Privacy Policy

Last updated: March 21, 2026

1. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, and password when you register.
  • Usage Data: URLs you submit for scanning, audit results, and how you interact with our Service.
  • Payment Information: Billing details processed securely through Stripe. We do not store your credit card information on our servers.
  • Technical Data: IP address, browser type, device information, and cookies for session management and analytics.

2. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To process your transactions and manage your subscription.
  • To send you important service updates, security alerts, and support messages.
  • To analyze usage patterns and improve the user experience.
  • To detect and prevent fraud, abuse, and security incidents.

3. Data Sharing

We do not sell your personal information. We may share data with trusted third-party service providers who assist in operating the Service (e.g., Stripe for payments, hosting providers). These providers are bound by confidentiality obligations.

4. Data Retention

We retain your account information and audit history for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us. Audit data may be retained in anonymized form for analytical purposes.

5. Third-Party Services

We use the following third-party service providers to operate and improve the Service. These providers may process certain data on our behalf in accordance with their own privacy policies:

  • VercelApplication Hosting & Deployment

    Hosts our web application and handles serverless function execution. May process IP addresses, request headers, and access logs.

  • Neon (Neon Tech Inc.)Database Hosting

    Provides our PostgreSQL database infrastructure. Stores account information, audit results, and subscription data in encrypted, secure cloud databases.

  • StripePayment Processing

    Handles all payment transactions, subscription billing, and invoicing. Stripe processes your payment card details directly — we never store your full card information on our servers.

  • Anthropic (Claude AI)AI-Powered Analysis

    Powers advanced compliance analysis and appeal letter generation. Publicly available website content submitted for scanning may be processed by Anthropic's AI models. No personal account data is shared with Anthropic.

6. Cookies

We use essential cookies for session management and authentication. We may also use analytics cookies to understand how users interact with the Service. You can control cookie preferences through your browser settings.

7. Security

We implement industry-standard security measures to protect your data, including encryption in transit (SSL/TLS), secure password hashing, and access controls. However, no method of electronic transmission or storage is 100% secure.

8. GDPR Compliance (European Economic Area)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). Seven Star Digital LLC acts as the data controller for your personal data.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you signed up for (account management, audits, billing).
  • Legitimate Interest: Processing for fraud prevention, security, service improvement, and analytics, where our interests do not override your rights.
  • Consent: Where you have given explicit consent for specific processing activities, such as marketing communications. You may withdraw consent at any time.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

Your GDPR Rights

Under the GDPR, you have the right to:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction: Request that we limit how we process your data in certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests, including profiling.
  • Right to Withdraw Consent: Withdraw previously given consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority in your country of residence.

International Data Transfers

Your personal data may be transferred to and processed in the United States, where our servers and service providers are located. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.

Data Protection Officer

For GDPR-related inquiries, you may contact us at support@gmcauditpro.com. We will respond to all legitimate requests within 30 days.

9. CCPA Compliance (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information:

  • Identifiers: Name, email address, IP address, account ID.
  • Commercial Information: Subscription plan, transaction history, URLs submitted for auditing.
  • Internet Activity: Browsing history on our Service, interactions with our platform, audit results.
  • Professional Information: Business name and website URL associated with your account.

Your CCPA Rights

As a California resident, you have the right to:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, completing transactions).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing, quality, or service levels.
  • Right to Limit Use of Sensitive Information: We do not collect or process sensitive personal information as defined under the CCPA/CPRA.

How to Exercise Your Rights

To submit a verifiable consumer request, contact us at support@gmcauditpro.com. You may also designate an authorized agent to make a request on your behalf. We will verify your identity before processing any request and respond within 45 days, with a possible 45-day extension if necessary.

Do Not Sell or Share

Seven Star Digital LLC does not sell personal information and has not sold personal information in the preceding 12 months. We do not share personal information for cross-context behavioral advertising purposes.

Financial Incentive Programs

We do not offer financial incentive programs that require the collection of personal information.

10. Your General Rights

Regardless of your location, you may:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict processing of your data.
  • Export your data in a portable format.

To exercise these rights, contact us at support@gmcauditpro.com.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 16 (or under 13 in the United States), we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use after changes constitutes acceptance.

13. Contact

For privacy-related questions or requests, contact us at:

Seven Star Digital LLC
30 N Gould St, Ste N
Sheridan, WY 82801
support@gmcauditpro.com

Back to Home