Privacy Policy

Last updated: April 26, 2026

1. Who we are

ProtectAffiliate (“we”, “our”, “us”) is an affiliate revenue protection service operated at protectaffiliate.com. We monitor affiliate links on behalf of content creators and alert them when those links stop earning commissions.

2. What data we collect

  • Account data: Email address and password (hashed by Supabase Auth). We never store plaintext passwords.
  • Affiliate links: URLs you add for monitoring, along with platform, affiliate parameter keys and values, and priority settings you configure.
  • Scan results: HTTP status codes, redirect chains, stock status, confidence scores, and screenshots captured when we detect an issue on your links.
  • Source data: YouTube channel URLs, Linktree URLs, blog URLs, or other source pages you connect.
  • Billing data: Subscription status and plan tier. Payment details are processed directly by Razorpay — we never store card numbers or bank details.
  • Notification settings: Your alert email address and severity threshold preferences.
  • Usage data: Scan counts, detection credit usage, and incident history.

3. How we use your data

  • To monitor your affiliate links and detect revenue leaks on your behalf.
  • To send you email alerts when an issue is detected (only if you have alerts enabled).
  • To send a weekly digest summarising your protection status (you can unsubscribe at any time).
  • To process billing and maintain your subscription via Razorpay.
  • To improve detection accuracy and platform coverage over time.

We do not sell your data. We do not use your link data for advertising. We do not share your data with third parties except as described in Section 4.

4. Third-party services

  • Supabase — database and authentication hosting (EU region).
  • Zyte — web scraping infrastructure used to fetch and verify affiliate link destinations. Zyte receives the URLs of links you monitor.
  • Razorpay — payment processing. Razorpay’s privacy policy governs payment data.
  • Resend — transactional email delivery (alert emails, digest emails).
  • Vercel — application hosting.

5. Data retention

Scan results are retained for 90 days. Incidents are retained until you resolve them or delete your account. If you delete your account, all your workspace data (links, sources, incidents, scan history) is permanently deleted via database CASCADE. Your Supabase Auth account is preserved in case you wish to re-register.

6. Your rights

You have the right to:

  • Access all data we hold about you — use the “Export my data” button in Settings → Danger Zone.
  • Delete your account and all associated data — use Settings → Danger Zone → Delete account.
  • Correct your alert email or notification preferences at any time in Settings.
  • Unsubscribe from weekly digest emails via the unsubscribe link in any digest email.

7. Cookies

We use session cookies set by Supabase Auth to keep you logged in. We do not use advertising cookies or third-party tracking pixels.

8. Security

All data is encrypted in transit (TLS). Passwords are hashed using bcrypt. The database is accessible only via service-role credentials and is not publicly exposed. Screenshots are stored in a private Supabase Storage bucket — not publicly accessible.

9. Changes to this policy

We may update this policy. If the change is material, we will email you at your alert email address at least 14 days before it takes effect.

10. Contact

Questions about this policy: hello@protectaffiliate.com