Last updated: April 21, 2026 · Effective: April 21, 2026
SaaSRival (“we,” “our,” or “us”) operates the SaaSRival platform, a competitive intelligence service for the SaaS industry. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding your personal information.
By accessing or using SaaSRival you agree to the practices described here. If you do not agree, please discontinue use and contact us at privacy@saasrival.com to request deletion of any data we hold about you.
When you create an account, we collect:
We collect anonymous and pseudonymous usage data to improve the product:
Analytics are collected via PostHog (self-hosted or PostHog Cloud). We do not use Google Analytics. Session recordings are disabled by default.
All payment processing is handled by Stripe. We never store credit card numbers, CVVs, or full billing addresses on our own servers. We receive from Stripe:
If you contact us by email, we retain the content of that communication and your contact details to resolve your issue. We do not use third-party helpdesk software at this stage.
SaaSRival aggregates publicly available information about SaaS companies — not about our users. This section explains where that data comes from.
| Source | Data Type | Collection Method |
|---|---|---|
| Meta Ads Library | Ad creatives, spend estimates, impressions, demographics | Official Meta Ads Library API (v21.0) and official embed iframes — no scraping of Facebook.com itself |
| Public SaaS websites | Pricing pages, technology stack signals, job postings | Automated crawling of publicly accessible pages only; robots.txt is respected |
| Clearbit Logo API | Company logos | API lookup by domain name |
| GitHub public API | Open-source activity signals | GitHub REST API (rate-limited, no authentication bypass) |
| Groq / LLM providers | Revenue estimates, category classification | Internal inference only; brand data sent to LLM API for enrichment |
This database pertains to businesses, not individuals. No personal data of private individuals is intentionally collected in the intelligence database. If you are a private individual and believe your personal data appears in our platform, contact privacy@saasrival.com for removal.
| Purpose | Legal Basis (GDPR) | Data Used |
|---|---|---|
| Provide the service | Contract performance | Account info, subscription status |
| Process billing | Contract performance | Email, Stripe payment tokens |
| Send transactional emails | Contract performance | Email address (invoices, password reset, plan changes) |
| Improve the product | Legitimate interest | Anonymous usage analytics, feature adoption metrics |
| Prevent fraud and abuse | Legitimate interest | IP address, usage patterns, account info |
| Marketing emails | Consent (opt-in only) | Email address — only if you explicitly opt in |
| Legal compliance | Legal obligation | Any data required by law (e.g., tax records) |
We do not use your data for automated decision-making that produces legal or similarly significant effects on you.
We use a minimal set of cookies. We do not use advertising cookies or cross-site tracking cookies.
| Cookie | Type | Purpose | Retention |
|---|---|---|---|
| __session | Strictly necessary | Supabase authentication session token | Session / 7 days (remember me) |
| ph_* | Analytics | PostHog anonymous usage analytics | 1 year |
| sr_prefs | Functional | Your UI preferences (sidebar state, theme) | 1 year |
We do not use cookie consent banners for strictly necessary cookies. For analytics cookies (ph_*), we rely on our legitimate interest in improving the product. EU/EEA users who wish to opt out of analytics cookies may do so by emailing privacy@saasrival.com or by blocking cookies in their browser settings.
The following third parties process personal data on our behalf. Each is a Data Processor under GDPR where applicable.
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database & backend infrastructure | Account data, usage records | US (AWS us-east-1) |
| Supabase Auth | Authentication and user management | Email, name, OAuth tokens | US (SOC 2 Type II certified) |
| Stripe | Payment processing | Email, billing info | US / Ireland (PCI DSS Level 1) |
| PostHog | Product analytics | Anonymous usage events | US / EU (configurable) |
| Google Cloud Storage | Ad creative media storage | No personal data — brand media only | US |
For transfers to the United States, we rely on Standard Contractual Clauses (SCCs) or service providers that participate in an equivalent adequacy framework. Supabase and Stripe each maintain DPA (Data Processing Agreement) programs — contact us if you require a signed DPA.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 30 days after deletion request | Service provision; reasonable deletion window |
| Payment / billing records | 7 years from invoice date | Legal obligation (tax / accounting law) |
| Usage analytics (identified) | 12 months, then anonymised | Product improvement |
| Usage analytics (anonymous) | Indefinite (no personal data) | Aggregate product metrics |
| Support communications | 2 years from last interaction | Service quality and dispute resolution |
| Backup copies | Up to 90 days beyond deletion date | Backup rotation cycle; purged in next cycle |
If you are located in the EU, EEA, or UK, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:
To exercise any of these rights, email privacy@saasrival.com with the subject line “GDPR Request” and your registered email address. We will respond within 30 days. If you are dissatisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national DPA in the EU).
We do not currently have a formal EU establishment or EU representative. We will appoint one if our EU user base grows to a scale that requires it under GDPR Art. 27.
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA gives you the following rights:
To submit a CCPA request, email privacy@saasrival.com with the subject line “CCPA Request”. We will verify your identity before processing the request. We will respond within 45 days, with a possible extension of 45 additional days where required.
Categories of personal information collected: Identifiers (name, email, IP address), commercial information (subscription history), and internet or other network activity (usage analytics). We do not sell any of these categories.
We implement industry-standard technical and organisational measures to protect your personal data:
No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you as required by applicable law (within 72 hours for GDPR, without undue delay for CCPA).
SaaSRival is a B2B platform intended for business professionals. We do not knowingly collect personal data from individuals under the age of 16. If you become aware that a child under 16 has provided us with personal data, please contact us immediately at privacy@saasrival.com.
We may update this Privacy Policy from time to time. We will notify you of material changes by:
Your continued use of SaaSRival after the effective date of a revised policy constitutes your acceptance of the changes.
Data Controller: SaaSRival
Privacy Contact: privacy@saasrival.com
Response SLA: 30 days (GDPR) / 45 days (CCPA)
For legal notices: legal@saasrival.com
For general product support, please use the in-app chat or email support@saasrival.com.
© 2026 SaaSRival. All rights reserved. · Terms of Service · Privacy Policy