Privacy Policy

Last updated: July 15, 2026

1. Data controller

The data controller responsible for your personal data is:

As a small business processing personal data only for order fulfillment, we are not required to appoint a Data Protection Officer (DPO) under Article 37 GDPR. For all privacy-related inquiries, contact us directly at privacy@buyereyes.ai.

2. What data we collect

Data categorySpecific dataPurpose
Contact informationEmail addressOrder confirmation, Report delivery, communication about your order
Order informationURL submitted for analysis, selected service tier, order dateService delivery (generating the CRO Report)
Payment informationPayment status, transaction IDOrder validation. Full payment details (card number, billing address) are processed and stored exclusively by Stripe, Inc. We never see or store your card number.
Invoicing dataCompany name, tax ID (NIP), billing address (if provided for invoice)Invoice generation via Fakturownia
Technical dataIP address, browser type, device typeWebsite functionality, security, analytics
Support correspondenceContent of emails sent to hello@, support@, or refunds@ buyereyes.ai; order ID referenced in request; date of correspondenceHandling refund requests (Terms §3.1), goodwill consultations (Terms §3.3), customer support inquiries, and statutory complaints under consumer law

Website analysis data: When generating your Report, our system accesses and analyzes the publicly available content of the submitted URL. This includes visible text, images, page structure, and performance metrics. This is public information, not personal data. We do not access any backend systems, databases, or private areas of your website.

3. Lawful basis for processing

We process your personal data based on the following legal grounds under GDPR:

Processing activityLawful basisGDPR Article
Order processing and Report deliveryPerformance of a contractArt. 6(1)(b)
Invoice generationLegal obligation (tax law)Art. 6(1)(c)
Analytics cookiesLegitimate interestArt. 6(1)(f)
Security and fraud preventionLegitimate interestArt. 6(1)(f)
Handling refund requests, goodwill consultations, and support correspondencePerformance of a contract / legal obligationArt. 6(1)(b), Art. 6(1)(c)
Improving our service and training our own, self-hosted models from anonymised audit telemetryLegitimate interestArt. 6(1)(f)

The telemetry we use to improve our models covers how our own AI agents perform on audits - the agents' outputs, their error patterns, and audit context (which check ran, the verdict). It excludes the substantive content of your website, and any incidental contact identifiers (emails, phone numbers) are removed before storage. We do not use your data to train third-party AI models, and we do not sell it or share it with external AI model providers.

4. Data retention

We retain your data for the minimum period necessary:

5. Third-party processors

We share your personal data with the following third-party processors, solely for the purposes stated:

ProcessorPurposeData sharedLocation
Stripe, Inc.Payment processingPayment details, email, transaction amountsUSA (EU-US Data Privacy Framework certified)
Fakturownia (iFirma S.A.)Invoice generationCompany name, tax ID, billing address, transaction amountPoland (EU)
Email service providerTransactional email (order confirmation, Report delivery)Email address, order referenceEU
Meta Platforms Ireland Ltd / Meta Platforms, Inc.Measurement and optimization of advertising campaigns (Meta Pixel + Conversions API) - only with your marketing consent (Section 6)Event identifier, page URL, hashed email address (if provided), fbc/fbp identifiers, IP address, User-AgentIreland (EU) / USA (EU-US Data Privacy Framework + Standard Contractual Clauses)

All third-party processors are bound by data processing agreements (DPAs) in compliance with GDPR Article 28. For transfers to the USA (Stripe, Meta), we rely on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) as safeguards.

6. Cookies

BuyerEyes.ai uses three categories of cookies:

Cookie typePurposeDurationRequired
EssentialSession management, checkout functionalitySessionYes
AnalyticsAnonymous usage statistics (page views, bounce rate)Up to 26 monthsNo (can be disabled)
MarketingMeasurement and optimization of advertising campaigns on social media (Meta Pixel + Conversions API) - event identifier, hashed email (if provided), fbc/fbp, IP address, and User-Agent shared with Meta Platforms to match conversions to adsUp to 90 days (per Meta's rules for fbp)No - only with your explicit consent, off by default

We use social media cookies and tracking technologies (Meta Pixel) and the related Conversions API call only with your marketing consent, given via the cookie consent banner. They are off by default (revoke-by-default) - enabling them requires your active action: clicking "Accept all" or checking the "Marketing" category in the "Manage preferences" panel. You can withdraw consent at any time in the same panel - withdrawal takes effect immediately and does not affect access to the Service. Lawful basis: Art. 6(1)(a) GDPR (consent) and Article 173 of the Polish Telecommunications Law (implementing Article 5(3) of Directive 2002/58/EC on ePrivacy) for the underlying access to cookies on your device. You can also disable non-essential cookies in your browser settings without affecting the Service.

7. Your rights under GDPR

As a data subject, you have the following rights. Most are available as self-service - no waiting, no email back-and-forth.

For anything that's not self-service, email privacy@buyereyes.ai. Self-service requests are instant; manual requests are handled within 5 business days.

8. Data security

We implement appropriate technical and organizational measures to protect your data:

9. International data transfers

Your data is primarily processed within the European Economic Area (EEA). When data is transferred outside the EEA (specifically to Stripe and Meta Platforms in the USA), it is protected by:

This applies in particular to: Stripe, Inc. (payment processing) and Meta Platforms, Inc. (measurement and optimization of advertising campaigns via Meta Pixel and Conversions API, only with your marketing consent as described in Section 6). Both safeguards - the EU-US Data Privacy Framework adequacy decision and Standard Contractual Clauses (SCCs) - apply in parallel to transfers to both of these recipients, in line with Chapter V GDPR (Articles 44-49).

10. Children's privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal data, contact us at privacy@buyereyes.ai and we will promptly delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be published on this page with a revised "Last updated" date. We encourage you to review this page periodically.

12. Contact

For privacy-related questions, data access requests, or complaints: