Privacy Policy
Ninjacorp Ltd · Last updated: March 2026 · Effective: March 2026
1. Who We Are
Ninjai Index ("the Service") is operated by Ninjacorp Ltd, a company registered in England and Wales. Our registered address and contact email for privacy matters is privacy@ninjai.co.
We are the data controller for personal data collected through this Service.
2. What Data We Collect
Data you provide directly
- URLs you submit for analysis — these may contain personal data if you submit a personal webpage.
- Gemini API keys — entered optionally; processed in memory only and never stored.
- Payment data — handled exclusively by Stripe or PayPal. We do not store card details.
- Email address — if you purchase a paid plan, collected by Stripe/PayPal and used to send transactional emails.
Data collected automatically
- IP address — used for rate limiting (10 analyses/month on the free plan). Not stored persistently.
- Usage data — standard server logs (request type, timestamp, response code) retained for up to 30 days for security and operational purposes.
We do not use cookies for tracking or advertising. We do not sell your data. We do not build user profiles.
3. Legal Basis for Processing (UK GDPR / EU GDPR)
- Legitimate interests (Art. 6(1)(f)) — rate limiting by IP to prevent abuse; server logging for security.
- Contract performance (Art. 6(1)(b)) — processing payment information to deliver paid plan access.
- Legal obligation (Art. 6(1)(c)) — retaining transaction records as required by UK tax law.
4. How We Use Your Data
- To provide the AI visibility analysis service
- To enforce fair-use rate limits
- To process payments and send transactional emails (order confirmations, access credentials)
- To maintain service security and prevent abuse
- To comply with legal obligations
5. Data Sharing and Third Parties
We share data only with the following processors, under appropriate data processing agreements:
- Stripe Inc. — payment processing. Stripe Privacy Policy
- PayPal Holdings Inc. — payment processing. PayPal Privacy Policy
- Google LLC (Gemini API) — AI content generation, only when you provide your own API key. Google Privacy Policy
- Render Inc. — cloud hosting provider. Data processed within the US under Standard Contractual Clauses.
We do not share your data with any other third parties, advertisers, or data brokers.
6. International Transfers
Some processors (Render, Stripe, Google) may process data outside the UK/EEA. Where this occurs, transfers are protected by Standard Contractual Clauses (SCCs) approved by the ICO and European Commission.
7. Data Retention
- IP-based rate limit data: rolling 24-hour window, not persisted to disk
- Server access logs: up to 30 days
- Transaction records: 7 years (UK legal requirement)
- API keys entered by users: never stored
8. Your Rights
Under UK GDPR and EU GDPR you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request erasure ("right to be forgotten") where legally permissible
- Object to processing based on legitimate interests
- Data portability
- Lodge a complaint with the ICO (UK) or your local supervisory authority (EU)
To exercise any right, contact us at privacy@ninjai.co. We will respond within 30 days.
9. Security
We use HTTPS for all data in transit. API keys you provide are processed in memory only and discarded immediately after use. Payment processing is entirely delegated to PCI-DSS compliant processors (Stripe, PayPal).
10. Children
The Service is not directed at children under 16. We do not knowingly collect data from minors. If you believe a minor has submitted data, contact us at privacy@ninjai.co.
11. Changes to This Policy
We may update this policy as the Service evolves. Material changes will be noted at the top of this page with a revised effective date. Continued use of the Service after changes constitutes acceptance.
12. Contact
For all privacy enquiries: privacy@ninjai.co
Ninjacorp Ltd, England and Wales