← Home

Privacy Policy

Last updated: May 18, 2026

1. Introduction

Khan Consulting ("we", "us", "our") operates KhanFlow, an AI-powered SEO audit platform available at khanlogeanalytics.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your email address and, if you authenticate via Google or GitHub, your public profile information (name, avatar URL) as provided by the OAuth provider.

Usage Data

We collect information about how you use the Service, including pages visited, features used, audit frequency, and timestamps. This data is collected via PostHog for product analytics and session recording.

Website Data

When you add a site and run audits, we crawl the specified URLs and store audit results including page content analysis, meta tags, performance metrics, and SEO findings. We only access publicly available content.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. We retain your Stripe customer ID and subscription status.

3. Google API Data — What We Access and Why

KhanFlow optionally integrates with Google Search Console and Google Analytics to enrich your SEO audit reports. This integration requires your explicit authorisation via Google OAuth. We only request the minimum permissions necessary.

Google Search Console (webmasters.readonly)

With your permission, we access your Google Search Console data to display:

  • Organic search impressions, clicks, and average position for your verified sites
  • URL indexation status (which pages Google has indexed)
  • Crawl errors and coverage issues reported by Google

This data is used solely to populate your KhanFlow audit dashboard. We do not use it for advertising, profiling, or any purpose unrelated to providing you with SEO insights.

Google Analytics (analytics.readonly)

With your permission, we access Google Analytics to display organic traffic trends alongside your audit results. We read session and user data for your connected properties. We do not modify your Analytics configuration or share this data with third parties.

How Google API Data Is Handled

  • Access tokens are stored encrypted and used only to fetch data on your behalf.
  • We do not sell, transfer, or share Google API data with third parties for advertising or any other purposes.
  • Google API data is not used to train AI or machine learning models.
  • You can revoke our access at any time from your Google Account permissions page or from the KhanFlow Integrations dashboard.
  • Our use of Google API data complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. How We Use Your Information

  • To provide and maintain the Service
  • To process payments and manage subscriptions
  • To send audit completion notifications and regression alerts
  • To generate reports you request
  • To improve the Service based on usage patterns
  • To communicate important service updates
  • To detect and prevent abuse or fraud

5. Data Storage and Security

Your data is stored using the following infrastructure:

  • Database: Cloudflare D1 (SQLite at the edge)
  • File Storage: Cloudflare R2 (for generated reports)
  • Authentication: Supabase Auth (encrypted credentials)
  • Payments: Stripe (PCI-DSS compliant)

All data is transmitted over HTTPS. Access tokens are stored as HTTP-only secure cookies. We implement industry-standard security practices to protect your data.

6. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe: For payment processing
  • Supabase: For authentication services
  • Cloudflare: For hosting and content delivery
  • PostHog: For product analytics (anonymized where possible)
  • Resend: For transactional email delivery
  • Sentry: For error monitoring (no personal data sent intentionally)

We may disclose information if required by law, legal process, or to protect the rights and safety of our users.

7. Data Retention

We retain your account data for as long as your account is active. Audit results are retained for 12 months after generation. Generated reports stored in R2 are retained indefinitely unless you delete them. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Export your data in a portable format
  • Object to processing of your personal data
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@khanconsulting.ch.

9. Cookies

We use essential cookies for authentication (session tokens). We use PostHog for analytics which may set functional cookies. We do not use third-party advertising cookies.

10. International Transfers

Your data may be processed in data centers operated by Cloudflare globally. By using the Service, you consent to the transfer of your data to facilities outside your country of residence, subject to appropriate safeguards.

11. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent in-app notice. The "Last updated" date at the top indicates the most recent revision.

13. Contact

For privacy-related inquiries or to exercise your data rights, contact:

Khan Consulting
Email: privacy@khanconsulting.ch