Last updated: May 4, 2026
When you use Authority Engine, we collect information you provide directly (name, email address, business details) and information generated by your use of the service (scan results, keywords tracked, reports generated). When you run a scan on the public scanner, we log the Google Place ID and scan timestamp for rate-limiting purposes only — we do not store the full results or associate them with a personal profile.
We use your data to operate and improve the Authority Engine platform — generating your authority reports, tracking your keyword rankings, publishing articles to the News Network on your behalf, and providing AI-powered recommendations. We do not sell your data to third parties. We do not use your data to train AI models without explicit consent.
Authority Engine integrates with the following third-party services: Google APIs (Places API for business data lookup; Google Business Profile API to publish and read profile data when you connect your account), Meta Platforms (Facebook + Instagram Graph APIs to publish to Pages you administer when you connect your account), LinkedIn (Share on LinkedIn API to publish to your profile when you connect your account), Anthropic Claude (AI content generation; inputs are not used to train their models per their API terms), Supabase (database and authentication), Vercel (application hosting), Paddle (payment processing), Resend (transactional email), and Upstash Redis (rate limiting). Each of these services has its own privacy policy. Payment data is handled entirely by Paddle — we never store your credit card information.
When you connect a Google Business Profile, Facebook Page, LinkedIn profile, or other social account, you authorize Authority Engine to perform specific actions on your behalf — such as posting updates, reading your profile metadata, and publishing scheduled content. We store the OAuth access token, refresh token, and expiry timestamp returned by each provider. These tokens are kept server-side and are never transmitted to your browser. We use them only to perform the actions you initiate from the dashboard or that you have scheduled (e.g., Playbook actions). You can disconnect any connected account at any time from /dashboard/social — disconnecting deletes the tokens we hold for that account. We do not read private messages, private posts, or any data outside the explicit scopes you grant during OAuth.
We retain your account data for as long as your account is active. If you delete your account, we permanently delete all associated personal data within 30 days, including OAuth tokens for any connected social or Google accounts. Scan data from the public scanner (rate-limit logs) is automatically deleted after 24 hours.
You have the right to access, correct, or delete your personal data at any time. You can export your data from the Settings page in your dashboard, or contact us at support@authorityengine.us to request a full data export or deletion. You can disconnect any connected social or Google account at any time from /dashboard/social. If you are in the EU, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.
We use cookies solely for authentication (to keep you logged in) and for anonymous analytics (PostHog). We do not use advertising cookies or tracking pixels. You can disable cookies in your browser settings, but this will prevent you from staying logged in.
All data is encrypted in transit (TLS 1.2+) and at rest. Our database uses Row Level Security (RLS) to ensure users can only access their own data. OAuth tokens for connected accounts are stored server-side only and never exposed to the browser. We conduct regular security reviews and address vulnerabilities promptly.
For privacy questions or requests, contact us at: support@authorityengine.us. We respond to all privacy requests within 5 business days.