Privacy Policy

Last updated: 28 May 2026

This privacy policy explains how DATA HIT Ltd ("DATA HIT", "we", "us", "our") handles your information when you use the tools hosted at tools.datahit.co. The tools fall into two categories with different data-handling models — both are covered in this single policy. Read alongside the DATA HIT main privacy policy, which covers general website usage.

DATA HIT Ltd is a company registered in England and Wales, with its registered address at 2 Infirmary Street, Leeds, LS1 2JP. For any privacy-related enquiries, please contact us at hello@datahit.co.

1. The tools at a glance

We currently offer the following tools at tools.datahit.co:

Seasonal Spiral & Timing Grid (free tier) — connect to your own Google Analytics 4 (GA4) and Google Search Console (GSC) accounts via OAuth 2.0 to generate browser-side visualisations. No data leaves your browser other than calls direct to Google's APIs.
SERP Seasonality Map (free tier) — submit a keyword and country; we fetch 12 months of public Google search-results history and search-volume data via a third-party SEO data provider, then generate a short text insight via a large-language-model provider. Server-side processing is involved; details in section 3 below.
AI Mention Monitor (free preview; Pro tier to scan your own keywords) — submit a keyword and pick an AI engine (ChatGPT or Google AI Overview); we ask a third-party SEO data provider for the brands, fan-out queries, and cited sources that engine surfaced in response to prompts about your keyword, then visualise them as a three-arc spiral. Free users see a fixed sample scan; Pro users scan their own keywords subject to a monthly quota. Server-side processing is involved; details in section 4 below.
Seasonal Spiral (Data Studio) — a community visualisation that runs entirely inside Data Studio's sandboxed iframe. No data reaches DATA HIT servers.
DATA HIT Tools Pro (paid tier) — optional account-based add-on that layers persistent features on top of the four free tools: tracked keywords with weekly SERP snapshots, watched AI Mention Monitor scans with weekly diffs, saved view configurations, cross-tool annotations, AI overviews on the charts, and a Monday-morning email digest. Requires an email address and a Stripe-managed subscription. Server-side state is involved; details in section 5 below.

2. OAuth-based tools (Seasonal Spiral, Timing Grid)

When you connect your Google account to one of the OAuth-based tools, we request the following read-only scopes:

analytics.readonly — used to list your GA4 properties (via the Admin API) and retrieve daily aggregate report data (sessions, transactions, revenue, event counts via the Data API).
webmasters.readonly — used to list your Search Console sites and retrieve daily aggregate search performance data (clicks, impressions via the Search Analytics query endpoint).

Both scopes are read-only. We do not request any permissions to modify, delete, or write data to your Google accounts.

Spiral and Timing Grid each offer two ways to connect. The default is browser-only and stores nothing on our servers. The optional persistent connection stores a refresh token on our servers so the connection survives across visits and so Pro features that run on a schedule (e.g. the Monday digest) can fetch on your behalf.

Default: in-browser connection.

No server-side storage. Your Google data is never transmitted to, processed by, or stored on any DATA HIT server.
No database. We do not maintain any database of user data, analytics data, or access tokens for this path.
Browser memory only. All data retrieved from Google's APIs exists only in your browser's memory for the duration of your session. It is discarded when you close the page, refresh the browser, or disconnect.
No refresh tokens. The in-browser flow (OAuth 2.0 implicit flow / Google Identity Services token client) does not issue or store refresh tokens. Access tokens are short-lived (~60 minutes) and held in browser memory only.

