Privacy Policy
Last updated: May 18, 2026
1. Introduction
Khan Consulting ("we", "us", "our") operates KhanFlow, an AI-powered SEO audit platform available at khanlogeanalytics.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.
2. Information We Collect
Account Information
When you create an account, we collect your email address and, if you authenticate via Google or GitHub, your public profile information (name, avatar URL) as provided by the OAuth provider.
Usage Data
We collect information about how you use the Service, including pages visited, features used, audit frequency, and timestamps. This data is collected via PostHog for product analytics and session recording.
Website Data
When you add a site and run audits, we crawl the specified URLs and store audit results including page content analysis, meta tags, performance metrics, and SEO findings. We only access publicly available content.
Payment Information
Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. We retain your Stripe customer ID and subscription status.
3. Google API Data — What We Access and Why
KhanFlow optionally integrates with Google Search Console and Google Analytics to enrich your SEO audit reports. This integration requires your explicit authorisation via Google OAuth. We only request the minimum permissions necessary.
Google Search Console (webmasters.readonly)
With your permission, we access your Google Search Console data to display:
- Organic search impressions, clicks, and average position for your verified sites
- URL indexation status (which pages Google has indexed)
- Crawl errors and coverage issues reported by Google
This data is used solely to populate your KhanFlow audit dashboard. We do not use it for advertising, profiling, or any purpose unrelated to providing you with SEO insights.
Google Analytics (analytics.readonly)
With your permission, we access Google Analytics to display organic traffic trends alongside your audit results. We read session and user data for your connected properties. We do not modify your Analytics configuration or share this data with third parties.
How Google API Data Is Handled
- Access tokens are stored encrypted and used only to fetch data on your behalf.
- We do not sell, transfer, or share Google API data with third parties for advertising or any other purposes.
- Google API data is not used to train AI or machine learning models.
- You can revoke our access at any time from your Google Account permissions page or from the KhanFlow Integrations dashboard.
- Our use of Google API data complies with the Google API Services User Data Policy, including the Limited Use requirements.
4. How We Use Your Information
- To provide and maintain the Service
- To process payments and manage subscriptions
- To send audit completion notifications and regression alerts
- To generate reports you request
- To improve the Service based on usage patterns
- To communicate important service updates
- To detect and prevent abuse or fraud
5. Data Storage and Security
Your data is stored using the following infrastructure:
- Database: Cloudflare D1 (SQLite at the edge)
- File Storage: Cloudflare R2 (for generated reports)
- Authentication: Supabase Auth (encrypted credentials)
- Payments: Stripe (PCI-DSS compliant)
All data is transmitted over HTTPS. Access tokens are stored as HTTP-only secure cookies. We implement industry-standard security practices to protect your data.
6. Data Sharing
We do not sell your personal information. We share data only with:
- Stripe: For payment processing
- Supabase: For authentication services
- Cloudflare: For hosting and content delivery
- PostHog: For product analytics (anonymized where possible)
- Resend: For transactional email delivery
- Sentry: For error monitoring (no personal data sent intentionally)
We may disclose information if required by law, legal process, or to protect the rights and safety of our users.
7. Data Retention
We retain your account data for as long as your account is active. Audit results are retained for 12 months after generation. Generated reports stored in R2 are retained indefinitely unless you delete them. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Request deletion of your personal data
- Export your data in a portable format
- Object to processing of your personal data
- Withdraw consent at any time
To exercise these rights, contact us at privacy@khanconsulting.ch.
9. Cookies
We use essential cookies for authentication (session tokens). We use PostHog for analytics which may set functional cookies. We do not use third-party advertising cookies.
10. International Transfers
Your data may be processed in data centers operated by Cloudflare globally. By using the Service, you consent to the transfer of your data to facilities outside your country of residence, subject to appropriate safeguards.
11. Children's Privacy
The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the data promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent in-app notice. The "Last updated" date at the top indicates the most recent revision.
13. Contact
For privacy-related inquiries or to exercise your data rights, contact:
Khan Consulting
Email: privacy@khanconsulting.ch