NavigateThe ProblemSolutionsResultsAbout UsHow It WorksWhat We Do DifferentlyAutomationsBlogPricingContact
ServicesAI Audit

Privacy Policy

Last updated: 5 April 2026

1. Who We Are

FlinnSchema is operated by Flinn G Evans, an AI visibility and automation consultant based in Kent, United Kingdom. We are the data controller for the personal data processed through this platform. For any privacy-related enquiries, contact us at admin@flinnschema.com.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Website URL
  • Encrypted password (we never store plaintext passwords)

Audit Data

When we audit your website, we collect publicly available information from your site, including:

  • Page HTML content, meta tags, and structured data (JSON-LD)
  • Robots.txt, sitemap.xml, and llms.txt file contents
  • Publicly listed reviews from Trustpilot, Google Places, Feefo, and Reviews.io
  • Page performance metrics and internal link structure
  • Individual page scores from site-wide crawl analysis

This data is used solely to generate your audit report and is stored securely in our database.

LLM Test Data

When you run LLM prompt tests (premium feature), we send your business name, website URL, industry, and location to AI search engine APIs. The responses from these engines are stored in our database as part of your report, including whether your business was mentioned and the type of mention. AI-generated verification classifications are also stored.

Blog Request Data

When you use the self-blog feature, we store your industry, selected questions, and request status. Blog post topics are generated via OpenAI using your industry and business context.

Payment Information

Payments are processed by Stripe. We do not store your credit card details. Stripe handles all payment data in accordance with PCI DSS standards. We store only the Stripe session ID, payment confirmation, subscription status, billing period dates, and the email associated with the payment.

Funnel & Usage Analytics

When you visit our landing pages, we collect:

  • Page view events (which page, timestamp)
  • Referrer URL (where you came from)
  • User agent string (browser and device type)
  • A one-way hash of your IP address (we do not store raw IP addresses — the hash uses SHA-256 with a salt and is truncated to prevent reversal)

We also use Google Analytics (ID: G-5VX5SD7MCY) to understand how visitors interact with our website. This includes anonymised data such as pages visited, time on site, and device type. You can opt out of Google Analytics by using a browser extension or ad blocker.

Browser Storage

We store data in your browser’s localStorage for functionality purposes:

  • Authentication session — keeps you logged in between visits
  • Roadmap progress — tracks which implementation tasks you’ve marked as complete
  • LLM dispute flags — remembers which test results you’ve disputed

This data is stored only in your browser and is not transmitted to our servers.

3. How We Use Your Information

  • To provide the Service: Running audits, generating reports, processing payments, managing subscriptions
  • To enforce quotas: Tracking LLM test counts and blog post requests per billing period
  • To improve the Service: Understanding usage patterns via analytics and fixing issues
  • To communicate: Sending account-related emails (confirmation, password reset)
  • For case studies: With your consent, we may publish a case study about your AI visibility improvements

We will never sell your personal data to third parties.

4. Data Sharing

We share data only with the following third-party services, strictly to operate the platform:

  • Supabase — Database and authentication hosting
  • Stripe — Payment and subscription processing
  • Vercel — Application hosting and serverless functions
  • OpenAI — ChatGPT LLM testing (Responses API with web search), blog topic generation (GPT-4o-mini)
  • Anthropic — AI verification classifier (Claude Haiku) to validate LLM test results
  • Perplexity — LLM testing (Sonar model with search)
  • Google — Gemini LLM testing (with Google Search grounding), Google Places API for review data, Google Analytics
  • xAI — Grok LLM testing (Grok-3 with web search)

For LLM testing, your business name, website URL, industry, and location are included in the prompts sent to these APIs. No other personal data is shared.

5. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Audit data & reports: Retained for the lifetime of your account to enable score tracking and history.
  • LLM test results: Retained for the lifetime of your account. Previous results are replaced when you run a new test on the same audit.
  • Funnel analytics: Retained for up to 12 months, then aggregated or deleted.
  • Payment records: Retained for 7 years for accounting and legal compliance.
  • Blog requests: Retained for the lifetime of your account.

6. Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your data (“right to be forgotten”)
  • Portability — Request your data in a machine-readable format
  • Object — Object to processing of your data for specific purposes
  • Restrict — Request restricted processing of your data
  • Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email admin@flinnschema.com. We will respond within 30 days. For more detail on your rights and how to exercise them, see our GDPR Compliance page.

7. Cookies & Local Storage

We use:

  • Essential cookies: Supabase authentication cookies to keep you logged in
  • Analytics cookies: Google Analytics cookies for anonymised usage data
  • LocalStorage: Authentication session persistence, roadmap task completion, LLM dispute flags

No advertising or tracking cookies are used. You can manage cookies through your browser settings. Clearing localStorage will log you out and reset your roadmap progress.

8. Security

We take reasonable measures to protect your data, including:

  • HTTPS encryption on all pages
  • Encrypted password storage (bcrypt via Supabase Auth)
  • Row-level security on all database tables
  • Server-side quota enforcement for premium features
  • API keys stored as environment variables, never exposed to the browser
  • Stripe webhook signature verification for payment events
  • IP address hashing (SHA-256 with salt) — raw IPs are never stored

9. International Data Transfers

Our hosting and data processing infrastructure includes services based in the US (Vercel, Supabase, Stripe, OpenAI, Anthropic, Perplexity, xAI) and globally (Google). Where data is transferred outside the UK, we rely on standard contractual clauses and the data protection measures implemented by each provider.

10. Children

The Service is not intended for users under 18. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email. The “last updated” date at the top reflects the most recent revision.

12. Contact

For privacy-related enquiries or to exercise your data rights:

Email: admin@flinnschema.com
Location: Kent, United Kingdom

Back to Home