helloAISearch

Privacy Policy

Effective May 9, 2026

This Privacy Policy explains what helloAISearch (operated by PulseSpark AI LLC) collects, why, and what control you have over it. It applies to helloaisearch.com and the helloAISearch web application.

What we collect

Account data: your email address and a hashed password (we never see the plaintext — Supabase Auth handles password storage).

Project data: the brand name, domain, brand aliases, industry, description, and tracked competitors you enter during onboarding or in Settings.

Prompts and scan results: the prompts you ask us to track and the responses returned by the AI engines we query on your behalf (ChatGPT, Claude, Gemini, Perplexity).

Billing data: processed by Stripe. We store the Stripe customer ID, subscription status, and last-payment-attempt status. We never see your full card number.

Operational telemetry: error reports (Sentry) and product analytics (PostHog) so we can fix bugs and improve the product. These are scoped to anonymized session IDs unless you are signed in, in which case we associate them with your account.

What we don't do

We don't train AI models on your data. We don't sell your data. We don't share it with third parties beyond the sub-processors listed below who help us operate the Service.

Sub-processors

We use the following sub-processors. They have signed Data Processing Agreements with us where applicable.

Vercel (US) — frontend hosting. Railway (US) — API and worker hosting. Supabase (US) — application database and authentication. OpenAI, Anthropic, Google, Perplexity (US) — LLM providers we query on your behalf. Stripe (US) — billing. Resend (US) — transactional email. Sentry (US) — error tracking. PostHog (US/EU) — product analytics.

Where data lives

Application data lives in Supabase Postgres in the US (region: us-west-1). We back up daily and retain rolling backups for 30 days. Data is encrypted at rest and in transit (TLS 1.2+).

How long we keep it

Your account data and project data are retained while your account is active and for 60 days after cancellation (the “grace period”), after which they are permanently deleted. Scan results older than 18 months may be aggregated into trend summaries to control storage cost. Email and Stripe records are retained for seven years for tax and regulatory compliance.

Your rights

Access and export: contact privacy@helloaisearch.com and we'll send a JSON export within 30 days. Correction: edit project data any time from Settings → Project. Deletion: request from Settings → Account or the same email; deletion runs after the 60-day grace period. Objection / restriction: if you're in the EEA, UK, or California, you have additional rights under GDPR/CCPA — we honor them. Just email us.

Cookies

We use a single first-party cookie to keep you signed in (set by Supabase Auth). We do not use third-party advertising cookies. PostHog uses a first-party cookie for analytics, which you can opt out of from Settings → Notifications.

Children

helloAISearch is a B2B product not directed at anyone under 16. We don't knowingly collect data from minors.

Changes

We'll update this policy as the product evolves. Material changes will be notified by email at least 14 days before they take effect.

Contact

General: hello@helloaisearch.com. Privacy and data requests: privacy@helloaisearch.com.