Privacy

Last updated: 2026-05-07.

What we collect

• Your Google identity: email, display name, and profile photo URL — sent to us by Google when you sign in. We do not see your password.
• URLs you submit: the website addresses you ask us to crawl, plus the public content of those pages.
• Query log: the AI client (ChatGPT, Claude, etc.) sends us search/ask requests; we record query text, timestamp, and which batch was hit, to show you usage in your dashboard.
• Server logs: standard request logs (IP, user-agent, status code) kept by Cloudflare; we do not aggregate or analyze them.

What we don't collect

• Cookies for advertising or tracking. The only cookie we set is the session cookie that keeps you logged in.
• Third-party analytics (no Google Analytics, no Mixpanel, no Segment, no marketing pixels).
• Personally identifiable information from inside crawled pages — we extract markdown text and embeddings, not PII fields.

Who we share data with

• Google — receives your sign-in identity (because that's how Google OAuth works).
• Cloudflare — hosts our infrastructure (Workers, D1, KV, Vectorize).
• Google AI Studio (Gemini) — generates the embeddings and answer summaries; we send them the chunks of text plus your query.

We do not sell your data. We do not share it with advertisers.

Deletion

Click Delete account in Settings. Within 30 days we delete your tenant row, your batches, your sites, your API keys, your usage rows, and your audit log. Existing access tokens are revoked immediately.

Contact

Email hi@webtomcp.net with privacy questions.