GDPR — your rights, our job.
We process personal data under the GDPR. This page explains what we collect, why, on which legal basis, who else processes it, and how to exercise your rights.
What we collect & why
- Account infoEmail, name. Legal basis: contract.
- Audited URLs & promptsThe sites and queries you configure. Legal basis: contract.
- Citation snapshotsOutputs from LLM providers. Legal basis: contract.
- Billing dataStripe customer ID, plan, invoice history. Legal basis: contract + legal obligation.
- IP address (Free Audit Express)For rate-limiting only. Stored 7 days. Legal basis: legitimate interest (anti-abuse).
- Product analyticsAnonymous, aggregate usage. Legal basis: legitimate interest. Opt-out available.
Your rights
Right of access
Request a full copy of the personal data we hold about you. We reply within 30 days.
Right to rectification
Update inaccurate or incomplete data directly from /dashboard/account or by emailing us.
Right to erasure
Delete your account from /dashboard/account. Backups are purged within 30 days.
Right to data portability
Export everything in your account as JSON from /dashboard/account.
Right to object
Object to processing for marketing purposes — we'll honor it within 7 days.
Right to restrict processing
Pause processing on a specific dataset while a dispute is resolved.
To exercise any of these, email privacy@acribe.com. You also have the right to lodge a complaint with your local supervisory authority.
Subprocessors
The third parties that process personal data on our behalf. Updated whenever we add or remove one.
- VercelHosting & computeEU + US
- SupabaseDatabase, auth, storageEU
- StripeBilling & paymentEU + US
- OpenAIChatGPT audit callsUS
- AnthropicClaude audit callsUS
- GoogleGemini & AI Overviews audit callsEU + US
- PerplexityPerplexity audit callsUS
- ResendTransactional emailEU
- CloudflareTurnstile anti-abuseGlobal edge
Standard Contractual Clauses are in place with all US-based subprocessors. Last reviewed: May 2026.