Website Health
Legal & Trust
Privacy Policy
Last updated: April 2026
Contents
General (Logia Insights)
General (Logia Insights)
These terms apply to all Logia Insights products and services. Product-specific details for Website Health follow below.
1. Introduction
Logia Insights ("we," "our," or "us") provides products and services including Website Health. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, create an account, subscribe to our newsletter, contact us, or use any of our services. Our Terms of Service govern your use of our services; this policy focuses on your personal data.
We are committed to protecting your privacy and handling your data with transparency. Product-specific details (such as for Website Health) are in the sections below. If you have questions, please contact us.
2. Information Sharing
We do not sell your personal information. We may share information in these limited circumstances:
- Service providers: Third parties who help us operate our services, including hosting, email delivery, payment processing (Stripe), spam prevention (Google reCAPTCHA on contact forms), AI-powered insights (OpenAI, when we generate analysis for Pro/Enterprise reports), in-product AI Help (which may use OpenAI and/or Google Gemini (Google AI) depending on product configuration), and, where we offer translation features, third-party translation services (e.g., Google Translate). These providers process data on our behalf under contractual obligations. Google reCAPTCHA may collect data such as IP address and device information; see Google's privacy policy for details. When you request a meeting through our website (for example via our contact or booking forms), the information you submit is processed through our services and these same categories of providers as needed to confirm and follow up. OpenAI processes website content and analysis data to generate insights; their privacy policy governs data handling. When AI Help uses Google Gemini, relevant Google AI terms and privacy policy govern that processing. We maintain a public list of our named subprocessors at our Subprocessors and DPA Requests page.
- Report access: If you set a report to "Public," anyone with the report URL can access it during its storage period. If you set a report to "Private," only members of the workspace that created the report can access it. If you run a check without signing in, the report is delivered as a public link by default (see Guest Reports and Public Links below and our Terms of Service).
- Legal requirements: When required by law or to protect our rights, safety, or property
- Business transfers: In connection with a merger, acquisition, or sale of assets
3. Data Location and International Transfers
Our services are operated from the United States. Your information may be stored and processed in the United States or other countries where our service providers operate. If you are located outside the United States (including in the European Economic Area, United Kingdom, or elsewhere), your data will be transferred to and processed in the United States or other jurisdictions that may not provide the same level of data protection as your country. By using our Service, you consent to this transfer. We rely on appropriate safeguards (such as standard contractual clauses where applicable) for international transfers.
4. Your Rights
Legal basis (EEA/UK): We process your personal data based on: (1) contract performance—to provide the service you signed up for; (2) consent—for newsletter, marketing emails, and optional features like profile pictures; (3) legitimate interests—for abuse prevention, security, fraud detection, and service improvement; and (4) legal compliance—where required by law.
Depending on your location (including residents of the European Economic Area, United Kingdom, California, and other jurisdictions with similar laws), you may have rights to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your information (you can delete your account directly from your account settings, or contact us for assistance)
- Object to or restrict certain processing
- Data portability: If you have an account, you can download a machine-readable JSON summary of personal data we associate with you from Download my data (sign-in required). Detailed scan datasets remain available as PDF/CSV from each report in your dashboard.
- Withdraw consent where processing is based on consent (e.g., newsletter)
You can manage email preferences and newsletter subscription in your account settings; newsletter emails also include an unsubscribe link. To exercise other rights or ask about our data practices, please contact us. If your organization requires a Data Processing Addendum (DPA), you may request one through our Subprocessors and DPA Requests page.
California residents: We do not sell your personal information. You have the right to know what personal information we collect, to request deletion, and to non-discrimination for exercising your rights.
Automated decision-making: We use automated systems to detect suspicious subscription and workspace behavior (e.g., rapid plan changes, workspace abuse patterns). These systems may flag your account for manual review. We do not make decisions that significantly affect you solely by automated means—all enforcement actions (such as IP blocking or account suspension) are reviewed by our administrators before being applied. If you believe you have been affected by an error in our automated systems, please contact us.
5. Security
We implement appropriate technical and organizational measures to protect your information, including secure transmission and storage. We offer optional two-factor authentication (2FA) for account security. However, no method of transmission over the Internet is 100% secure. In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Where applicable law imposes specific notification timelines, we aim to comply with those timelines, including notifying relevant regulators without undue delay and within 72 hours where required. See our Security page for more details.
6. Cookies and Similar Technologies
We use essential cookies and session storage to operate our website (e.g., login state, session identification, preferences). We do not use third-party advertising cookies. Our contact form uses Google reCAPTCHA, which may set cookies. We may use analytics cookies to understand how visitors use our site. You can manage cookie preferences in your browser.
