Privacy Policy

SeeFirst ("we", "us") is a competitor intelligence platform operated from Ireland and subject to the EU General Data Protection Regulation (GDPR). This policy explains what data we collect, why we collect it, how long we keep it, and the rights you have over it.

For data held in your own SeeFirst account (your name, email and billing details), SeeFirst is the data controller. Where a marketing agency uses SeeFirst to provide services to its own clients and uploads those clients’ contact details to the platform, the agency is the data controller and SeeFirst acts as a data processor on the agency’s instructions.

Account data: your name, email address, password (stored as a salted hash by our authentication provider), agency or business name, and billing details processed by Stripe. We never see or store full card numbers.

Client contact data (agencies): business names, contact email addresses and locations of the clients an agency adds to the platform, used to provide the client portal and deliver briefings.

Monitoring data: publicly available information about businesses selected for monitoring, including Google business profiles, star ratings, review counts and review text, and website addresses. This data relates to businesses and is collected exclusively from public sources. We do not access private accounts or non-public data.

Usage data: standard technical logs (IP address, browser type, pages visited) used for security, debugging and service improvement.

To operate the service: authenticating you, displaying dashboards, monitoring the competitors you select, generating AI intelligence briefings and weakness reports, and sending alerts and briefing emails to the addresses you provide.

To bill you: subscription management and invoicing via Stripe.

To communicate: transactional emails about your account, invitations you trigger, and service notices. We do not sell personal data and we do not use your data for third-party advertising.

We process account and billing data because it is necessary to perform our contract with you. We process monitoring data and usage logs under our legitimate interest in providing competitor intelligence from public sources and keeping the service secure. Where we act as a processor for an agency, we process client contact data on the agency’s documented instructions.

We use a small number of infrastructure providers to run the service: Supabase (database and authentication), Vercel (hosting), Stripe (payments), SendGrid (email delivery), Anthropic (AI briefing generation) and Google (public business data via the Places API). Each provider processes data only as needed to provide its service to us.

Account data is kept for as long as your account is active. When you cancel, we retain account and billing records for up to 6 years where required for tax and accounting law, then delete them.

Monitoring data, briefings and alerts are retained while the related client or competitor remains on the platform, and are deleted when the client record is deleted. Usage logs are retained for up to 12 months.

Under GDPR you have the right to access the personal data we hold about you, to have inaccurate data corrected, to have your data deleted, to receive a copy of your data in a portable format, to restrict or object to certain processing, and to withdraw consent where processing is based on consent.

To exercise any of these rights, email privacy@seefirst.io. We respond within 30 days. If an agency added you to the platform, we may refer your request to that agency as the data controller. You also have the right to lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority.

Data is encrypted in transit (TLS) and at rest. Access to production data is restricted by row-level security policies and role-based access controls. Payment card data is handled entirely by Stripe and never touches our servers.

We host data within the EU where our providers support it. Where a sub-processor processes data outside the EEA, transfers are protected by the European Commission’s Standard Contractual Clauses or an adequacy decision.

We may update this policy from time to time; material changes will be notified by email or an in-app notice. Questions and data requests: privacy@seefirst.io. SeeFirst, Dublin, Ireland.