📊 What Data We Collect
When you use PageScorch, we collect:
- •Account info: Name and email — entered directly or provided via Google Sign-In. Passwords are hashed using bcrypt; Google-only accounts have no stored password.
- •Landing pages: URLs you submit for analysis
- •Usage: Analysis count, timestamps
- •Payment: Handled by PayPal or Razorpay (card details never stored locally)
- •Device: Browser type, IP address
🔑 Google Sign-In
You can create or access your PageScorch account using Google Sign-In. When you do, Google shares the following with us:
- •Your name — used as your display name on the account
- •Your email address — used to identify your account and send service emails
- •Email verification status — used to confirm your email is valid without requiring a separate verification step
We do not receive or store your Google password, Google contacts, Google Drive files, or any other Google data beyond the above. We do not make calls to any Google API on your behalf after sign-in.
You can revoke PageScorch's access to your Google account at any time from your Google Account permissions page. Revoking access does not delete your PageScorch account — contact us if you also want the account removed.
📱 Social Media Platform Integrations
PageScorch connects to Facebook, Instagram, X (Twitter), and LinkedIn to publish
pre-approved posts to your own accounts. When you connect a platform, we store your
OAuth access token and (where applicable) refresh token — encrypted with AES-256-GCM
at rest — to authenticate API calls on your behalf. We also store your account or
Page ID to identify where content is published.
We access only the minimum permissions required:
| Platform |
Data we store |
What we do with it |
| Facebook |
Encrypted Page access token, Facebook Page ID |
Publish posts to your Facebook Page |
| Instagram |
Encrypted Page access token (shared with Facebook), Instagram Business account ID |
Publish posts to your Instagram Business account |
| X (Twitter) |
Encrypted access token + refresh token, expiry timestamp |
Publish tweets to your X account |
| LinkedIn |
Encrypted access token + refresh token, expiry timestamp |
Publish posts to your LinkedIn profile |
We do not read your posts, timeline, followers,
messages, or contacts on any platform. We do not follow or unfollow users, send
direct messages, or access any other user's data.
You can revoke access at any time by:
- →Disconnecting the platform from within the PageScorch dashboard
- →Revoking app permissions directly from each platform's security settings (Facebook Settings → Apps and Websites, X Settings → Connected Apps, LinkedIn Settings → Permitted Services)
🎯 Why We Collect It
- →Provide accurate analysis
- →Manage your account
- →Process payments
- →Improve our service
- →Prevent fraud
🔒 How We Protect Your Data
- ✓HTTPS/TLS: Encryption in transit
- ✓AES Encryption: Data at rest
- ✓Hashed passwords: Using bcrypt
- ✓Secure tokens: Authentication
- ✓Regular audits: Security reviews
🍪 Cookies & Tracking
We use minimal cookies:
- •Session: Keep you logged in
- •Preference: Remember your settings
- •Analytics: Anonymized, no tracking
No advertising cookies or behavioral tracking.
👤 Your Rights
You have full control:
- →Access: Get a copy of your data
- →Correction: Fix incorrect info
- →Deletion: Delete your account
- →Export: Download your analysis reports
- →Opt-out: Stop communications
🚫 We Never Share Your Data
We don't sell your data. We only share with partners who help us operate:
- •PayPal / Razorpay: Payment processing
- •Cloud host: Data storage
- •Law only: If required with warrant
🤖 AI Processing & Data Sub-Processors
To generate your landing page analysis, we transmit the following data to OpenAI via their secure API: uploaded page screenshots and extracted visible page text from URLs you submit.
OpenAI does not use data submitted through their API to train or improve their models unless we explicitly opt in to data sharing. Your page content is processed for your analysis only. Standard OpenAI API abuse-monitoring retention may still apply unless our OpenAI organization has approved data-retention controls enabled. See OpenAI's API data usage policy at platform.openai.com/docs/guides/your-data for full details.
ChatGPT / GPT Action integration: PageScorch is available as a Custom GPT Action inside ChatGPT. When you use the PageScorch GPT in ChatGPT, ChatGPT sends your URL and any optional context (niche, page goal, audience) to the PageScorch API on your behalf. PageScorch then processes the request using the same AI pipeline described above. We do not receive your ChatGPT account identity or conversation history — only the fields you explicitly provide to the GPT. Usage via the ChatGPT integration is subject to both this Privacy Policy and OpenAI's ChatGPT usage policies.
For agencies working under client NDAs: only submit pages you are authorized to analyze. If a stricter retention arrangement is required, contact us before submitting confidential material so we can confirm the active data-retention controls for the project.
Sub-processors used by this service:
| Sub-processor |
Purpose |
Data shared |
| OpenAI |
AI analysis engine |
Page screenshots, extracted page text |
| OpenAI (ChatGPT GPT Action) |
Routing requests from the PageScorch GPT in ChatGPT |
URL submitted, optional niche / page goal / audience context |
| PayPal |
International payment processing |
Name, email, transaction amount |
| Razorpay |
India/South Asia payment processing |
Name, email, transaction amount |
| Meta (Facebook & Instagram) |
Social media publishing |
Encrypted page access token; published post content |
| X Corp (Twitter) |
Social media publishing |
Encrypted access token; published tweet content |
| LinkedIn |
Social media publishing |
Encrypted access token; published post content |
📧 Contact Us
Questions about your privacy?
Policy effective May 2026. We update it regularly.