Unblur

Privacy Policy - Unblur

Last updated: November 14, 2025

This Privacy Policy explains how Unblur or its successor entity (collectively, "Unblur", "we", "us") handles information when you visit our site and use our products and services.

Scope

This Policy applies to the Unblur marketing site, web app, and any public test links you create. If you are in the EEA, UK or Switzerland, this Policy is intended to meet GDPR and UK GDPR transparency duties. GDPR applies to non-EU companies that target people in the EEA, which we do.

Information we collect

  • Account data - name, email, password hash if you sign up with email, or identifiers from OAuth providers.
  • Service inputs - URLs you submit, prompts, questions, expected answers, configurations, and notes.
  • Test responses - answers submitted by people via the public links you share.
  • Page data we fetch for you - screenshots, HTML and DOM content from the URLs you submit so we can run audits and comprehension scoring.
  • Usage data - device, browser, IP address, timestamps, referrer, pages viewed, and product interaction logs.
  • Payments - status, plan, and limited billing metadata from our payment provider Polar. We do not receive or store full card numbers.
  • Cookies and similar tech - for authentication, preferences, security, and analytics (GA4 and PostHog). In the EEA and UK we only set non-essential cookies with your consent.

Purposes and legal bases (GDPR)

We process personal data for:

  • Provide and operate Unblur - contract performance when you sign up or start a trial, and legitimate interests to run core features for visitors and testers.
  • Improve Unblur - legitimate interests to debug, secure, and develop features.
  • Communications - contract performance for service messages and legitimate interests for product updates. You can opt out of non-essential emails.
  • Analytics and A/B tests - consent in the EEA and UK via a consent banner before setting non-essential cookies.
  • Safety and compliance - legal obligations and legitimate interests to prevent abuse and meet requests from authorities.

AI processing

We send the minimum necessary inputs to AI providers to generate analysis and scores. We use OpenAI for model inference. Inputs and outputs may be temporarily processed and stored to deliver the service.

Sharing and subprocessors

We share personal data with vendors that help us run Unblur under data processing agreements:

  • Replit - hosting, deployments, operational logs - primary region per provider
  • Supabase - database, authentication, storage - United States
  • PostHog - product analytics and optional session replay - United States - session replay retention 30 days
  • Google Analytics 4 - website analytics - global Google infrastructure
  • Sign in with Google - if you choose Sign in with Google we request the scopes openid, email, and profile, which provide your basic profile info (name, email, profile image). We keep Google user data only while your Unblur account is active or until you disconnect or ask us to delete it. You can disconnect at https://myaccount.google.com/permissions or via in-app settings.
  • ScreenshotOne, API Flash, Screenshot Machine - automated webpage screenshots
  • Firecrawl - HTML extraction and crawling
  • OpenAI - AI inference for analysis and scoring
  • Polar - merchant of record for payments, billing, tax and invoicing

We will update this list as providers change or are added.

International data transfers

  • Primary storage and analytics are hosted in the United States for Supabase and PostHog. Other vendors may process data in their own regions.
  • For EEA and UK personal data we use appropriate safeguards for transfers, including the European Commission's 2021 Standard Contractual Clauses and, where applicable, the UK Addendum or UK IDTA.
  • For South African users, we rely on POPIA section 72 permitted grounds for cross-border transfers, such as contractual safeguards providing protection substantially similar to POPIA.

Data retention

  • Audits, tests, and results - retained until you delete them or your account.
  • Session replay - retained for 30 days.
  • Operational logs - retained by our hosting platform for a short operational window.
  • Backups - retained for a limited rolling window before automatic purge.

Your rights

If you are in the EEA or UK you have rights to access, correct, delete, restrict, object, and port your data, and to withdraw consent at any time without affecting prior processing. You also have the right to lodge a complaint with your local supervisory authority.

South African users have rights under POPIA. Contact support@unblur.build to exercise rights.

Changes

If we change this Policy, we will update the date at the top and, for material changes, provide additional notice.

Contact

Unblur

support@unblur.build