Privacy Policy

Indexed ("we", "us", or "our") operates indexed.vc. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By using the Service, you consent to the practices described in this policy.

Account information: When you register, we collect your email address and, if you use Google OAuth, your name and profile information provided by Google.

Usage data: We track your usage of the Service — including searches performed, company profiles viewed, list builder queries, and exports made — to enforce tier limits and improve the product.

Payment information: Payments are processed by Stripe. We store only a Stripe customer ID and subscription status; we do not store your full credit card number or banking details.

Device and log data: We automatically collect server log data including IP addresses, browser type and version, operating system, device type, referring URLs, pages visited, and timestamps. Your IP address may be used to derive approximate geographic location (city/country level).

• Provide, operate, maintain, and improve the Service
• Process payments and manage subscriptions
• Enforce usage limits tied to your subscription tier
• Send transactional emails (receipts, password resets, subscription notices)
• Respond to support requests and communicate with you about the Service
• Detect, investigate, and prevent fraud, abuse, or unauthorized access
• Analyze usage trends to improve product features and user experience
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your personal data for targeted advertising.

We use the following third-party services that may process your data:

• Supabase — database and authentication infrastructure (stores account data and usage records)
• Stripe — payment processing (processes billing information securely)
• Vercel — hosting, CDN, and serverless functions (processes requests and serves content)
• Google Analytics (GA4) — website traffic and acquisition analytics (collects anonymized browsing data)
• PostHog — product analytics and conversion tracking (collects feature usage and interaction data)
• Sentry — error monitoring and performance tracking (collects error reports and diagnostic data)
• Logo.dev — company logo delivery (no personal data shared)

Each third-party service operates under its own privacy policy. We encourage you to review their policies to understand how they handle data.

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for authentication (session tokens) and core Service functionality
• Analytics cookies: Used by Google Analytics and PostHog to understand usage patterns and improve the Service
• Error tracking: Used by Sentry to capture and diagnose errors

You can disable non-essential cookies in your browser settings, though this may affect Service functionality. We do not use cookies for advertising purposes.

We retain your account data for as long as your account is active. Usage logs are retained for up to 24 months. Payment records are retained as required by applicable tax and financial reporting laws.

After account deletion, we will delete your personal data within 30 days, except where retention is required by law. We may retain anonymized, aggregate data indefinitely for analytics and product improvement purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request that we correct inaccurate or incomplete data
• Deletion: Request that we delete your personal data
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to certain types of processing of your data

To exercise any of these rights, contact us at hello@indexed.vc. We will respond to your request within 30 days.

If you are a California resident, you have the right under the California Consumer Privacy Act (CCPA) to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale of your personal information
• Not be discriminated against for exercising your privacy rights

We do not sell personal information as defined by the CCPA. To submit a CCPA request, contact us at hello@indexed.vc.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following lawful bases:

• Contract performance: Processing necessary to provide the Service you requested
• Legitimate interests: Analytics, fraud prevention, and Service improvement
• Consent: Where required (e.g., non-essential cookies)

In addition to the rights listed in Section 7, you have the right to lodge a complaint with your local data protection authority. For GDPR-related requests, contact hello@indexed.vc.

Your data is processed and stored in the United States through our infrastructure providers (Vercel, Supabase, Stripe). If you access the Service from outside the United States, your data will be transferred to and processed in the US. We rely on our service providers' data protection frameworks and standard contractual clauses to ensure adequate protection of transferred data.

Some browsers offer a "Do Not Track" (DNT) setting. There is currently no industry standard for how companies should respond to DNT signals. We do not currently alter our data collection practices in response to DNT signals, but we do not engage in cross-site tracking or targeted advertising.

We use industry-standard security practices including encrypted data transmission (TLS), database row-level security, access controls, and secure authentication flows. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but take reasonable measures to protect your data.

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with their data, contact us and we will promptly delete it.

We may update this policy periodically. We will notify users of significant changes via email or in-app notice at least fifteen (15) days before the changes take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.

Privacy questions? hello@indexed.vc