7. Links to Other Websites
Our website may contain links to third-party websites (e.g., social media, external resources). We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.
8. Children's Privacy
Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email where appropriate.
10. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- 📧 Contact Us
- 📍 Wisconsin, USA
Website Health
The following sections apply specifically to the Website Health product. They supplement the General sections above.
11. Information We Collect
Information You Provide
- Account information: When you sign up, we collect name, email address, phone (optional), job title, company, address (street, city, state, zip, country), password, optional profile picture, whether you subscribe to our newsletter, how you heard about us, referral name/email (optional), and work type (e.g., business, nonprofit, ministry, freelancer). We use email as your login identifier. Profile pictures and other images you upload may be manually reviewed for compliance with our Terms of Service; we reserve the right to delete content that is harmful, profane, vulgar, or otherwise violates our terms.
- Website and analysis data: URLs you submit for analysis; for paid plans, website URLs you add to your workspace(s), competitor URLs and optional sitemap URLs, custom sitemap URLs, exclude/include URL patterns, and preferences for monthly report schedules (e.g., day of month, enabled/disabled). We also store the assessment results, scores, findings, and error reports generated from your scans.
- Report-related data: Email address used when requesting a report (including for reports created without an account); whether a report is set to public or private by your workspace.
- Contact form: First name, last name, email, phone, preferred contact method, company name, city, state, message, how you heard about us, and optional referral name/email. If you opt in to the newsletter on the contact form, we may create or link a newsletter subscription (email and selected interest areas).
- Newsletter: Email address, subscription status, interest areas (e.g., Website Health), and an unsubscribe token used in unsubscribe links.
- Workspaces and teams: Organization/workspace name, member emails, roles (e.g., super admin, admin, editor, viewer), and invitations (invitee email and role). Workspace settings may include logo and website configurations as above.
- Communications: Messages you send us via contact forms or email.
- Referral program: If you participate in our referral program, we may collect referee details, referral type (e.g., friend, newsletter), and for newsletter referrals, newsletter name, URL, evidence (e.g., screenshot), subscriber count, and notes.
- Subscription and plan change feedback: When you downgrade or cancel your subscription, we may ask you to provide optional feedback about your reasons (e.g., reasons selected from a list, unused features, free-text comments). This helps us improve our service.
Information Collected Automatically
- Usage and log data: Pages visited, features used, access times, IP address, browser type, operating system, device identifiers, and referring URLs.
- Spam prevention: Our contact form uses Google reCAPTCHA v3 (invisible) to help prevent spam. reCAPTCHA may collect data such as IP address, cookies, and device information. This is processed by Google according to their privacy policy.
- Session data: We use session identifiers to associate reports created before you sign up with your account when you later create one. Session data is used together with email and, where applicable, device-related information (e.g., IP and browser) to link pre-signup reports to your account so you can access them in your workspace. Report association may use email matching, session tracking, and device fingerprinting (a combination of session ID, IP address, and browser/User-Agent information) to identify the same device within the same calendar month. For more detail on report association, see our Terms of Service (Section 16).
- Daily usage and rate limiting: To enforce daily report limits (e.g., 3 reports per day for free users, 100 for paid), we track usage per user account. For users who are not logged in, we use a composite fingerprint (session ID, IP address, and User-Agent) to track usage. This fingerprint is hashed and used only for rate limiting; it is not used to identify you personally.
- Abuse prevention and security: We collect and store IP addresses in connection with subscription changes (e.g., upgrades, downgrades, cancellations), rate limiting, and abuse detection. We track subscription change patterns and associated IP addresses to detect suspicious behavior (e.g., repeated plan switching, end-of-month upgrade patterns). We also track workspace creation patterns and associated user behavior to detect workspace abuse. We may store IP addresses on records for blocked IPs and for suspicious subscription or workspace behavior. All suspicious behavior is flagged for manual review before any enforcement action. This supports fraud prevention, enforcement of our Terms of Service, and protection of the service.
Payment Information
Payment processing is handled by our payment provider, Stripe. We do not store your full card number. We store Stripe-generated identifiers (e.g., customer ID, subscription ID, and related billing-period information) necessary to manage your subscription, renewals, and support. Stripe's collection and use of payment data are governed by its own privacy policy.
