Whether individual checks passed, failed, were skipped, or errored
Scores: Computed category scores and overall audit scores
Project Metadata: Detected framework (e.g., Next.js, React), build tool, programming language, and platform type
Audit Metadata: Audit slug, version, and timestamp

What we do NOT collect: We intentionally do not collect source code, file contents, environment variables, API keys, URLs, or personally identifiable information (PII). Telemetry is designed to be anonymized and safe to submit.

Payment Information

We use Stripe to process subscription payments. We do not store your credit card details directly. Stripe securely handles payment processing, and we receive only confirmation of successful transactions.

Analytics & Usage Data

We collect usage data through Vercel Analytics (web vitals, page views) and Sentry error monitoring (to track and fix bugs). This data does not include personally identifiable information.

Cookies

We use cookies for authentication (Supabase session cookies) and analytics. Essential authentication cookies are necessary for the Service to function.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing & Improving the Service: To deliver audit reports, scoring, and benchmarking features
Benchmarking & Analytics: To compute percentile rankings and industry benchmarks across anonymous submissions
Account Management: To authenticate users, send password resets, and manage subscription billing
Communication: To send you service updates, security notices, and support responses (with your consent)
Error Monitoring: To track bugs and improve stability via Sentry
Legal Compliance: To comply with applicable laws and enforce our Terms of Service

4. Data Storage & Security

Your data is stored on Supabase (PostgreSQL database) hosted in secure data centers. We implement the following security measures:

All data in transit is encrypted using TLS/SSL (HTTPS)
Database encryption at rest via Supabase security standards
Row-level security (RLS) policies to restrict data access
Regular security audits and monitoring
No direct access to passwords (stored with bcrypt hashing)

However, no security system is impenetrable. While we strive to protect your information, we cannot guarantee absolute security. You use the Service at your own risk.

5. Third-Party Services

AuditBuffet relies on the following third-party services:

Supabase: Database, authentication, and hosting. Supabase Privacy Policy
Stripe: Payment processing. Stripe Privacy Policy
Vercel: Web hosting and analytics. Vercel Privacy Policy
Sentry: Error monitoring and performance tracking. Sentry Privacy Policy
GitHub & Google: OAuth authentication providers. Review their respective privacy policies.

These third parties may collect and process data according to their own privacy policies. We encourage you to review them.

6. Cookies & Analytics

We use cookies for the following purposes:

Authentication: Supabase session cookies (essential for the Service to function)
Analytics: Vercel Analytics collects web vitals and usage data to help us improve performance

Most browsers allow you to refuse cookies or alert you when cookies are being sent. If you disable cookies, some features of the Service may not work properly.

7. Data Retention

We retain your personal data as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time (see “Your Rights” below).

Audit submission data is retained indefinitely to support benchmarking and trend analysis. However, submissions are stored anonymously and do not contain personally identifiable information.

8. Your Rights

You have the right to:

Access: Request a copy of the personal data we hold about you
Rectification: Request that we correct inaccurate or incomplete data
Deletion: Request deletion of your account and associated personal data (subject to legal retention requirements)
Portability: Request a machine-readable copy of your data
Opt-Out: Opt out of analytics or marketing communications

To exercise these rights, please contact us at the address in the “Contact” section below.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date.

Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

10. Contact

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

AuditBuffet

Email: support@auditbuffet.com

Website: auditbuffet.com