What exactly does the scan check?

Conjure audits your site across 21 dimensions: SEO, technical SEO, performance, security, AEO, GEO, VSO, tech stack, AI-readiness, content quality, accessibility, design and UX, conversion, local SEO, social and brand, analytics, email lifecycle, e-commerce, business intel, backlinks, and keywords. You get a single prioritized AI action plan ranked by business impact.

What are GEO and VSO, and why do they matter?

GEO measures whether generative AI tools can find and cite your business when answering relevant questions. VSO measures how well voice assistants can read and recommend your content aloud. Both matter because more customers now discover businesses through AI answers, summaries, and spoken search results.

How is this different from a traditional SEO tool?

Traditional SEO tools focus mainly on rankings, backlinks, and technical issues. Conjure checks those signals plus AI search readiness, voice search, content quality, accessibility, security, structured data, social presence, competitor context, and business intelligence — then turns the findings into a plain-English roadmap.

Do I need to be technical?

Not at all. Conjure is built for the SMB owner, not the engineer. Every finding is written in plain English with the exact next step spelled out, sorted so you know what to fix first. No jargon, no setup, no agency required.

Can I cancel anytime?

Yes. Every paid plan starts with a 7-day free trial, and you can cancel anytime from your dashboard — no calls, no emails, no retention games. The first scan is always free with no credit card required.

Your data stays yours. We only analyze the public-facing pages you point us to, we never sell your information, and your reports are private to your account unless you choose to share them. Everything runs over encrypted connections from scan to delivery.

Privacy Policy

Last updated: June 2026

Conjure Marketing ("Conjure Marketing," "we," "us," or "our") operates the websites at conjuremarketing.com and conjuremarketing.ai and the associated software-as-a-service product (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it.

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are (Data Controller)

For the purposes of GDPR, CCPA/CPRA, CASL, and similar laws, the data controller is Conjure Marketing. If you are in the European Economic Area (EEA), United Kingdom, or Switzerland and need to reach our EU representative or Data Protection Officer, please contact us at hello@conjuremarketing.com and we will route accordingly.

2. Summary (Plain English)

What we collect	Why	Who we share it with
Email, name, password hash	Create your account, log you in, send transactional email	Auth provider (Supabase), email provider
Website URLs you submit	Run the analysis you requested	PageSpeed Insights, Brave Search, Anthropic Claude, business enrichment vendors
Scan results & generated reports	Show them to you, improve the product	Stored in our database; not sold
Payment info (card last 4, billing address)	Process subscriptions	Stripe (we never see your full card number)
Cookies & device data	Keep you logged in, measure product usage	Internal analytics; limited third-party tools listed below

You can request a copy or deletion of your data at any time by emailing hello@conjuremarketing.com.

3. Information We Collect

3.1 Information You Provide Directly

Account information: name, email address, password (stored as a salted hash), company name, role, and time zone.
Submitted URLs and scan inputs: any website URL, domain, business name, or related parameter you submit for analysis.
Billing information: billing address and tax identifiers. Full payment card numbers are collected and stored by Stripe, Inc. — we receive only a tokenized reference, card brand, last four digits, and expiration.
Support communications: any messages, attachments, screenshots, or feedback you send to us.

3.2 Information We Generate

Analysis output: results across our analysis dimensions (SEO, AEO/answer-engine visibility, technical stack, AI-readiness, ADA/accessibility, competitor positioning, business intelligence) and the personalized report produced by our AI workflow.
Usage metadata: scan timestamps, scan counts, plan tier, feature usage, and aggregated quality signals.

3.3 Information Collected Automatically

Device and connection data: IP address, browser type and version, operating system, device type, referrer, and pages viewed.
Cookies and similar technologies: see Section 9 (Cookies and Tracking).
Logs: request logs, error traces, and performance metrics kept for security, debugging, and abuse prevention.

