Privacy Policy

1. Who we are

hurly is an AI-powered website audit platform operated by Flight Consultancy Ltd, based in Auckland, New Zealand. We provide SEO, GEO (Generative Engine Optimisation), and CRO audit services to business owners worldwide.

If you have any questions about this policy, contact us at hello@hurly.studio.

2. What information we collect

We collect the following information when you use hurly:

• Website URLs — the URLs you submit for auditing. These are crawled by our systems to generate your report.
• Account information — if you create an account, we collect your name and email address.
• Audit results — the scores, findings, and recommendations generated for your website are stored in our database.
• Payment information — if you purchase a paid plan, payment details are processed by Stripe. We do not store your card details.
• Usage data — we collect anonymised analytics data about how you use the platform (pages visited, features used) to improve the product.

3. How we use your information

• To generate and deliver your website audit report
• To send transactional emails (audit complete, changes deployed) via Resend
• To process payments and manage your subscription via Stripe
• To improve the accuracy and quality of our audit engine
• To contact you about your account or our service if necessary

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

4. Third-party services

We use the following third-party services to operate hurly:

• Supabase — database and authentication. Your account data and audit results are stored on Supabase servers (US region).
• Anthropic (Claude API) — AI analysis of your website content. Page content is sent to Anthropic's API for processing. Anthropic's privacy policy applies to this data.
• Firecrawl — website crawling service. Your submitted URL is crawled by Firecrawl to extract page content.
• Resend — transactional email delivery. Your email address is shared with Resend solely for sending audit reports and account notifications.
• Stripe — payment processing. Stripe processes and stores your payment information under their own privacy policy.
• Vercel — hosting and infrastructure. Our application is hosted on Vercel's servers.

5. Data retention

We retain your audit reports and account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

Anonymous audit data (with personal details removed) may be retained indefinitely to improve our audit engine.

6. Your rights

Under the New Zealand Privacy Act 2020, you have the right to:

• Request access to the personal information we hold about you
• Request correction of any inaccurate personal information
• Request deletion of your personal information
• Withdraw consent for marketing communications at any time

If you are located in the European Union, you also have rights under the GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, email us at hello@hurly.studio.

7. Cookies

We use essential cookies only — these are required for the platform to function (session management, authentication). We do not use advertising or tracking cookies. Analytics data is collected in an anonymised, aggregate form.

8. Security

We take reasonable steps to protect your personal information from unauthorised access, disclosure, or loss. All data is transmitted over HTTPS. Access to our database is restricted and protected by row-level security.

9. Changes to this policy

We may update this policy from time to time. When we make significant changes, we will notify you by email or by displaying a notice in the platform. Continued use of hurly after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests, contact us at: