Privacy Policy

Effective Date: May 12, 2026·Last Updated: May 23, 2026

1. Introduction

Analyst Zero is an AI growth analyst for early-stage startups. To deliver the Service, we collect a small set of information from you, generate written analyses called “reads,” and store the results so you can return to them. This policy explains what we collect, why, and the rights you have over it.

This policy applies to users worldwide and is intended to align with the principles of the General Data Protection Regulation (GDPR), the UK GDPR, and applicable US state privacy laws.

2. What Data We Collect

Account information

  • Email address (required for login)
  • If you sign in with Google: the name and profile image associated with your Google account
  • Authentication metadata (login timestamps, session tokens)

Business context you provide

  • The information you share during onboarding about your business
  • Anything you later add or edit in your memory vault

Data we read on your behalf

When you connect your Google Analytics 4 property, we use Google’s read-only Analytics scope to fetch the standard metrics and dimensions needed to produce your reads (such as sessions, conversions, channels, landing pages, and device or geography splits) over a recent time window.

If you also connect Google Search Console, we use Google’s read-only Search Console scope to fetch search performance data for the site you select (such as queries, clicks, impressions, and average position) over a recent time window.

We do not write to any property you connect. We do not access any Google service beyond the ones you explicitly connect.

Usage telemetry

  • Pages you visit in the app
  • Clicks on findings inside a read
  • Feedback you submit on individual findings (was this useful, was this wrong)
  • Errors and performance metrics needed to keep the app running

Billing information

If you upgrade to Pro, Stripe collects your payment method directly. We do not see or store your full card number. We receive limited metadata from Stripe (last four digits, card brand, billing country, subscription status) to manage your account.

3. How We Use Your Data

We use your data to:

  • Generate your reads, which involves sharing the relevant context with our AI subprocessor
  • Display your reads and the data you provide inside the app
  • Authenticate you and keep your account secure
  • Process payments and manage your subscription
  • Send transactional emails (login links, billing receipts, account notifications)
  • Improve the product through aggregate, anonymized analysis (for example, “what percentage of accounts hit the free-tier limit”). Individual user data is not used to develop unrelated features, and is never sold.
  • Respond to your support requests
  • Comply with legal obligations and enforce our Terms

We do not:

  • Sell your data to anyone
  • Share your data with advertisers
  • Submit your data for training third-party AI models
  • Profile you for purposes outside delivering the Service
  • Send you marketing emails without your explicit opt-in

Legal bases (GDPR / UK GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Contract. Most processing is necessary to provide the Service you signed up for.
  • Legitimate interest. Aggregate analytics, security monitoring, and product improvement.
  • Consent. Anything optional, such as marketing emails (when offered), where we will ask you first.
  • Legal obligation. Tax, accounting, and law enforcement requests where required.

4. Where Your Data Is Stored

Your data is stored with a third-party provider operating on commercial cloud infrastructure, and is encrypted in transit and at rest. If you are located in a jurisdiction with cross-border transfer rules (such as the EU or UK), your data may be processed outside your country of residence under the data-protection frameworks our providers maintain.

5. Third-Party Processors

We use a small set of third-party processors to operate the Service. Each one only receives the data needed to do its job.

CategoryRole
Database & authentication providerStores your account and the data you provide; handles login
AI inference providerGenerates your reads
Google (Analytics, Search Console)Source of the analytics and search data you connect
Payment processorBilling for the Pro tier (card details handled directly by the processor)
Hosting providerRuns the application
Transactional email providerSends login links, receipts, and account notifications

The full subprocessor list is available on request. Email us at support@analystzero.co if you need it for a vendor or procurement review.

Our AI subprocessor’s standard terms exclude API inputs and outputs from model training by default, and we do not opt in to any training-data program on your behalf.

We do not use Google Analytics or any third-party advertising tracker on the Analyst Zero app itself.

