Skip to main content
← Back to Surven

Privacy Policy

Last updated: 2026-06-05

What we collect

We collect the email address you sign up with, the business details you enter (name, industry, location, competitors), and the scan results we generate when querying AI tools on your behalf. We also use PostHog for product analytics: anonymous, cookieless usage data (pageviews and interactions) for everyone, plus full analytics and session replay only if you've accepted analytics cookies.

How we use it

Your data is used solely to provide the Surven service: running scans, displaying your dashboard, sending scan summary emails, and supporting your account. We don't sell your data to anyone.

Third parties

We send your business details to OpenAI, Anthropic, and Google in order to query their AI models on your behalf. Each of those providers has its own privacy policy. We use Supabase for authentication and storage, and Vercel for hosting.

Your rights

You can export your scan data as CSV from the dashboard at any time. You can delete your account and all associated data from the Settings page — that action is immediate and permanent.

California Residents

Under the California Consumer Privacy Act, you have the right to (i) know what personal information we collect, use, and share, (ii) delete personal information we hold, (iii) opt out of the sale of personal information (we do not sell personal information), and (iv) non-discrimination for exercising these rights. To exercise any of these rights, email hello@surven.ai. We respond within 45 days as required by CCPA.

Data retention

How long we keep your data:

  • Account data (email, business details, scan history): kept while your account is active. After you delete your account, we permanently remove this data within 30 days.
  • Database backups: purged within 90 days. We can't pull individual records from a backup without restoring it, so deletion isn't instant — but the maximum holdover is 90 days.
  • Anonymized usage analytics: kept indefinitely. These contain no personally identifiable information.
  • Security and audit logs: kept for 12 months, then deleted.
  • Billing records: kept for 7 years to comply with tax and accounting requirements.

Cookies & storage

We use browser localStorage to keep you signed in and remember your sidebar preference. We don't use third-party tracking cookies on the app. Marketing cookies on the public landing pages are described in our cookie banner.

Security

Passwords are hashed by Supabase Auth. Sensitive data (API keys you enter) is encrypted at rest. We do our best, but no system is unbreakable — please use a strong password and contact us right away if you notice anything suspicious.

Surven Auditor (Chrome extension)

The Surven Auditor extension lets you audit any open browser tab for AI-search-visibility (GEO) issues. The following describes the data the extension touches, where it goes, and what we never do with it.

What the extension reads from a page: when you click Run audit, the extension reads the public HTML of the active tab — title, meta tags, headings, body text, JSON-LD schema, image alt text, internal links — and sends it to our backend at surven.ai for analysis. Audits run only on tabs you explicitly trigger from the side panel; we do not background-scan pages you visit.

What the extension stores locally: your Surven API key (encrypted in chrome.storage), per-hostname audit results cached for 24 hours, and your settings (API URL). Nothing else.

What the extension sends off-device: page content (above) goes to surven.ai for audit analysis. When you click Apply fix or Revert, we send fix details to the connected platform you authorized in Surven (your GitHub repo or WordPress site) on your behalf — never to anyone else.

What the extension never does:read passwords or form fields, capture keystrokes, monitor pages you didn't audit, sell your data, share your data with advertisers, or run audits in the background without your action.

Permissions explained:

  • sidePanel — to render the audit results UI in Chrome's side panel.
  • activeTab — to read the current tab's HTML when you click Run audit.
  • scripting — to inject the highlight overlay that points at finding-affected elements on the page.
  • storage — to keep your API key, settings, and 24-hour result cache locally.
  • <all_urls> host permission — required because audits work on any site you visit. The extension never reads a page until you click Run audit on that tab.

Contact

Questions, requests, or concerns? Email us at hello@surven.ai.