Legal

Privacy Policy

Effective date: 22 April 2026 · Last updated: 22 April 2026

1. Who We Are

Ovid (GetOvid) operates the platform at getovid.ai (the "Service"). We are the data controller for personal data collected through the Service. References to "we", "us", or "our" mean Ovid (GetOvid).

For privacy enquiries, contact us at privacy@getovid.ai.

2. Data We Collect

Account data: When you register, we collect your name, email address, and encrypted password. If you sign in via Google, we receive your name and email from Google.

Usage data: URLs you submit for analysis, keywords, analysis results, action plan tasks, and audit reports you generate. This data is associated with your account.

Billing data: Payment is processed by LemonSqueezy. We do not store your card details. We receive confirmation of payment status and subscription tier.

Technical data: IP address, browser type, device type, pages visited, and timestamps. Collected automatically via server logs and cookies.

Communications: Any messages you send to us via email or support channels.

3. How We Use Your Data

We use your data to:

Provide, operate, and improve the Service
Process your analyses and generate recommendations
Manage your account and subscription
Send transactional emails (account confirmation, billing receipts, audit digests you enable)
Send product update emails (you can unsubscribe at any time)
Detect and prevent fraud and abuse
Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data to train AI models without your explicit consent.

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

Contract: Processing necessary to provide the Service you have signed up for
Legitimate interests: Improving the Service, security monitoring, and fraud prevention
Consent: Marketing communications and optional data pool contribution
Legal obligation: Compliance with applicable law

5. Third-Party Services We Use

Provider	Purpose	Data Shared
Anthropic	AI analysis and recommendations	Page content, keyword, crawl data
Supabase	Database and authentication	Account data, analysis results
SerpAPI / DataForSEO	Search traffic estimates	URLs submitted for analysis
Google	OAuth sign-in	Name, email (if Google sign-in used)
LemonSqueezy	Payment processing	Email, subscription details
Vercel	Web hosting	IP address, request logs
Render	API hosting	IP address, request logs

Each provider is subject to their own privacy policy and data processing terms. We endeavour to use providers with appropriate data protection standards.

6. Data Retention

We retain your account data for as long as your account is active. Analysis results and reports are retained for the duration of your subscription plus 90 days after cancellation, after which they are permanently deleted.

You may request deletion of your account and associated data at any time by emailing privacy@getovid.ai. We will process deletion within 30 days.

7. Cookies

We use the following cookies:

Authentication: A session token to keep you logged in (essential)
A/B testing: A cookie (ovid_ab_test) to assign you to a homepage variant consistently (functional, 30-day expiry)
Analytics: We may use privacy-respecting analytics (no third-party advertising cookies)

You can disable non-essential cookies in your browser settings. This will not affect your ability to use the Service.

8. Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct inaccurate data
Erasure — ask us to delete your personal data ("right to be forgotten")
Restriction — ask us to limit how we process your data
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interests
Withdraw consent — where processing is based on consent

To exercise any of these rights, email privacy@getovid.ai. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. International Data Transfers

Some of our third-party providers are based outside the UK and EEA. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, as required by UK GDPR.

10. Security

We implement industry-standard security measures including encrypted data storage, HTTPS throughout, hashed passwords (bcrypt), and access controls. No transmission over the internet is 100% secure; you use the Service at your own risk.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notice. Continued use of the Service after changes constitutes acceptance.