Blog Factory
Get started

Privacy Policy

Last updated: 25 April 2026

Indexa (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under applicable data protection laws including GDPR.

1. Information we collect

  • Account data: When you create an account, we collect your email address, name, and password (hashed).
  • Usage data: We collect information about how you use the platform — pages visited, features used, articles generated — to improve the product.
  • Content data: Articles, keywords, and website configurations you create and store in Indexa.
  • Billing data: Payment is processed by Stripe. We do not store your card number. We store your Stripe customer ID and subscription status.
  • Log data: IP addresses, browser type, and access timestamps for security and debugging purposes.

2. How we use your data

  • To provide and improve the Indexa service.
  • To send transactional emails (account confirmation, password reset, billing receipts).
  • To detect and prevent fraud, abuse, and security incidents.
  • To analyse aggregate usage patterns and improve product features.
  • We do not sell your personal data to third parties.

3. Data sharing

  • Supabase: Our database and authentication provider (EU region).
  • Stripe: Payment processing. Subject to Stripe's privacy policy.
  • OpenAI: Article generation. Prompts and content are sent to OpenAI's API. Subject to OpenAI's data usage policies.
  • Vercel: Hosting and infrastructure. Subject to Vercel's privacy policy.
  • We do not share your data with advertisers or data brokers.

4. Data retention

  • Account data is retained for as long as your account is active.
  • If you delete your account, your personal data and content are deleted within 30 days.
  • Billing records are retained for 7 years as required by law.
  • Log data is retained for 90 days.

5. Your rights

  • Access: Request a copy of your personal data.
  • Correction: Update or correct inaccurate data.
  • Deletion: Request deletion of your account and data.
  • Portability: Export your articles and data in machine-readable format.
  • Objection: Object to certain processing of your data.
  • To exercise these rights, contact us at privacy@indexa.so.

6. Cookies

  • We use strictly necessary cookies for authentication and session management.
  • We use analytics cookies (if you consent) to understand how users interact with the platform.
  • We do not use advertising or tracking cookies.

7. Security

  • All data is encrypted in transit (TLS 1.3) and at rest.
  • Passwords are hashed using bcrypt.
  • We conduct regular security reviews and follow OWASP best practices.
  • In the event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR.

8. Contact

  • For privacy-related inquiries, contact: privacy@indexa.so
  • Indexa is operated by Indexa SAS.