← Back to Home

Privacy Policy

Last updated: January 15, 2026

Roast by AI is operated by Flatfish Software Solutions, based in The Netherlands. We are committed to protecting your privacy and handling your data in an open and transparent manner.

1. Data Controller

The data controller responsible for your personal data is:

Roast by AI
A product by Flatfish Software Solutions
The Netherlands
Email: hello@roastbyai.com

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Account Information

  • Email address (required for account creation)
  • Name (as provided during registration)
  • Password (stored securely using industry-standard hashing)
  • Organization name (if you create an organization)

2.2 Project and Analysis Data

  • Website URLs you submit for analysis
  • Analysis results and scores
  • Project names and organization settings

2.3 Website Crawl Data

When analyzing websites, we collect technical data including:

  • HTML content and page metadata
  • Screenshots (desktop and mobile)
  • Performance metrics from PageSpeed Insights
  • Accessibility and SEO data

2.4 API Usage Data

For API users, we log:

  • API endpoints accessed
  • Request timestamps and response times
  • IP address
  • User agent information

2.5 Payment Information

Payments are processed by our payment provider, Polar. We do not store credit card numbers or bank account details. We only store transaction references and subscription status.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  • Contract performance: Processing necessary to provide our services to you
  • Legitimate interests: Improving our services, preventing fraud, and ensuring security
  • Legal obligations: Compliance with applicable laws and regulations
  • Consent: Where you have given explicit consent for specific processing activities

4. Third-Party Data Sharing

We share data with the following third-party services to provide our functionality:

Service Purpose Data Shared
OpenAI AI-powered website analysis Website content and metadata
Google PageSpeed Insights Performance metrics Website URLs
Polar Payment processing Billing information, email
Google Analytics Website analytics Usage data, device info, IP address (anonymized)

5. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfill the purposes described in this policy:

  • Account data: Retained while your account is active
  • Project and analysis data: Retained while your account is active
  • API logs: Retained for 90 days for security and debugging purposes
  • After account deletion: Data is permanently deleted within 30 days

6. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to restrict processing: Request limitation of data processing
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at hello@roastbyai.com.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (for OpenAI and Google services). These transfers are protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing
  • Access controls and authentication
  • Regular security assessments

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Roast by AI
A product by Flatfish Software Solutions
Email: hello@roastbyai.com

12. Supervisory Authority

If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.