Skipbot
Back to home

Privacy Policy

Last Updated: March 2026Effective Date: March 1, 2026

Welcome to Skipbot. Skipbot, Inc. (“Skipbot,” “we,” “us,” or “our”) operates the AI Search Visibility Platform available at skipbot.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you:

  • Create an account: Name, email address, password (hashed), company name, job title
  • Subscribe to a plan: Billing name, billing address, payment method details (processed by our payment processor; we do not store full card numbers)
  • Configure brand tracking: Brand names, keywords, competitor names, website URLs, and other tracking parameters you set up
  • Contact us: Messages, inquiries, and support requests you submit via email or our support channels
  • Complete profile information: Profile photo, company size, industry, and other optional fields

2.2 Information We Collect Automatically

When you use the Service, we automatically collect certain technical and usage information, including:

  • Device and Connection Information: IP address, browser type and version, operating system, device identifiers, screen resolution
  • Usage Data: Pages visited, features used, click patterns, session duration, search queries within the Service, timestamps of activity
  • Log Data: Server logs, error reports, crash logs, performance data
  • Cookies and Tracking Technologies: Session identifiers, preference cookies, analytics identifiers (see Section 7 — Cookies)

2.3 Information from Third-Party Services

When you connect third-party accounts or use OAuth sign-in (such as Google), we may receive:

  • Basic profile information (name, email, profile picture) from the OAuth provider
  • Authentication tokens necessary to maintain your session

We do not receive your password from third-party OAuth providers.

2.4 Information from AI Search Engines and Social Platforms

As part of the Service, we collect and process publicly available data from:

  • AI Search Engines: ChatGPT (OpenAI), Perplexity, Google Gemini, Claude (Anthropic) — we query these services to track brand mention visibility
  • Social Platforms: Reddit, Quora, and Facebook — we monitor publicly accessible conversations, threads, and posts relevant to your configured brand keywords

This data relates to your brand's public presence and does not include private communications or personal data of third parties beyond what is publicly available through official APIs and public interfaces.

3. How We Use Your Information

3.1 Providing and Operating the Service

  • Creating and managing your account
  • Processing subscription payments and managing billing
  • Executing AI search visibility tracking and reporting
  • Delivering social listening insights and alerts
  • Sending scheduled reports and notifications you have configured

3.2 Improving the Service

  • Analyzing usage patterns to improve product features and user experience
  • Identifying and fixing bugs, performance issues, and security vulnerabilities
  • Conducting internal research and analytics to develop new features
  • Training and improving our internal models and algorithms (using anonymized, aggregated data only)

3.3 Communications

  • Sending transactional emails: account confirmations, invoices, alerts, password resets
  • Sending product updates, new feature announcements, and service notices
  • Responding to support requests and inquiries
  • Sending marketing communications (where you have consented or where permitted by applicable law)

3.4 Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our Terms of Service and other agreements
  • Protecting the rights, property, and safety of Skipbot, our users, and the public
  • Preventing fraud, abuse, and security incidents

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Processing PurposeLegal Basis
Account creation and service deliveryPerformance of a contract (Art. 6(1)(b) GDPR)
Payment processingPerformance of a contract (Art. 6(1)(b) GDPR)
Service improvement and analyticsLegitimate interests (Art. 6(1)(f) GDPR)
Marketing communicationsConsent (Art. 6(1)(a) GDPR) or legitimate interests
Legal complianceLegal obligation (Art. 6(1)(c) GDPR)
Fraud prevention and securityLegitimate interests (Art. 6(1)(f) GDPR)

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your data protection rights and interests.

5. How We Share Your Information

We do not sell your personal data. We share information only in the following circumstances:

5.1 Service Providers and Subprocessors

We share data with trusted third-party vendors who process data on our behalf, including:

  • Cloud Infrastructure: Vercel (hosting), database providers
  • Payment Processing: Stripe or equivalent (payment handling; subject to their own privacy policy)
  • Email Delivery: Transactional email providers (e.g., SendGrid, Postmark)
  • Analytics: Analytics service providers (anonymized data)
  • Customer Support: Help desk and ticketing tools
  • AI Services: OpenAI, Anthropic, Google, Perplexity APIs (used to perform brand queries; your brand keywords are transmitted to these services as part of the tracking function)

All subprocessors are contractually required to protect your data and may not use it for any purpose other than providing services to us.

