Last updated: April 4, 2026

Privacy Policy

1. Data Controller

ProdPoke is the data controller for personal data collected through this service. For questions or requests, contact us at [email protected].

2. Data We Collect

When you use ProdPoke, we collect:

  • Email address — provided during registration, used for authentication and communication.
  • URLs you test — the web addresses you submit for testing.
  • Test results — screenshots, findings, console logs, and network activity captured during testing.
  • Usage data — session counts, credits used, and interaction patterns to improve the service.

3. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

  • Contractual necessity — processing your email and test data is necessary to provide the testing service you requested.
  • Legitimate interest — usage analytics to improve service quality and detect abuse.
  • Consent — for optional communications beyond transactional emails.

4. How We Use Your Data

  • To provide and improve the testing service
  • To generate test reports and findings
  • To authenticate your account
  • To send transactional emails (verification, receipts)
  • To improve our AI analysis accuracy

We do not sell your data to third parties. We do not use your tested websites' content for advertising.

5. Third-Party Services

ProdPoke uses the following third-party data processors:

  • Anthropic (Claude API) — for AI-powered page analysis. Screenshots of tested pages are sent to Anthropic for analysis. Anthropic processes this data under their data processing terms and does not use it for model training.
  • Resend — for sending transactional emails (verification links, notifications). Your email address is shared with Resend for delivery purposes only.
  • Cloudflare — for DNS, CDN, and access control. Cloudflare may process your IP address for security and performance purposes.
  • Stripe — for payment processing (when available). We do not store your payment details.
  • Google Analytics — for understanding how visitors use our website (page views, navigation patterns). Only enabled if you accept analytics cookies. IP addresses are anonymized. You can opt out at any time by clearing your cookie preferences.

Fonts are self-hosted and served from our own domain. No data is sent to Google for font loading.

6. Data Retention

Test results (screenshots, findings, reports) are retained for 90 days after the test session, then automatically deleted. Account data is retained until you delete your account. Credit transaction records are retained for accounting purposes until account deletion.

7. Cookies

We use two categories of cookies:

  • Essential (always active) — a single authentication cookie (HttpOnly, Secure, SameSite: Lax). Required for the service to function.
  • Analytics(opt-in only) — Google Analytics cookies, set only if you click "Accept all" on the cookie banner. These help us understand how people use ProdPoke. IP addresses are anonymized. You can withdraw consent at any time by clearing your browser cookies.

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data — available via account data export
  • Rectification — request correction of inaccurate data
  • Erasure — delete your account and all associated data
  • Data portability — export your data in a machine-readable format (JSON)
  • Withdraw consent — for any processing based on consent
  • Lodge a complaint — with your local data protection authority

You can exercise your rights to data export and account deletion directly from your account settings. For other requests, email us at [email protected]. We will respond within 30 days.

9. International Transfers

Your data may be processed in the United States by our third-party processors (Anthropic, Cloudflare). These transfers are governed by appropriate safeguards including standard contractual clauses.

10. Security

We use industry-standard security measures including encrypted connections (HTTPS), HttpOnly secure cookies, and access controls. However, no system is 100% secure, and we cannot guarantee absolute security of your data.

11. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. The "last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or data requests, email us at [email protected].