Optional: persistent server-side connection. When you click "Stay connected next time" beside the Connect Google button, or any time a Pro feature needs to query Google on your behalf when you are not actively at the page (e.g. the Monday digest cron), the tool initiates the OAuth 2.0 authorisation-code flow with offline access instead. This issues a refresh token that we encrypt and store server-side so we can mint short-lived access tokens for future requests. Specifics:

What is stored. The refresh token (encrypted at rest), the Google account email, the selected GA4 property or Search Console site, and timestamps. One row per user per provider in D1 (ga4_connections, gsc_connections).
What is not stored. Access tokens (only ever held in memory for the duration of one API request) and your analytics data (re-fetched on demand, never persisted to a DATA HIT database).
Scopes. analytics.readonly for GA4, webmasters.readonly for Search Console. Read-only. Same scopes as the in-browser path.
Revocation. Click "Disconnect" in the tool, or visit your Google Account permissions page. Either path soft-deletes the row immediately and we no longer receive access. The encrypted refresh token is purged from the database on hard delete at account closure.

We do not use your Google user data for any purpose other than providing the visualisation and the Pro features you have enabled. Your data is never used for advertising, marketing, profiling, AI model training, or any purpose unrelated to the tool's core functionality.

To revoke access at any time, click "Disconnect" in the tool or visit your Google Account permissions page.

3. SERP Seasonality Map (server-side data flow)

Unlike the OAuth tools above, the SERP Seasonality Map runs partly on our servers because it consumes public SERP data from a third-party SEO provider and generates an analyst-style insight via a third-party LLM provider. This section explains exactly what is sent where.

What you provide:

A search keyword (e.g. "wireless headphones") — entered by you on the scan form.
A country selection — currently United Kingdom or United States.

We do not ask for, collect, or store any personal information — no name, email, account, or contact details — to use this tool.

What we process server-side:

Your IP address — used by Cloudflare's edge to apply per-IP rate limits (10 scans per minute, 30 share-link creations per minute). The IP is not logged to our database or shared with third parties; it is consumed transiently by the rate-limit binding and then discarded.
Scan results cache (24 hours) — once a scan completes, the full result (the keyword, country, 12-month SERP top-10, search volumes, and AI-generated insight) is stored in Cloudflare Workers KV for 24 hours so that subsequent requests for the same keyword + country pair return instantly without re-querying our data providers. The cached payload does not include any data that identifies the user who triggered the original scan.
Share-link slugs (30 days) — when you click "Copy share link", we generate a random 8-character slug (e.g. ab3k7p2x) and store the mapping slug → keyword + country in Cloudflare Workers KV for 30 days. Anyone in possession of the slug URL can resolve it to view the cached scan. Slugs are not a security boundary; do not use them to share sensitive keywords.

Third parties that receive your scan data:

DataForSEO (privacy policy) — receives your keyword and country code to look up 12 months of public Google SERP history, Google search volume, and AI-search-engine search volume via DataForSEO's SERP and search-volume endpoints. DataForSEO is the data provider for the SERP results displayed in the spiral. (DataForSEO is also the provider for the AI Mention Monitor tool's separate LLM Mentions endpoint — see section 4.)
Anthropic (privacy policy) — receives your keyword, country code, and a summary of the SERP data returned by DataForSEO. Anthropic generates the 2-4 sentence "What this reveals" insight via the Claude model family. Per Anthropic's published policy, API requests are not used to train their models by default. (Anthropic is also the provider for the Pro "AI overview" feature on Spiral, Timing Grid, and AI Mention Monitor — see section 5.)
Cloudflare (privacy policy) — hosts the Worker, Workers KV cache, and edge rate-limiting that power this tool. Cloudflare acts as a processor on our behalf.

We never sell or share your keyword data with any party other than the processors listed above. We never combine your scan data with any other identifier.

Sensitive keywords: because your keyword is transmitted to DataForSEO and Anthropic to produce the scan, please avoid using the tool to look up personal information, medical conditions, or any other information you would not feel comfortable sharing with those third parties under their respective policies.

4. AI Mention Monitor (server-side data flow)

Like the SERP Seasonality Map, the AI Mention Monitor runs partly on our servers because it consumes data from a third-party SEO provider. Unlike SERP, the AI Mention Monitor scans an AI engine's response index rather than Google's organic search results, and is gated to Pro accounts for non-sample scans. This section explains exactly what is sent where.