5.2 Business Transfers

If Skipbot undergoes a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service prior to such a transfer.

5.3 Legal Requirements

We may disclose your information if required by law, regulation, court order, or governmental authority, or if we believe disclosure is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of Skipbot
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users or the public

5.4 With Your Consent

We may share information with third parties when you have given us explicit consent to do so.

6. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data CategoryRetention Period
Account dataDuration of account + 90 days after deletion request
Billing records7 years (legal and tax compliance)
Usage and activity logs24 months
Support communications3 years
Brand tracking data and reportsDuration of subscription + 90 days
Marketing consent recordsUntil consent is withdrawn + 3 years

When you delete your account, we will delete or anonymize your personal data within 90 days, except where retention is required for legal compliance, fraud prevention, or dispute resolution.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. For detailed information about the cookies we use, please see our Cookie Policy.

Summary of cookies used:

  • Essential cookies: Required for login sessions, CSRF protection, and core functionality
  • Analytics cookies: Help us understand how users interact with the Service
  • Functional cookies: Remember your preferences and settings
  • Marketing cookies: Used to deliver relevant advertisements (where applicable)

You can control cookie preferences through your browser settings or our cookie consent manager. Note that disabling certain cookies may affect Service functionality.

8. Your Privacy Rights

8.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”)
  • Right to Restriction (Art. 18): Request that we restrict processing of your data
  • Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority

8.2 Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information (subject to certain exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information. To opt out of sharing for cross-context behavioral advertising, contact us at legal@skipbot.com
  • Right to Limit Use of Sensitive Personal Information: Request that we limit the use and disclosure of sensitive personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise your CCPA rights, submit a verifiable consumer request to legal@skipbot.com. We will respond within 45 days (extendable by an additional 45 days with notice).

8.3 Exercising Your Rights

To exercise any of the rights described above, please contact us at:

Email: legal@skipbot.com
Subject Line: Privacy Rights Request

We may need to verify your identity before processing your request. We will respond within 30 days for GDPR requests and 45 days for CCPA requests.

9. Data Security

We implement and maintain appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Encryption at Rest: Sensitive data is encrypted at rest using industry-standard encryption
  • Access Controls: Role-based access controls and the principle of least privilege limit access to personal data
  • Authentication: Multi-factor authentication options for account access
  • Monitoring: Continuous security monitoring and intrusion detection systems
  • Vendor Assessment: Security assessments of third-party subprocessors
  • Incident Response: A documented incident response plan for security breaches

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. If you believe your account has been compromised, contact us immediately at legal@skipbot.com.

Data Breach Notification: In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and relevant regulatory authorities as required by applicable law (within 72 hours for GDPR authorities; as required by applicable state laws for US residents).

10. International Data Transfers

Skipbot is based in the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers to third countries
  • Data Processing Agreements: With all subprocessors that may receive EEA personal data

By using the Service, you consent to the transfer of your information to the United States and other countries, which may have different data protection laws than your country of residence.

11. Children's Privacy

The Service is not directed to, and we do not knowingly collect personal data from, children under the age of 16. If you are under 16 years old, you may not use the Service.

If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will take steps to delete that information as soon as possible. If you believe we may have information from or about a child under 16, please contact us at legal@skipbot.com.

12. Third-Party Links and Services

The Service may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our Service.

We are not responsible for the privacy practices, content, or security of third-party services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this policy
  • Notify you via email (to the address associated with your account)
  • Display a prominent notice on the Service

We encourage you to review this Privacy Policy periodically. Continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

14. Data Protection Officer

While Skipbot is not currently required to appoint a formal Data Protection Officer, we have designated a privacy contact for data protection matters:

Privacy Contact: legal@skipbot.com

For EEA/UK residents who wish to contact our EU representative or lodge a formal complaint with a supervisory authority, please contact us at the email above and we will provide the appropriate contact information.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Skipbot, Inc.
Email: legal@skipbot.com
Website: skipbot.com

For formal legal notices, please include “LEGAL NOTICE” in the subject line.