Privacy Policy

This Privacy Policy explains how Cruelx collects, uses, stores, shares, and protects information when you use the Cruelx website, application, dashboard, reports, checkout flows, emails, and related services.

Cruelx is operated by Elad Digital Ltd. For all privacy, legal, support, and data requests, contact: contact@cruelx.com.

This Policy applies to information processed in connection with Cruelx, including free previews, paid reports, subscriptions, account features, report history, PDF exports, white-label features, support requests, checkout activity, and website usage.

This Policy does not apply to third-party websites, services, payment pages, or platforms that Cruelx does not own or control. Third-party providers may have their own privacy notices and terms.

2.1 Information provided directly by users

Cruelx may collect information you provide directly, including:

• email address;
• name, if provided;
• password, magic-link, authentication, or account access information;
• billing details and checkout-related information;
• website URL submitted for analysis;
• questionnaire answers;
• company, project, brand, or business information;
• uploaded assets, files, screenshots, logos, or materials, if such features are available;
• messages, support requests, feedback, and communications sent to Cruelx;
• preferences, report settings, cruelty-level selections, and product configuration choices.

2.2 Information collected from analyzed websites

When a user submits a website for analysis, Cruelx may collect, crawl, process, or generate data from that website, including:

• homepage and public page text;
• screenshots and visual layout signals;
• metadata, page titles, descriptions, headings, links, SEO tags, and structured data where available;
• public website content, navigation, calls to action, and visible interface elements;
• technical and performance signals;
• crawl results, accessibility signals, and rendering information;
• public assets and page-level information needed to generate a useful report.

Cruelx is currently intended to analyze public websites. Users are responsible for ensuring they have the right, authority, or permission to submit any website or URL for analysis.

2.3 Technical and usage information

Cruelx may collect technical and usage information, including:

• IP address;
• device, operating system, browser type, language, and approximate location derived from technical data;
• log data, request data, timestamps, and security events;
• dashboard activity and product usage events;
• report generation status, report access, downloads, errors, and system performance events;
• cookie, consent, and preference records.

2.4 Payment information

Payments may be processed by Lemon Squeezy as Merchant of Record or by other payment providers such as Stripe. Cruelx does not store full payment card numbers. Cruelx may receive and store purchase-related information such as order ID, customer email, product or plan purchased, payment status, refund status, invoice status, subscription status, tax status, and related transaction metadata.

Cruelx does not sell personal data. Cruelx does not collect special categories of personal data on purpose, and users should not submit sensitive personal information, private customer data, passwords, payment card numbers, health information, government ID numbers, or confidential business secrets into the service.

Cruelx collects and processes information reasonably necessary to operate the app, generate reports, process payments, secure the service, support users, comply with legal obligations, and improve the product.

Cruelx may use information to:

• provide, operate, maintain, and secure the service;
• create accounts, authenticate users, and manage access;
• generate free previews, website scores, top burns, limited recommendations, full reports, PDF exports, and report history;
• process payments, subscriptions, refunds, invoices, taxes, and checkout status;
• send service emails, login links, verification emails, billing notices, product updates, and support messages;
• detect, prevent, and investigate spam, fraud, abuse, bots, unauthorized use, and security incidents;
• debug errors, monitor uptime, improve reliability, and maintain technical operations;
• improve report quality, user experience, product features, scoring systems, and internal workflows;
• comply with applicable legal, tax, accounting, regulatory, dispute-resolution, and enforcement obligations.

Where the GDPR, UK GDPR, or similar laws apply, Cruelx relies on the following legal bases:

• Contract: to provide the service, generate reports, manage accounts, deliver paid products, and process purchases.
• Legitimate interests: to secure the service, prevent abuse, improve functionality, monitor performance, communicate with users, and protect legal rights.
• Consent: for optional cookies, optional analytics, optional marketing tracking, and certain communications where consent is required.
• Legal obligation: to comply with tax, accounting, consumer protection, security, payment, and regulatory requirements.

Cruelx uses AI models, along with Cruelx proprietary systems and algorithms, to analyze submitted websites and generate reports. To provide the service, Cruelx may send relevant website content, screenshots, questionnaire answers, report context, user settings, and technical analysis data to AI providers such as OpenAI and Anthropic.

AI outputs may be inaccurate, incomplete, outdated, subjective, or unsuitable for a particular purpose. Users are responsible for reviewing outputs before relying on them.

Cruelx may use different AI models for different product tiers. Free previews may use older, smaller, cheaper, or otherwise different models than paid reports. Paid reports may use deeper analysis flows or different model combinations, subject to availability, cost, reliability, and product design.

