Privacy Policy

Last updated: February 16, 2026

1. Introduction

99Visibility ("we", "us", "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information. This policy applies to 99visibility.com and all related services provided by 99Visibility, a product of Torch99.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

We collect information in the following categories:

Account Information

Information you provide when creating an account:

Email address
Name
Company name

Brand Data

Information you provide to configure your audits:

Domain name
Brand name
Brand description
Target keywords and queries
Competitor information

Audit Data

Information collected when we run audits on your behalf:

AI platform responses related to your brand
Visibility scores and metrics
Recommendations generated by our analysis engine

Usage Data

Information collected automatically when you use our services:

Pages visited and features used
Device and browser information
IP address

Payment Information

When you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc., our payment processor. Stripe collects and processes your payment card details directly — we never receive, store, or have access to your full card number or payment credentials.

We receive from Stripe only:

Subscription status and plan tier
Transaction IDs and invoice references
Billing country (for tax purposes)
Stripe customer ID

3. How We Use Your Information

We use the information we collect for the following purposes:

Provide the service: Run brand audits across AI platforms, generate visibility scores, and create actionable recommendations.
Improve the service: Analyze usage patterns to enhance features, fix bugs, and optimize performance.
Send notifications: Deliver audit completion alerts, critical accuracy alerts, and optional weekly digest emails.
Communicate about your account: Send account-related and billing communications.
Comply with legal obligations: Meet applicable legal and regulatory requirements.

4. Data Storage and Security

Your data is stored on Supabase (PostgreSQL) hosted infrastructure. We implement industry-standard security measures to protect your information:

SSL/TLS encryption for all data in transit
Encryption at rest for stored data
Regular security reviews and updates
Access controls and authentication requirements
PCI DSS compliance for payment data handled exclusively by Stripe

We do not sell your data. Your personal information and brand data are never sold to third parties.

Payment card data is never transmitted to or stored on our servers. All payment processing is handled by Stripe's PCI DSS Level 1 compliant infrastructure.

5. Third-Party Services

We use the following third-party services to operate 99Visibility:

Stripe — payment processor for payment processing, billing, tax compliance, and invoicing (PCI DSS compliant). Stripe collects payment information directly and acts as the seller of record for all transactions. See Stripe's Privacy Policy at https://stripe.com/privacy
Resend — Transactional email delivery
Supabase — Database and authentication
Vercel — Application hosting
OpenAI, Anthropic, Google, and Perplexity APIs — AI platform queries for brand audits

Important: When we run an audit, your brand name and keywords are sent as queries to third-party AI platforms. These queries are subject to each platform's own privacy policies. We do not share your personal information with AI platforms — only brand-related query text.

6. Cookies and Tracking

We use cookies in the following limited ways:

Essential cookies: Required for authentication and session management. These cannot be disabled.
Analytics cookies: Optional cookies used to understand how you interact with our service. These are only set with your consent.
Payment cookies: When you interact with Stripe's checkout overlay, Stripe may set essential cookies for payment processing, fraud prevention, and session management. These are necessary for completing transactions and cannot be disabled during checkout.

We do not use third-party advertising cookies. We do not participate in ad networks or sell data for advertising purposes.

7. Data Retention

We retain your data according to the following schedule:

Account data: Retained while your account is active.
After account deletion: Personal data is deleted within 30 days. Audit data is anonymized or deleted within 90 days.
Billing records: Retained as required by applicable tax and financial regulations.
Payment and invoice records: Stripe retains transaction records and invoices in accordance with applicable tax and financial regulations. You can access your invoices through the Stripe Customer Portal.

8. Your Rights (GDPR/CCPA)

Depending on your location and applicable laws, you have certain rights regarding your personal data. Below we outline the rights available to all users, as well as additional rights under GDPR and CCPA.

General Rights

All users of 99Visibility have the following rights:

Access personal data we hold about you
Correct inaccurate or incomplete data
Delete your account and associated data
Export your audit data in a portable format
Opt out of marketing emails at any time

Rights Under GDPR (European Economic Area)

If you are located in the European Economic Area (EEA), you have the following additional rights under the General Data Protection Regulation (GDPR):

Right of access (Article 15)
Right to rectification (Article 16)
Right to erasure (Article 17)
Right to data portability (Article 20)
Right to restriction of processing (Article 18)
Right to object to processing (Article 21)
Right to withdraw consent at any time

We will respond to GDPR requests within 30 days.

Rights Under CCPA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect and how it is used
Right to delete personal information
Right to opt-out of the sale of personal information — we do not sell your personal information
Right to non-discrimination for exercising your privacy rights

We will respond to CCPA requests within 45 days.

Payment Data Requests

For data related to your payment transactions, you may also contact Stripe directly at privacy@stripe.com. Stripe processes payment data as an independent data controller.

To exercise any of these rights, contact us at info@99visibility.com.

9. Children's Privacy

99Visibility is not directed at children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

10. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We use appropriate safeguards for international data transfers, including standard contractual clauses and other mechanisms recognized by applicable data protection authorities.

Stripe may process payment data in jurisdictions where their infrastructure is located. Stripe maintains appropriate data transfer mechanisms in compliance with applicable data protection laws.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay, as required by GDPR Article 34.

Breach notifications will include: the nature of the breach, categories and approximate number of individuals affected, likely consequences, and measures taken or proposed to address the breach.

12. Data Processing Agreement

Torch99 acts as the data controller for personal information collected through 99Visibility. We determine the purposes and means of processing your personal data.

Our service providers (Supabase, Vercel, Resend) act as data processors, processing data on our behalf under data processing agreements.

Stripe acts as an independent data controller for payment data it collects during checkout and subscription management. Stripe determines its own purposes and means for processing payment information.

A Data Processing Agreement (DPA) is available upon request for enterprise customers. Contact info@99visibility.com to request a DPA.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. For material changes, we will notify you via email at the address associated with your account. We encourage you to check this page regularly for the latest version of our Privacy Policy.

14. Contact Information

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: info@99visibility.com
Parent company: Torch99
For payment and billing privacy inquiries, you may also contact Stripe at privacy@stripe.com

Torch99 is the parent company of 99Visibility and is responsible for the processing of your personal data as described in this Privacy Policy.