Laup
Log inSign up

Legal

Privacy Policy

Last updated: April 2026 · DRAFT - subject to legal review

1. Who we are

Laup is operated from Norway. For questions about your data, contact us at hello@laup.ai

2. What data we collect

  • Account data: email address, hashed password (argon2 - we never store your password in plain text), display name and phone number (optional).
  • Scan results: AI readiness scores, schema analysis, sitemap analysis, robots.txt analysis, content visibility results, and AI-generated assessments - all tied to the domain you scanned, not to you personally.
  • Usage data: IP addresses in server logs, login timestamps, scan timestamps.
  • Consent record: timestamp of when you accepted these terms.

3. Why we collect it

  • To provide the service: we need your email to authenticate you and your domain to run scans.
  • To secure the service: IP logging helps detect abuse and unauthorized access.
  • To improve the service: aggregate, anonymized scan patterns help us improve our analysis accuracy.

4. Legal basis (GDPR)

  • Consent: you explicitly consent to data processing by checking the signup checkbox.
  • Legitimate interest: security logging and service delivery.
  • Contract: processing necessary to provide the service you signed up for.

5. Where your data is stored

All data is stored in Azure Norway East (Oslo region), within the EU/EEA. Your data does not leave the EEA for storage purposes.

6. Third-party processors

  • Microsoft Azure (hosting, database) - EU data center (Norway East).
  • OpenAI (LLM analysis) - scan data (publicly accessible website content) is sent to the OpenAI API for analysis. No personal user data (email, password) is sent to OpenAI. Subject to OpenAI's data processing terms.

7. Data retention

  • Account data: kept until you delete your account.
  • Scan results: kept as long as your account exists.
  • Server logs: retained for up to 90 days for security purposes.

8. Your rights

Under GDPR, you have the right to:

  • Access: request a copy of your personal data.
  • Correction: update inaccurate data via your profile page.
  • Deletion: delete your account and all personal data via your profile page. This immediately anonymizes your data.
  • Data portability: request your data in a machine-readable format.
  • Withdraw consent: you can withdraw consent at any time by deleting your account.

To exercise any of these rights, use the self-service options in your profile or contact us at hello@laup.ai

9. Cookies

We use a single authentication cookie (JWT) that is strictly necessary for the service to function. It is an httpOnly cookie that cannot be accessed by JavaScript. We do not use analytics cookies, tracking cookies, or any third-party cookies. No cookie consent banner is required.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the email address associated with your account. The "last updated" date at the top will always reflect the most recent version.

11. Contact

For data protection inquiries, contact us at hello@laup.ai