Privacy
Privacy and cookies
SeekSmart is in public beta. This notice explains what the app currently collects, how cookies and product analytics are used, how signed-in audit history is handled, and how to contact us about privacy requests.
Last updated: May 20, 2026
Who this notice covers
This notice applies to SeekSmart's website, public beta product, tool directory, AI audit workflow, dashboard, admin tools, submissions, feedback, and related product analytics.
SeekSmart is responsible for the information it collects through the service. Third-party websites, AI tools, Google sign-in, and vendor websites have their own privacy practices and terms.
For privacy, cookie, account, or deletion requests, contact seeksmartapp@gmail.com from the email address associated with the account when possible.
Information we collect
Account information: when you sign in with Google, SeekSmart receives the account information needed to create and secure your account, such as your name, email address, profile image when provided, and Google account identifier.
Audit information: when you run an AI audit, SeekSmart stores your structured audit answers, generated recommendation brief, readiness score, top opportunity, rules version, and timestamps so the audit can be shown in your dashboard.
Submission and feedback information: when you submit a tool or send feedback, SeekSmart stores the submitted content and contact details needed for review, follow-up, quality improvement, and abuse prevention.
Usage and device information: SeekSmart collects product analytics events, page paths, referral information, browser and device information, approximate technical location signals, timestamps, and diagnostic information needed to understand product usage, detect errors, protect the service, and improve the beta.
Admin and operational information: admin actions, review decisions, authentication events, rate-limit signals, server logs, and security-relevant events may be kept to operate and protect the service.
How we use information
We use account and session information to authenticate users, protect signed-in pages, save audit history, and control admin access.
We use audit data to generate deterministic recommendations, show saved audit snapshots, improve the structured taxonomy, and debug product quality issues.
We use submissions and feedback to review tool listings, improve product coverage, respond when follow-up is appropriate, prevent abuse, and maintain editorial records.
We use analytics and diagnostic information to understand which pages and workflows are useful, measure audit funnel completion, evaluate tool engagement, identify broken or confusing experiences, and prioritize product improvements.
We use operational records to secure the service, enforce these terms, investigate abuse, comply with legal obligations, and maintain audit trails.
Cookies and browser storage
SeekSmart uses essential cookies for sign-in, OAuth security, session protection, admin access, and saved audit functionality. These cookies are required for the signed-in service to work.
Auth.js / NextAuth sets authentication and security cookies for Google sign-in, session handling, callback protection, and CSRF/state checks.
The temporary legacy admin password flow uses an httpOnly cookie named seeksmart_admin_session. It is sameSite=lax, secure in production, scoped to the site path, and expires after 8 hours.
PostHog analytics may use first-party cookies or browser storage to recognize a browser across product events and measure usage. These analytics identifiers are used for product improvement, not advertising.
SeekSmart does not currently use advertising cookies, retargeting cookies, third-party marketing cookies, heatmaps, or session replay. PostHog autocapture, automatic pageleave capture, automatic pageview capture, and session recording are disabled in the current implementation.
You can limit cookies through your browser settings. Blocking essential cookies may prevent login, saved audits, dashboard access, admin access, or other signed-in features from working. Blocking analytics storage may reduce SeekSmart's ability to measure and improve product usage.
Analytics
SeekSmart uses PostHog product analytics. Browser events are also dispatched through a provider-neutral seeksmart:analytics event and dataLayer push so the analytics setup can remain auditable and replaceable.
Current tracked events include page views, audit start, audit questions viewed, audit questions submitted, audit results viewed, outbound tool website clicks, tool likes and unlikes, public submission completion and failure, server-side tool submission creation, Google sign-in success, command palette opens, and command palette result selections.
Typical event properties include page path, audit budget range, company size, data sensitivity level, top recommended opportunity, tool slug, event source, tool id, tool name, submission category, pricing type, failure reason, command trigger, selected command label, and selected command URL.
SeekSmart does not intentionally send passwords, Google OAuth tokens, full free-text audit answers, private documents, submitter email addresses, user email addresses, user names, or payment information to PostHog analytics.
PostHog may process technical metadata associated with events, such as browser, device, URL, referrer, timestamps, and IP-derived network information, depending on provider configuration and infrastructure.
The current PostHog configuration is intended to use EU PostHog ingestion and UI hosts. If the analytics provider, region, or event list changes materially, this notice should be updated.
Sensitive data
Do not submit private customer records, credentials, financial account data, health information, trade secrets, confidential contracts, or other sensitive documents unless SeekSmart has an approved process for that data.
Audit answers should describe workflows and constraints at a business level rather than exposing confidential records.
SeekSmart is not designed to collect regulated health information, payment card data, financial account credentials, children's data, or highly sensitive personal data.
Legal bases and your choices
Depending on where you are located, SeekSmart's reasons for processing information may include providing the service you request, operating and securing the product, legitimate interests in improving a public beta, compliance with legal obligations, and consent where required.
You may request access, correction, deletion, export, restriction, objection, or withdrawal of consent where those rights apply by contacting seeksmartapp@gmail.com.
You may also use browser settings or extensions to limit cookies and analytics storage. Some product functionality may not work if required cookies are blocked.
Sharing and service providers
SeekSmart may share information with service providers that support hosting, database storage, authentication, analytics, diagnostics, email, monitoring, security, and product operations. These providers should only process information as needed to operate, secure, and improve the service.
Google is used for OAuth sign-in. Your use of Google sign-in is also subject to Google's own account and privacy terms.
PostHog is used for product analytics and diagnostic event capture.
SeekSmart may disclose information if required to comply with law, enforce terms, protect rights or safety, investigate abuse, or complete a business transaction such as a merger, acquisition, financing, or asset transfer.
International transfers
SeekSmart and its service providers may process information in countries other than where you live. Privacy laws in those countries may differ from the laws in your location.
Where required, SeekSmart should use appropriate safeguards for international transfers, such as provider data processing agreements, regional hosting options, and contractual protections.
Security
SeekSmart uses technical and organizational safeguards such as authentication, httpOnly session cookies where appropriate, input validation, rate limiting, security headers, admin access controls, and operational logs.
No internet service can guarantee absolute security. You are responsible for keeping your Google account and devices secure and for avoiding the submission of secrets or sensitive records.
Retention and deletion
Saved audits remain attached to the signed-in account so users can return to their decision history. Tool submissions, feedback, analytics events, logs, and admin records may be retained for editorial review, product improvement, security, legal compliance, and operational history.
Retention periods may vary by record type, operational need, legal requirement, backup cycle, and whether the record is needed to prevent abuse or preserve an audit trail.
For account, deletion, or privacy requests, contact seeksmartapp@gmail.com from the email address associated with the account. Some records may be retained where required or permitted for security, compliance, dispute resolution, or backup integrity.
Changes to this notice
SeekSmart may update this notice as the public beta, analytics setup, service providers, data practices, or legal requirements change.
Material changes should be reflected by updating the last-updated date and, where appropriate, providing additional notice.