12. How We Use Your Information
- To provide website health analysis, reports (single-URL, multi-page, monthly automated, and competitor reports), and related features
- To create and manage your account, workspaces, team members, and invitations
- To process subscriptions and payments (via Stripe) and to enforce subscription and usage limits (including daily report limits)
- To send service-related communications (e.g., report completion, report failures, subscription and billing updates, password reset, email verification, 2FA codes)
- To send newsletter and marketing emails where you have opted in
- To respond to your inquiries and provide customer support
- To process subscription and plan-change feedback (e.g., downgrade reasons) for service improvement
- To detect and prevent fraud, abuse, and security issues (including use of IP addresses and subscription change history)
- To improve our services and develop new features, including using aggregated, anonymized assessment data
- To retain anonymized, aggregate metrics (scores, issue counts, scan statistics) after report deletion for analytics, benchmarking, and anonymized datasets — containing no personally identifiable information
- To comply with legal obligations and protect our rights
13. Data Retention and Report Storage
Reports: On-demand and single-URL reports are stored and accessible online for 90 days from creation. Reports generated as part of monthly automated runs may be stored for a longer period or for the duration of your active paid subscription, as described in our service and Terms of Service. After the applicable period, the online report link will expire. We recommend downloading a PDF or CSV if you want a permanent copy. In the event that Logia Insights ceases operations or discontinues the Service, all reports and data stored on our servers may no longer be accessible; you will lose access to any reports you have not downloaded and saved locally.
Underlying data: Even after a report expires online, we may retain the underlying assessment data and results in our systems for analytical and service improvement purposes, in accordance with this policy and our Terms of Service.
Anonymized data after deletion: When you delete a monthly report (from the dashboard or archived website view), we retain anonymized, aggregate metrics from that report. This includes overall scores, per-section scores, issue counts by severity level, category breakdowns, and scan volume statistics. No raw personally identifiable information is retained - no user names, plaintext email addresses, organization names, website URLs, page content, or specific findings. We may retain salted, one-way hashes of the email address, URL, or domain solely to deduplicate and report aggregate metrics; those hashes do not contain or reveal the original email address, URL, domain, page content, or findings. We use this anonymized data for internal analytics, benchmarking, service improvement, and may include it in anonymized, aggregated datasets. These aggregate records are not designed to identify individual users or websites.
Account and other data: We retain your account information, contact submissions, newsletter subscriptions, workspace data, subscription feedback (e.g., downgrade reasons), and related records for as long as needed to provide our services, support you, enforce our terms, and comply with law. You may request deletion of your personal data at any time (see Your Rights above).
Account deletion: When you delete your account, we permanently remove your profile, login credentials, and personal reports. Reports you created within workspaces that have other members are preserved for those workspaces with your authorship link removed. For record-keeping, fraud prevention, abuse detection, and legal compliance, we retain limited metadata using pseudonymous identifiers (for example, salted one-way hashed identifiers), account identifier, and dates of account creation/deletion. We do not retain your plaintext email address, plaintext name, or phone number in this archived metadata. This metadata does not include your password, payment card details, or report content.
Workspace deletion: When a workspace is deleted, we permanently remove all workspace data, including reports, websites, team memberships, and settings. We retain limited metadata about the former workspace (such as workspace name, subscription plan, member count, and deletion date) for the same purposes described above. All workspace members are notified by email when a workspace is deleted. Active subscriptions are cancelled immediately.
Archived websites: When your plan's website limit decreases (e.g., when you downgrade to the Free plan), you must choose which websites to archive. Archived websites and their monthly report data remain stored and viewable until you delete or restore them. You may restore (unarchive) a website when you have an available slot. Archived data is subject to the same retention and security practices as active website data.
14. Guest Reports and Public Links (Not Logged In)
If you generate a Website Health report without an account (guest or anonymous use), we treat that report as public for access purposes: you cannot mark it private until it is associated with a workspace after you sign up. From a privacy perspective, you should assume that anyone who obtains the full report URL may be able to view your results—including the analyzed URL, scores, and findings—while the report remains available online (for example, during the 90-day online access window for single-URL reports described above).
How the link works: We give you a unique web address that includes a long, randomly generated identifier. We do not publish a searchable list of every guest report link on our website, and short, guessable URLs are not used by design—so random third parties typically cannot browse to your report without the exact link. That said, the model is “anyone with the link can open it”: the URL is not password-protected for guest reports, and anyone you share it with (or anyone who receives it via a forward, screenshot, shared device, or similar) may access the same content you see.
What we recommend: Treat the URL like sensitive information if you do not want others to see your report. If you need workspace-controlled privacy (private reports visible only to your team), use an account and workspace and set reports to Private as described in our Terms of Service. For the full legal description of guest reports and public links, see Section 16 of the Terms of Service.