Cruelx uses essential cookies and similar technologies required for login, authentication, security, checkout, consent management, and core service functionality.

Cruelx may also use analytics cookies, marketing cookies, pixels, and similar tracking technologies to understand how users interact with the service, measure product performance, improve the website, measure advertising campaigns, and deliver or evaluate marketing activity.

Where required by law, analytics and marketing cookies, pixels, and similar technologies are used according to your cookie preferences and consent choices. You can manage cookie preferences through the cookie banner or cookie settings available on the website.

Cruelx may use third-party service providers to operate the service. These may include providers for hosting, deployment, database, authentication, storage, payment processing, email delivery, AI processing, background jobs, crawling, screenshots, domain services, DNS, security, code hosting, asset delivery, logging, and product operations.

Providers may include Vercel, Supabase, Lemon Squeezy, Resend, OpenAI, Anthropic, Inngest, Playwright or related crawling infrastructure, GitHub, Cloudflare, Sentry, and GoDaddy, where relevant to the service.

These providers receive information only as reasonably necessary for their functions. Some providers may act as independent controllers for parts of their services, especially payment, tax, fraud, compliance, and checkout operations.

Payment processing, tax calculation, checkout, invoices, subscriptions, chargebacks, and refunds may be handled by Lemon Squeezy and its payment partners. When you purchase through Cruelx, you may provide payment and billing information directly to the payment provider. Cruelx receives only the information needed to confirm payment status, provide the purchased product, support the customer, and keep legally required records.

Cruelx keeps information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.

Retention periods may vary depending on the type of information, the product used, legal requirements, and operational needs. As a general framework:

• free previews and free report data may be deleted, shortened, or limited after a reasonable period, such as 30 to 90 days;
• paid reports may be retained while the user account remains active or as needed to provide report history, downloads, support, and proof of delivery;
• account data may be retained while the account exists and for a limited period after deletion to prevent fraud, resolve disputes, and comply with legal obligations;
• security logs, technical logs, and abuse-prevention records may be retained for a limited period necessary for security and reliability;
• billing, tax, invoice, refund, chargeback, and accounting records may be retained for the period required by applicable law;
• backup copies may persist for a limited period before being overwritten or deleted according to backup cycles.

When a user requests account deletion, Cruelx will aim to process the request within 14 days, subject to identity verification, active disputes, legal obligations, backup cycles, fraud prevention, security needs, and information that must be retained by payment providers or other third parties.

Cruelx is available globally. Information may be processed in countries other than the country where you live. Where required, Cruelx relies on appropriate legal safeguards for international transfers, such as contractual commitments, standard contractual clauses, adequacy decisions, data processing terms, or other lawful transfer mechanisms.

Cruelx uses reasonable technical and organizational measures intended to protect information against unauthorized access, loss, misuse, alteration, and disclosure. No online service, AI system, hosting provider, email provider, database, payment processor, or transmission method is completely secure.

Users are responsible for keeping their email accounts, devices, passwords, and access links secure.

Depending on your location and applicable law, you may have rights to:

• access personal data;
• correct inaccurate personal data;
• delete personal data;
• restrict or object to certain processing;
• withdraw consent where processing is based on consent;
• request data portability;
• object to direct marketing;
• lodge a complaint with a data protection authority.

To exercise rights, contact contact@cruelx.com. Cruelx may need to verify your identity before responding.

Cruelx may send service-related emails, including login links, verification emails, checkout notices, billing information, refund notices, report notifications, security notices, support replies, and important product updates. These messages are transactional and may be necessary to provide the service.

Marketing emails, if sent, will be sent where permitted by law and may include an unsubscribe option.

Cruelx is not directed to children. Users must not use Cruelx in a manner that violates applicable age, consent, consumer protection, privacy, or child-protection laws. Cruelx does not knowingly seek to collect personal data from children.

Users must not submit websites, URLs, files, or content that are illegal, pornographic, exploitative, hateful, violent, abusive, misleading, malware-related, phishing-related, rights-infringing, or otherwise prohibited by the Terms of Use. Cruelx may refuse, block, limit, delete, or not process such submissions.

Cruelx uses automated systems, AI models, proprietary scoring logic, and internal algorithms to generate website scores, CruelxScore outputs, findings, and recommendations. These outputs are informational and are not used to make legal, credit, employment, insurance, medical, or similarly significant decisions about individuals.

Cruelx may update this Privacy Policy from time to time. The updated version will be posted on the website with a new “Last updated” date. Continued use of Cruelx after an update means the updated Policy applies to your use of the service.

For privacy, data, or legal requests, contact: contact@cruelx.com.