Privacy Policy

Last updated: April 20, 2026

1. Who We Are

BlindSpot.fit is a product of Growth Next, a business based in Singapore. We provide AI marketing intelligence for hospitality — measuring how AI engines recommend hotels, publishing research on the AI discovery landscape, and advising hotels on AI visibility.

For any privacy-related questions, contact us at: hello@blindspot.fit

2. What Data We Collect

Information you provide

  • Account data: Email address and password (when creating an account).
  • Business data: Business name, city/location, and business type submitted for scans.
  • Payment data: Billing name and payment method, processed by Paddle (our Merchant of Record). We never store credit card numbers directly.
  • Communications: Any emails or messages you send us.

Information collected automatically

  • Scan results: AI engine responses, visibility scores, and rankings generated by the Service.
  • Usage data: Scan counts, access code usage, timestamps, and feature interactions.
  • Technical data: IP address, browser type, device type, and referring URL, collected via standard web server logs.

3. How We Use Your Data

We use your data to:

  • Provide, maintain, and improve the Service.
  • Process AI visibility scans by sending business name and location to third-party AI engines.
  • Process payments and manage subscriptions.
  • Send transactional emails (account confirmations, scan results, billing receipts).
  • Send periodic product updates and insights (you can unsubscribe at any time).
  • Monitor usage to prevent abuse and enforce rate limits.
  • Generate aggregated, anonymized analytics and industry reports.

4. Third-Party Services

We share limited data with the following third-party services to operate BlindSpot.fit:

AI Engines

When a scan runs on your behalf, we send the business name and location to the AI engines we track: OpenAI (ChatGPT), Anthropic (Claude), Google (Gemini), Alibaba Cloud (Qwen), DeepSeek, ByteDance (Doubao), OpenRouter (Perplexity, Meta AI). Each provider processes this data under their own privacy policies. No personal information (email, payment details) is sent to AI engines.

Supabase

Provides authentication and database hosting. Stores account data, scan results, and property information. Data is hosted on Supabase-managed infrastructure with encryption at rest.

Paddle

Acts as our Merchant of Record and processes all payments, taxes, and subscription billing. Paddle stores your payment details securely under PCI-DSS compliance. We only receive a Paddle customer ID, subscription status, and billing events via webhooks.

Vercel

Hosts the application and provides edge infrastructure. Access logs are retained per Vercel's standard policies.

Resend

Sends transactional and marketing emails on our behalf. We share your email address with Resend for this purpose only.

5. Data Retention

  • Active accounts: Data is retained for the duration of your subscription plus 90 days after cancellation.
  • Research data: AI visibility scan data is retained for the duration of your subscription for trend analysis and historical comparison.
  • Email subscribers: Email addresses collected via signup are retained until you unsubscribe.
  • Usage logs: Rate-limiting and per-request usage data is held short-term for abuse prevention and expired shortly after.
  • Backups: Database backups may retain data for up to 30 days after deletion from the primary database.

You may request earlier deletion of your data at any time (see Section 7).

6. Cookies and Tracking

BlindSpot.fit uses the following cookies and local storage:

  • Authentication cookies: Session tokens set by Supabase Auth to keep you logged in. These are essential and cannot be disabled.
  • No third-party tracking: We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers.
  • No cookie banner required: We only use essential cookies necessary for the Service to function.

7. Your Rights

Regardless of where you are located, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data and account.
  • Portability: Request your data in a structured, machine-readable format (CSV export).
  • Withdrawal of consent: Withdraw consent for marketing communications at any time via unsubscribe links or by contacting us.

To exercise any of these rights, email us at hello@blindspot.fit. We will respond within 30 days.

8. PDPA Compliance (Singapore)

BlindSpot.fit complies with the Personal Data Protection Act 2012 (PDPA) of Singapore. In accordance with the PDPA:

  • We collect personal data only for purposes that a reasonable person would consider appropriate in the circumstances.
  • We obtain consent before collecting, using, or disclosing personal data, except where permitted by law.
  • We protect personal data with reasonable security arrangements.
  • We allow individuals to access and correct their personal data upon request.
  • We retain personal data only for as long as it is needed for business or legal purposes.

Our Data Protection Officer can be contacted at hello@blindspot.fit.

9. GDPR Provisions (EU Users)

If you are located in the European Economic Area (EEA), the following additional provisions apply under the General Data Protection Regulation (GDPR):

Legal basis for processing

  • Contract: Processing necessary to provide the Service you have subscribed to.
  • Legitimate interest: Usage analytics, fraud prevention, and service improvement.
  • Consent: Marketing emails and non-essential communications.

International data transfers

Your data may be transferred to and processed in countries outside the EEA, including Singapore, the United States (where our infrastructure providers operate), and other jurisdictions. We ensure appropriate safeguards are in place, including reliance on standard contractual clauses where applicable.

Additional EU rights

  • Right to object: You may object to processing based on legitimate interest.
  • Right to restrict processing: You may request restriction of processing in certain circumstances.
  • Right to lodge a complaint: You may lodge a complaint with your local data protection authority.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest.
  • Row-level security (RLS) in our database to ensure users can only access their own data.
  • Rate limiting and access code controls to prevent abuse.
  • Regular review of third-party service security practices.

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Children

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the website at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

For any questions or concerns about this Privacy Policy or our data practices, contact us at:

Growth Next

BlindSpot.fit

Email: hello@blindspot.fit

Terms of ServiceHome