Privacy Policy

Controller

Roast My Funnel OÜ operates Roast My Funnel. Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia.

Privacy contact: [email protected]. General inquiries: [email protected].

Data we collect

We may collect account details, contact information, submitted website URLs, audit configuration, selected buyer personas, report outputs, billing metadata, support messages, analytics events, device/browser data, approximate region or country signals, security logs, and consent records.

When you submit a public URL, we may process visible page content, screenshots, metadata, page copy, pricing information, forms, calls to action, and other visible page elements needed to create a funnel audit.

How we use data

We use data to provide audits, generate synthetic buyer persona feedback, process payments, maintain accounts, improve product quality, prevent abuse, secure the service, answer support requests, and comply with legal obligations.

We do not sell personal data. We do not use private customer audit data for public marketing unless you give permission or the data is anonymized and cannot reasonably identify you.

Legal bases

Where GDPR applies, our legal bases may include contract performance, legitimate interests, consent, and legal obligation. Legitimate interests include product security, fraud prevention, service improvement, and business analytics.

Analytics, tags, and consent

We may use Google Analytics, Google Tag Manager, Meta Pixel, consent mode signals, and similar tools to measure website usage and campaign performance. Where required, non-essential analytics or advertising storage starts denied until you make a choice. Closing a cookie banner is treated as essential-only consent.

We may use approximate country or region information from hosting or security providers to decide whether a consent banner should be shown. We do not use this signal to determine your precise location.

Processors and infrastructure

We may use vendors for hosting, CDN/security, payment processing, email delivery, analytics, browser automation, database/storage, customer support, and AI model processing. Current and planned vendors may include Vercel, Stripe, Google, ZeptoMail, Neon, Sentry, Cloudflare, and AI model providers. Production vendor names should be reviewed before final launch and reflected in the Data Processing Agreement.

Retention

We keep personal data only as long as needed for the purposes described above, unless a longer period is required for legal, tax, security, billing, dispute, or fraud-prevention reasons. Users may request deletion through the data request page.

Your rights

Depending on your location, you may request access, correction, deletion, restriction, portability, objection, or withdrawal of consent. You can make a request at Make a Data Request.

International transfers

If data is processed outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.

Security

We use technical and organizational measures designed to protect data, including access controls, security headers, encrypted transport, vendor review, monitoring, and abuse-prevention controls. No internet service can be guaranteed completely secure.

Contact

Privacy questions can be sent to [email protected].