BrutalRoast
← Back to BrutalRoast

Privacy Policy

Last updated: May 30, 2026

This policy explains what data BrutalRoast collects, why, and your rights over it. We keep it short and honest, like the product.

Who is responsible

BrutalRoast is operated by NS Participations, a French SASU (SIREN 884 245 051), registered at 4 rue de la République, 69001 Lyon, France. Data controller and contact: hello@brutalroast.io.

What we collect

  • Account: your email address, and (for Google/GitHub sign-in) your name and profile photo.
  • Usage: the URLs you submit to audit, the generated reports, and your plan/quota.
  • Payments: handled by Stripe. We never see or store your card number — only Stripe's payment metadata (status, customer email, last 4 are kept by Stripe).
  • Technical: your IP address, used only to rate-limit abuse, and standard server logs.

Why we use it (legal bases)

  • To deliver the audit you requested and manage your account — performance of our contract.
  • To prevent abuse and protect the service — our legitimate interest.
  • To process payments — performance of our contract / legal obligation.
  • Any analytics, if added later, only with your consent.

Who processes your data (sub-processors)

We use trusted providers who process data on our behalf: Supabase (database & authentication), Stripe (payments), Anthropic (AI analysis of page content), Resend (transactional email), Vercel (hosting), Upstash (rate-limiting), Plausible (cookieless analytics), and Google/GitHub (sign-in, if you use them). Some are based in the United States, so your data may be transferred there under appropriate safeguards (Standard Contractual Clauses).

How long we keep it

Account and roast data are kept while your account is active and for up to 24 months after, then deleted or anonymized. Payment records are kept as required by law (up to 10 years for accounting). You can ask us to delete your data sooner.

Your rights

You can access, correct, export, or delete your data, and object to or restrict its use. Email hello@brutalroast.io and we'll action it. If you're in the EU and unhappy with our response, you can complain to your data protection authority — in France, the CNIL.

Cookies & analytics

We only use strictly necessary cookies: a session cookie to keep you signed in, and cookies Stripe sets during checkout. We do not run advertising or cross-site tracking cookies. For audience measurement we use Plausible Analytics — it is cookieless, stores no personal data, and never tracks you across sites, so under GDPR/CNIL guidance it requires no consent banner. None of this needs your consent.