3.4 Information About Third Parties (Business Intelligence)

The business-intelligence dimension of our analysis may surface information about the operator of the URL you submitted — for example, business name, public contact information, technology footprint, organic traffic estimates, and publicly available company data. This information is gathered from public sources and licensed data providers (see Section 4).

If you are the operator of an analyzed site and do not want your business included in our enrichment data, see Section 8.4 (Opt-Out for Business Intel).

4. Data Sources and Sub-Processors We Rely On

To produce a scan, we send the URL you submitted (and, in some cases, derived metadata) to the following services. Each is bound by a written data processing agreement or equivalent contract.

Sub-processor	Purpose	Data shared
Supabase, Inc.	Authentication, database, file storage	Account data, scan inputs, scan results
Stripe, Inc.	Payment processing, subscription billing	Name, email, billing address, payment method (collected directly by Stripe)
Anthropic, PBC (Claude API)	Generate personalized reports and analysis text	Submitted URL, scan results, prompt context
Google PageSpeed Insights API	Core Web Vitals, performance, technical SEO signals	Submitted URL
Brave Search API	Search-engine visibility signals	Submitted URL and query terms
Business enrichment providers	Company-level enrichment for business-intel dimension	Submitted URL or domain
Email delivery provider	Transactional email (receipts, password resets, report delivery)	Email address, message content
Hosting / CDN	Serve the application	IP address, request metadata
Product analytics	Usage analytics	Pseudonymous usage events
Error monitoring	Bug and performance monitoring	Error traces, partial request data

A current sub-processor list is maintained and updated when material changes occur.

5. How We Use Your Information

We use personal information only for the purposes below, each tied to a lawful basis under GDPR (Article 6):

Purpose	Lawful basis (GDPR)
Provide the Service you requested (run scans, generate reports, deliver them to you)	Contract (Art. 6(1)(b))
Process payments and manage subscriptions	Contract (Art. 6(1)(b))
Send transactional emails (receipts, password resets, scan-ready notifications)	Contract (Art. 6(1)(b))
Send marketing emails about new features or content	Consent (Art. 6(1)(a)); easy unsubscribe
Detect, prevent, and investigate fraud, abuse, and security incidents	Legitimate interests (Art. 6(1)(f))
Improve and develop the Service, including aggregated analytics	Legitimate interests (Art. 6(1)(f))
Comply with legal obligations (tax, accounting, lawful requests)	Legal obligation (Art. 6(1)(c))

We do not sell your personal information for money. We do not use submitted URLs or your scan results to train third-party generative AI models, and our agreement with Anthropic provides that your inputs are not used to train Anthropic's foundation models.

6. Sharing and Disclosure

We share personal information only with:

Sub-processors listed in Section 4, acting on our instructions under written contract.
Professional advisors (lawyers, accountants, auditors) under confidentiality obligations.
Law enforcement or government authorities when required by valid legal process or to protect rights, safety, or property.
Acquirer or successor in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets; in such cases, we will notify you and the receiving party will be bound by terms no less protective than this Policy.

We do not sell or share your personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act ("CCPA"/"CPRA").

7. International Data Transfers

We are based in the United States and our sub-processors may operate globally. When we transfer personal data out of the EEA, UK, or Switzerland, we rely on:

The EU Standard Contractual Clauses (SCCs) and the UK Addendum, or
Other lawful mechanisms (e.g., adequacy decisions, EU-US Data Privacy Framework where the recipient is certified).

You may request a copy of the transfer safeguards by emailing hello@conjuremarketing.com.

8. Your Rights and Choices

8.1 GDPR Rights (EEA, UK, Switzerland)

You have the right to:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase your data ("right to be forgotten").
Restrict or object to certain processing, including processing based on legitimate interests.
Portability — receive your data in a structured, machine-readable format.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with your local supervisory authority.

To exercise these rights, email hello@conjuremarketing.com. We will respond within 30 days (extendable by 60 days for complex requests).

