ClimbrIQ
Start free

Privacy Policy

Last updated: 20 March 2026

1. Who We Are

ClimbrIQ is operated by Think Commerce Ltd, a company registered in England and Wales. We are the data controller for personal data collected through this service.

For data protection enquiries, please contact us at privacy@climbriq.com.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: email address, full name (optional), password (hashed and managed by Supabase Auth)
  • Brand data: brand name, website URL, description, target audience, competitors, and location — provided by you
  • Usage data: module runs, article generations, session activity
  • Billing data: subscription status, Paddle customer ID (payment details are handled directly by Paddle and not stored by us)
  • Technical data: IP address, browser type, device type, and cookies

3. How We Use Your Data

We use your data to:

  • Provide, operate, and improve ClimbrIQ
  • Authenticate your account and protect against unauthorised access
  • Process payments and manage your subscription
  • Generate AI-powered SEO analysis using your brand data
  • Send transactional emails (account, billing, password reset)
  • Comply with legal obligations

Our lawful basis for processing is contract performance (to provide the service you signed up for), legitimate interests (security, fraud prevention, service improvement), and legal obligation where required.

4. Third-Party Services

We use the following third-party processors:

  • Supabase — Database and authentication. Your account data and brand data is stored in Supabase. Supabase processes data in accordance with GDPR.
  • Anthropic — AI processing. Your brand data (name, URL, description, competitors) is sent to the Anthropic API to generate SEO analysis. Anthropic processes this data under their API terms. We do not send personally identifiable information (email, name) to Anthropic.
  • Paddle — Payment processing. Paddle handles all payment card data. We store only your Paddle customer ID and subscription status.
  • Resend — Transactional email delivery. We use Resend to send account-related emails. Only your email address is shared with Resend for delivery purposes.
  • Vercel — Hosting and infrastructure. Our application is hosted on Vercel's infrastructure.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account:

  • Account and profile data: deleted within 30 days
  • Brand data and module runs: deleted within 30 days
  • Billing records: retained for 7 years to comply with UK financial regulations

6. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data
  • Erasure: request deletion of your data (“right to be forgotten”)
  • Restriction: restrict how we process your data
  • Portability: receive your data in a machine-readable format
  • Objection: object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@climbriq.com. We will respond within 30 days.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.

7. Cookies

We use cookies for authentication (session cookies managed by Supabase Auth) and to remember your preferences. We do not use third-party advertising or tracking cookies. See our Cookie Policy for details.

8. International Transfers

Some of our third-party processors (Anthropic, Vercel) are based in the United States. Data transfers are protected by standard contractual clauses (SCCs) or equivalent safeguards in accordance with UK GDPR.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice in the application. The date at the top of this page indicates when this policy was last updated.