Privacy Policy

1. Overview

PageSpeed Exporter ("we," "us," or "our") operates speedexporter.com. This Privacy Policy explains what information we collect when you use our service, how we use it, and your rights regarding that information.

We are committed to protecting your privacy. We collect only the minimum data necessary to provide the service and never sell your personal data to third parties.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and, if you use OAuth (GitHub, Google), basic profile information from that provider. Authentication is handled by Clerk, a third-party authentication service.

2.2 Usage Data

For authenticated users, we store the number of reports you have run per month to enforce your plan's report limit. We also store subscription information (plan tier, billing period) in our database.

2.3 Report Data

For Starter and Pro plan users, we store your performance report results in our database to enable cloud-synced history accessible across devices. Free-tier users' reports are stored only in their browser's localStorage and are not sent to our servers.

2.4 Anonymous Usage

Anonymous visitors who use the preview feature (without signing in) are tracked via an HMAC-signed HTTP-only cookie stored in their browser. This cookie contains a count of preview reports used and the timestamp of the first report — no personal information. The cookie is never stored on our servers.

2.5 Analytics

We use Fathom Analytics, a privacy-first analytics tool that does not use cookies, does not track individuals across sites, and is GDPR-compliant. Fathom does not require a cookie consent banner.

3. URLs You Submit

When you analyze a URL, that URL is sent to the Google PageSpeed Insights API to run a Lighthouse audit. This is the same API that powers pagespeed.web.dev. The URL you analyze is subject to Google's Privacy Policy.

We do not store the URLs you analyze unless you are a signed-in Starter or Pro user who has cloud history enabled — in which case, the URL is stored as part of your report record.

4. Cookies

We use cookies for the following purposes:

• Authentication: Clerk sets session cookies to keep you signed in.
• Anonymous preview tracking: An HTTP-only HMAC-signed cookie (pse_preview) tracks anonymous report usage. It contains no personal information.

We do not use advertising cookies or cross-site tracking cookies.

5. Third-Party Services

• Clerk (authentication) — Privacy Policy
• Supabase (database) — Privacy Policy
• Stripe (payments) — Privacy Policy
• Google PageSpeed Insights API (performance auditing) — Privacy Policy
• Fathom Analytics (privacy-first analytics) — Privacy Policy
• Vercel (hosting) — Privacy Policy

6. Data Retention

Account data is retained while your account is active. If you delete your account, we will delete your personal data within 30 days. Report history stored in the cloud is deleted when your account is deleted.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data (GDPR right to erasure)
• Export your data

To exercise these rights, contact us at the address below or via the contact page.

8. Security

We use HTTPS for all connections. Sensitive data (API keys, database credentials) is stored as environment variables and never exposed to client-side code. Our API endpoints enforce SSRF protections to prevent abuse.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page when we do. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us via the contact page.