Privacy Policy

Refreshen is operated by Tommy Clarke, a sole-proprietor developer building a content-decay monitor for blogs. Contact: tommy@refreshen.io.

• Account info: your email address and (if you sign in with Google) your name and Google account ID.
• Site config: the domains you ask us to monitor, the sitemap URL, and the path patterns you select.
• Billing info: handled by Polar (their privacy policy). We never see your full card number.
• Email preferences: whether you want digest emails, your timezone, your unsubscribe state.
• Public-scan leads: if you used the free public-scan tool and entered an email, we store the email and scan token together so we can deliver the report.

When you add a site, RefreshenBot fetches publicly-accessible content from that domain. See /bot for what the crawler does. We store:

• Page URLs, titles, last-modified dates, and the HTML body (so we can re-analyse without re-fetching).
• Detected issues (e.g. "published in 2022, references ‘next year’"), with the surrounding sentence for context.
• Status codes for external links you reference (used and shared across customers — see "Sharing" below).

We only fetch what your robots.txt permits. If you change robots.txt to disallow us, the next scan respects it and surfaces a warning.

• To run scans, generate the issue list, and email you monthly digests.
• To bill you for your subscription.
• To investigate abuse reports filed under /report-scanning.
• To improve product quality (aggregate metrics: how many scans ran, average issue counts) — never identifying individual customers in any external communication.

We do not sell your data. We do not train AI models on customer content.

To run the product we send relevant data to these third parties. Each is bound by their own privacy policy, which you can review on their site:

• DeepSeek — page content (excerpts) for LLM analysis (temporal judging, topic extraction, link verification). The content we send is already publicly accessible on your site; DeepSeek processes it on their infrastructure to return classification results.
• Anthropic — used as a fallback LLM provider for the same analysis tasks if DeepSeek is unavailable or a specific task is overridden to Anthropic.
• Voyage AI — page content for embedding generation (used in internal-link suggestions).
• Resend — your email address for delivering digests, unsubscribe confirmations, and public-scan reports.
• Polar — your email and billing details for subscription management.
• Cloudflare Turnstile — challenge data for bot-protection on the public scan endpoint.
• Convex & Vercel — our backend and hosting providers (data is stored at rest on their infrastructure).
• Google — if you sign in with Google OAuth.

Aggregated link-cache sharing:when we check whether an external URL is broken, we cache the result (URL + HTTP status code, no user identifiers) and reuse it across all customers for up to 30 days. This is the only piece of data shared between tenants. The cache contains no personal data — it's just " https://example.com/foo returned 404 on 2026-05-01."

• Active accounts: we keep your data as long as your account is open.
• Deleted accounts: when you delete your account, we walk a deletion saga that removes pages, issues, scans, fact-claims, billing references, and finally the org itself. A thin archive record (email, org name, deletion date — no scanned content) is kept for 7 days for support purposes ("I deleted by mistake"), then hard-deleted.
• External link cache: not deleted on account deletion (see above; it contains no personal data).
• Public-scan results: cached for 7 days from first scan, then expired.

Under GDPR (and similar laws), you have the right to access, correct, export, or delete your personal data.

• Access & export: download a JSON snapshot of your data from Settings → Download your data.
• Delete: from Settings → Danger zone.
• Anything else (corrections, complaints): email tommy@refreshen.io and we'll respond within 30 days.

Refreshen is not intended for use by anyone under 16. We do not knowingly collect data from minors. If you believe a child has signed up, email us and we'll delete the account.

If we make material changes, we'll email account holders and update the "Last updated" date above. Continued use after changes constitutes acceptance.