What happens to your data when you run an audit.

When you audit a client site in Prizvox, you are handing us a domain name. We query public APIs and AI platforms on your behalf, store the results, and return a report. Nothing we do touches anything behind a login, and nothing we store is ever sold or shared with a third party for commercial purposes. This page documents exactly what we receive, what we send, and how long we keep it.

Last updated: May 2026. We will update this page whenever our data practices change, and notify active subscribers by email of any material changes.

What a Prizvox audit touches

The domain URL

Collected

The domain you submit is the only identifying input to the audit. It is sent to Google PageSpeed Insights, Moz, and used to generate AI platform prompts. It is stored in your audit history for the duration of your subscription.

Publicly visible web pages

Crawled publicly

Prizvox crawls the public-facing pages of the domain — the same pages any browser or search engine can access. We do not crawl anything behind authentication, paywalls, or staging environments. We do not store raw page content beyond what is needed to produce the audit.

Audit results and scores

Stored in your account

The Prizvox Score, sub-scores, fix cards, AI recommendations, and GEO visibility results are stored in your account and used to generate the PDF report. These are your data. You can export or delete them at any time.

Your account email

Collected

Used for login, billing communications, and score-drop alerts if you enable them. Never sold or shared with third parties for marketing purposes.

What a Prizvox audit never touches

Anything behind a login — no authenticated pages, no admin panels

Client CRM data, customer lists, or personal data held by your client

Staging, development, or internal environments

Analytics platforms, ad accounts, or third-party integrations on the client site

Any data that is not publicly accessible via a standard HTTP request

Third-party services we call on your behalf

When you run an audit, Prizvox calls the following external APIs. Each entry below documents exactly what that service receives. We do not pass client personal data to any of these services.

Google PageSpeed Insights

ReceivesThe domain URL being audited.Used forReturns Lighthouse performance scores, Core Web Vitals, and CrUX real-user field data for the domain.Their policydevelopers.google.com/speed/docs/insights/v5/about

Moz API

ReceivesThe domain URL being audited.Used forReturns Domain Authority and Page Authority scores used in the Authority component of the Prizvox Score.Their policymoz.com/products/api/privacy

OpenAI (ChatGPT)

ReceivesGenerated discovery prompts referencing the brand name and domain. No client personal data.Used forPrizvox queries ChatGPT to check whether the brand appears in AI-generated answers for relevant prompts.Their policyopenai.com/policies/api-data-usage-policies

Google Gemini

ReceivesGenerated discovery prompts referencing the brand name and domain. Audit findings used to generate fix recommendations.Used forUsed for GEO visibility queries and to generate the AI fix recommendations in each audit report.Their policyai.google.dev/gemini-api/terms

Anthropic (Claude)

ReceivesGenerated discovery prompts referencing the brand name and domain. No client personal data.Used forPrizvox queries Claude to check whether the brand appears in AI-generated answers for relevant prompts.Their policywww.anthropic.com/legal/aup

Perplexity

ReceivesGenerated discovery prompts referencing the brand name and domain. No client personal data.Used forPrizvox queries Perplexity to check whether the brand appears in AI-generated answers for relevant prompts.Their policywww.perplexity.ai/hub/legal/privacy-policy

Retention and infrastructure

Audit data retention

Audit results, scores, and reports are retained for the lifetime of your subscription plus 30 days after cancellation. After 30 days, all audit data is permanently deleted from our systems. You can trigger immediate deletion at any time from your account settings.

Account data retention

Your account email and billing details are retained for as long as your account exists and for any period required by applicable law after deletion. Billing data is held by our payment processor (Stripe) under their own data retention obligations.

Where data is stored

Prizvox's application servers run on Fly.io infrastructure in the EU (London region). The frontend is served via Vercel's global CDN. Audit data is stored in a PostgreSQL database on Fly.io within the EU.

Encryption

All data in transit is encrypted via TLS 1.2+. Data at rest is encrypted by the underlying infrastructure provider. Secrets and API keys are stored as environment variables, never in source code.

Access controls

Audit data is scoped to your account. No user can see another user's audit data. Our team can access data only for the purposes of providing support and only when you have raised a support request.

Your controls

You have full control over your data. These rights apply whether or not you are covered by GDPR.

Export

Download your full audit history and all reports from account settings at any time.

Delete an audit

Remove any individual audit and its associated report from your account.

Delete your account

Request full account deletion. All audit data is permanently erased within 30 days.

Opt out of emails

Unsubscribe from non-billing emails at any time via the link in any email we send.

Access

Request a copy of all personal data we hold about you. We will respond within 30 days.

Correction

If any data we hold is incorrect, contact us and we will correct it within 14 days.

GDPR and international users

Data controller

Chalk Theory is the data controller for all personal data processed by Prizvox.

Legal basis for processing

We process account data on the basis of contract performance (to provide the service you subscribed to). We process audit results on the basis of legitimate interest — specifically, producing the audit reports you requested. We process billing data as required by law.

International transfers

Some data is processed by US-based services (OpenAI, Anthropic, Perplexity, Google, Moz, Vercel). These transfers are covered by Standard Contractual Clauses or equivalent mechanisms under GDPR. Each provider's data transfer policies are linked in the third-party table above.

Data Protection Officer

Chalk Theory is not currently required to appoint a DPO. For all data-related enquiries, contact us at privacy@prizvox.com.

Questions

If you have a question about how Prizvox handles your data that is not answered here, or if you want to exercise any of the rights above, contact us directly. We are a small team — these emails go to the people who built the system.

Privacy & data requestsprivacy@prizvox.com

Security issuessecurity@prizvox.com

Generalhello@prizvox.com