Last updated: 18 March 2026
This Privacy Policy explains how BLEECH (ABN 68 280 756 725), a sole trader registered in Queensland, Australia ("we", "us", "our"), collects, uses, discloses, and protects your personal information when you use our platform at app.bleech.au ("Service"). We are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
Account information: When you create an account, we collect your email address, name (if provided), and authentication provider (Google or email). This is collected via Supabase Auth.
Scan data: When you scan a website, we collect the URL you submit and the publicly available data from that website (HTML content, performance metrics, metadata). For logged-in users, scan results are stored in your account history.
Brand intake data: If you complete the optional brand intake questionnaire, we collect the information you provide (business name, industry, target audience, brand attributes). This data is used solely to generate your Perception Gap Analysis.
Payment information: Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your full credit card number. We receive your Stripe customer ID and subscription status from Stripe.
Usage data: We track the number of AI generations you use per month to enforce plan limits. We do not track browsing behaviour, use cookies for advertising, or share data with advertising platforms.
Technical data: Our hosting provider (Vercel) may collect IP addresses, browser type, and access timestamps in standard server logs for security and performance monitoring.
We use your personal information for the following purposes: to provide, operate, and maintain the Service; to process your subscription payments via Stripe; to store your scan history and account preferences; to generate AI-powered audit reports, fix implementations, and content recommendations; to send you service-related communications (such as scan alerts and account notifications); to enforce our Terms of Service and protect against misuse; and to comply with legal obligations.
We do not use your personal information for direct marketing without your consent. We do not sell, rent, or trade your personal information to third parties.
The Service uses automated decision-making technology and artificial intelligence in the following ways:
Website audit scoring: An automated scanning engine analyses publicly accessible website data and generates a numerical score and issue list. This is a fully automated process based on predefined diagnostic rules.
AI-generated content: When requested by the user, the Service sends anonymised audit data to Anthropic's AI API (Claude) to generate fix implementations, meta tags, structured data, and content calendars. The URL being scanned and the identified issues are sent to the AI model. No personal information about the user is included in AI API requests.
Growth plan generation: A rule-based algorithm automatically generates a phased strategic plan based on audit findings. No AI model is involved in this process.
All automated outputs are informational suggestions. They do not constitute professional advice.
We use the following third-party services that may process your data:
Supabase (database and authentication): Stores account data, scan history, and usage records. Servers located in the United States. Supabase complies with SOC 2 Type II standards.
Stripe (payment processing): Processes subscription payments. Stripe is PCI DSS Level 1 certified. We do not store payment card data. Stripe's privacy policy applies to payment data.
Vercel (hosting): Hosts the application and serverless functions. Vercel processes requests through global edge locations. Standard server logs may include IP addresses.
Anthropic (AI generation): Processes AI generation requests. We send website URLs and audit findings to Anthropic's API. No personal user information is included in these requests. Anthropic's API data is not used for model training.
Google (authentication and PageSpeed Insights): If you sign in with Google, Google provides your name and email. The PageSpeed Insights API analyses publicly accessible website performance data.
Your data may be transferred to and processed in the United States (Supabase, Vercel, Stripe, Anthropic) and other countries where our third-party providers operate. By using the Service, you consent to the transfer of your information to these jurisdictions. We take reasonable steps to ensure that our third-party providers maintain appropriate data protection standards.
Account data is retained for as long as your account is active. Scan history is retained for as long as your account is active. If you delete your account, your personal information and scan history will be deleted within 30 days. Payment records are retained as required by Australian tax law (generally 5 years). Usage tracking data is retained for 12 months for billing purposes.
We implement reasonable technical and organisational measures to protect your personal information, including: encryption in transit (HTTPS/TLS) for all data transmission; row-level security in our database ensuring users can only access their own data; secure authentication via Supabase Auth with industry-standard session management; environment variables for all API keys and secrets (never stored in client-side code); and rate limiting on API endpoints.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
Under the Australian Privacy Principles, you have the right to: access the personal information we hold about you; request correction of inaccurate, incomplete, or out-of-date information; request deletion of your personal information (subject to legal retention requirements); withdraw consent for data processing where consent is the basis; and make a complaint if you believe we have breached the APPs.
To exercise any of these rights, contact us at hello@bleech.au. We will respond within 30 days.
The Service uses essential cookies for authentication and session management via Supabase. These cookies are necessary for the Service to function. We do not use advertising cookies, tracking pixels, or third-party analytics that track individual users. We do not use Google Analytics, Facebook Pixel, or similar tracking tools.
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it promptly.
In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.
We may update this Privacy Policy from time to time. Material changes will be notified via the Service or by email. The "Last updated" date at the top of this page indicates the most recent revision. Continued use of the Service after changes constitutes acceptance.
If you believe we have breached the Australian Privacy Principles, you may lodge a complaint by contacting us at hello@bleech.au. We will investigate and respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
For questions about this Privacy Policy or to exercise your privacy rights, contact us at hello@bleech.au.
BLEECH | ABN 68 280 756 725 | Gold Coast, Queensland, Australia