How Google user data flows through the Service

When you connect a Google service (Google Analytics, Google Search Console), the data we receive from Google (your metrics, dimensions, search performance data, and the OAuth credentials that grant read-only access) is treated as follows:

  • It is stored in our database and authentication provider for the duration of your active account, so we can render your past reads and read fresh data on your behalf.
  • The relevant portion (the metrics, dimensions, and search performance data for the property or site you selected) is sent to our AI inference provider to generate each read. The OAuth credentials themselves are never sent to the AI provider.
  • It is processed by our hosting provider as part of running the application servers that handle your requests.
  • It is not shared with any other party. We do not sell it, transfer it for advertising, or disclose it to anyone for purposes outside delivering the Service to you.
  • No employee or contractor reads your Google user data except for limited support, debugging, or operations work, and only when necessary.

You can revoke Google’s access at any time at https://myaccount.google.com/permissions. When you do, we lose the ability to read fresh data. Existing reads stored in your account remain visible until you delete them.

6. Your Rights

You have the following rights over your data. Several are formally guaranteed under regional privacy law (such as GDPR in the EU, UK GDPR, and CCPA / CPRA in California). We extend them to every user, regardless of where you live.

  • Access. You can view what we have on you. Most of it is visible inside the app (account, business context, memory vault, read history). For anything else, contact us.
  • Correction. You can edit your business context and memory vault directly in the app. For other corrections, contact us.
  • Deletion. You can request full account and data deletion by contacting us, and we will remove your records from our database. Backups containing your data are overwritten on our standard rotation.
  • Portability. You can export your memory vault contents at any time, in markdown format.
  • Restriction or objection. You can ask us to pause processing of your data while a question is resolved.
  • OAuth revocation. You can revoke our Google access (Analytics, Search Console, or both) at any time at https://myaccount.google.com/permissions, independent of your Analyst Zero account.
  • Withdraw consent. Where we rely on consent (for example, marketing communications, when offered), you can withdraw it at any time.
  • Lodge a complaint. EU and UK residents have the right to complain to their local data protection authority.

To exercise any of these rights, email support@analystzero.co. We respond within 30 days.

7. Data Retention

  • Active accounts. We retain your data for as long as your account is active.
  • Cancelled subscriptions. If you cancel your subscription but do not delete your account, your data stays in place so you can pick up where you left off. You can request deletion at any time.
  • Deleted accounts. If you request full account deletion, we remove your data from our active systems immediately. Backups containing your data are overwritten on our standard rotation, after which the data is gone.
  • Billing records. We retain billing records for the period required by applicable tax and accounting law, even after account deletion.
  • Legal holds. If we are required to preserve data for a legal proceeding, we will retain only what is required for that purpose.

8. Cookies and Tracking

We use the minimum number of cookies needed to run the Service:

  • Authentication session cookie. Set when you log in. Required for the app to know who you are.
  • Functional preferences. Small cookies or local storage entries that remember your settings within the app.

We do not set third-party advertising cookies. We do not use trackers from advertising networks. We do not sell or share data with ad-tech vendors.

9. Security

We protect your data with:

  • TLS encryption for all data in transit
  • Encryption at rest, provided by our infrastructure providers
  • Encrypted storage of authentication tokens
  • Access controls limiting which team members can view production data, and only when necessary for support, debugging, or operations
  • Regular security review of our application code

No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the relevant authorities within the timeframes required by law.

10. Children

The Service is not intended for users under 18 years old. We do not knowingly collect data from anyone in that age group. If we learn that we have collected data from a minor, we will delete it.

11. Changes to This Policy

We may update this policy as the product evolves. If we make material changes, we will notify you by email and post the updated policy in the app at least 30 days before it takes effect. Continued use of the Service after the effective date means you accept the updated policy.

The “Last Updated” date at the top of this policy reflects the most recent revision.

12. Contact

For privacy questions, data requests, or anything else covered by this policy:

support@analystzero.co