8.2 CCPA/CPRA Rights (California Residents)

You have the right to:

Know what personal information we collect, use, disclose, and share.
Delete personal information we collected from you.
Correct inaccurate personal information.
Limit use of sensitive personal information (we currently do not use sensitive PI for purposes that trigger this right).
Opt-out of "sale" or "sharing" — we do not sell or share for cross-context behavioral advertising.
Non-discrimination for exercising your rights.

To submit a request, email hello@conjuremarketing.com. You may designate an authorized agent; we will verify identity before responding.

8.3 CASL (Canadian Anti-Spam Law)

We send commercial electronic messages only with express or implied consent, identify ourselves, and include an unsubscribe mechanism in every message that functions for at least 60 days. To withdraw consent, click the unsubscribe link in any email or contact hello@conjuremarketing.com.

8.4 Opt-Out for Business Intel

If you are the operator of a website that has been analyzed in our business-intelligence dimension and you do not want your business represented in our enrichment data, email hello@conjuremarketing.com from a domain matching the site in question.

We will remove your business from new analyses within 30 days and from cached results within 60 days. We may retain a minimal suppression record to honor your opt-out going forward.

8.5 Marketing Preferences

Every marketing email contains an unsubscribe link. Unsubscribing from marketing does not affect transactional messages (receipts, password resets, scan-ready notifications) that we must send to operate the Service.

9. Cookies and Tracking

We use first-party and limited third-party cookies and similar technologies to:

Keep you signed in (strictly necessary).
Remember preferences (functional).
Measure aggregate product usage (analytics).
Detect fraud and abuse (security).

Category	Examples	Required?
Strictly necessary	Session, CSRF, auth	Yes — cannot be disabled
Functional	UI preferences, locale	No — opt-out via banner
Analytics	Page views, feature usage	No — opt-out via banner
Marketing	None at launch	n/a

EEA/UK visitors are shown a cookie consent banner on first visit and may withdraw or change consent any time. We honor Global Privacy Control ("GPC") signals as an opt-out of sale/share under CCPA.

We do not currently respond to "Do Not Track" browser signals because no industry standard has been finalized.

10. Data Retention

Data type	Retention
Account data	Life of account + 30 days after deletion
Scan inputs and results	Active subscription + 12 months, or until you delete them
Generated reports	Active subscription + 24 months, or until you delete them
Billing and tax records	7 years (legal/tax requirement)
Logs and security data	90 days (operational), up to 12 months (security incidents)
Marketing data	Until consent is withdrawn
Business-intel suppression list	Indefinite (to honor opt-outs)

When you delete your account, we delete or anonymize personal data on the schedule above. Some data may persist temporarily in backups for up to 90 days, after which it is purged.

11. Security

We use reasonable and appropriate technical and organizational measures to protect personal information, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256).
Row-level security (RLS) policies on our database.
Principle-of-least-privilege access controls and audit logging.
Regular dependency, vulnerability, and configuration reviews.

No system is perfectly secure. If we learn of a personal data breach that meets the legal notification threshold, we will notify affected users and regulators within the required timeframe (e.g., 72 hours under GDPR Article 33).

12. Children's Privacy

The Service is intended for businesses and adults. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact hello@conjuremarketing.com and we will delete it.

13. Automated Decision-Making

We use AI (including large language models) to generate analyses and reports. These outputs are advisory and do not produce legal or similarly significant effects on you within the meaning of GDPR Article 22. You can always contact us to discuss, correct, or contest a generated report.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and via an in-product notice at least 14 days before they take effect. The "Last updated" date at the top reflects the latest revision.

15. Contact Us

For privacy questions, GDPR/CCPA requests, business-intel opt-outs, security issues, or general support, email us at hello@conjuremarketing.com and we will route your request to the right team.

*This document is provided as a drafting starting point and must be reviewed by qualified counsel before launch. Jurisdiction-specific addenda (e.g., Quebec Law 25, Brazil LGPD, additional U.S. state privacy laws) may be required depending on your customer base.*