What you provide (Pro accounts only):

A search keyword (e.g. "best CRM") — entered by you on the scan form.
An AI engine selection — ChatGPT or Google AI Overview.
A country selection (Google AI Overview only — ChatGPT scans are US-English at the data provider's restriction).
A search scope (optional) — Questions, Answers, or Both, controlling where within the AI engine's cached prompts the data provider looks for your keyword.

Free users see a fixed sample scan (a hard-coded "best CRM" result) and cannot trigger a real scan. No data is transmitted to any third party in the free-preview path.

What we process server-side (Pro scans only):

Your authenticated user id — used to enforce your monthly scan quota (50 scans per month on Solo, 250 on Agency) and to attribute the persisted scan row to your account.
Scan results cache (7 days) — once a scan completes, the full result (the keyword, country, platform, search scope, brand entities, fan-out queries, cited sources, AI search-volume enrichment, and DataForSEO cost telemetry) is stored in Cloudflare Workers KV for 7 days so that a second scan of the same tuple within the week is served from cache without re-querying DataForSEO. The cached payload does not include any data that identifies the user who triggered the original scan.
Persisted scan history (D1 ai_mention_scans) — every completed Pro scan is also persisted to D1 alongside your user id, with the full DataForSEO payload in a raw_json column so the tool can re-render historical scans without re-paying DataForSEO. Failed scans, and scans where DataForSEO returned zero items, are not persisted (they also do not decrement your monthly quota).

Third parties that receive AI Mention Monitor scan data:

DataForSEO (privacy policy) — receives your keyword, country code, AI engine, and search scope; queries DataForSEO's LLM Mentions endpoint, which returns brands, fan-out queries, and cited sources extracted from the AI engine's cached responses to prompts containing your keyword. Also queries the AI search-volume endpoint for the fan-out queries returned. DataForSEO does not receive your email or any other account identifier. (Note: DataForSEO does not query ChatGPT or Google's AI Overview live on your behalf — it serves data from its own cached index of prior third-party prompts.)
Cloudflare (privacy policy) — hosts the Worker, Workers KV cache, D1 database, cron triggers, and edge rate-limiting that power this tool. Cloudflare acts as a processor on our behalf.

We never sell or share AI Mention Monitor scan data with any party other than the processors listed above. The brand names, source URLs, and fan-out queries returned by DataForSEO and stored in our database are not your personal data — they are public third-party data about the AI engine's response patterns — but they are scoped to your account so only you can see your own scan history.

Pro: watched scans and weekly diff cron. When you click the ★ Watch button on a completed scan, we add the (keyword, country, platform) tuple to a "watch list" (D1 ai_monitor_watches, capped at 20 entries on Solo and 50 on Agency). Every Monday at 07:00 UTC, an automated cron re-runs each watched scan and computes a diff against the previous week's results (new and dropped brand mentions, new and dropped cited sources). The diff is persisted to D1 (ai_monitor_diffs) and surfaced on your /app/welcome dashboard. These cron-driven scans draw from a separate processing budget and do not decrement your manual monthly quota. The third-party data flow for each cron-driven scan is identical to a user-triggered scan (see "Third parties" above).

Pro: AI overview (optional). Click the "Generate AI overview" button on a completed scan and we send the scan's brand / fan-out / source tables to Anthropic to produce a 2-4 sentence plain-English summary. See section 5 for the shared AI overview data flow that covers Spiral, Timing Grid, AI Mention Monitor, and SERP Seasonality Map.

Sensitive keywords: because your keyword is transmitted to DataForSEO (and, if you click Generate AI overview, to Anthropic), please avoid using the tool to look up personal information, medical conditions, or any other information you would not feel comfortable sharing with those third parties under their respective policies.

5. DATA HIT Tools Pro accounts

The Pro tier adds account-based features on top of the three free tools. Using Pro requires an email address (for sign-in) and a payment method (for the subscription). Everything in this section applies only to users who have created a Pro account; the free tools remain anonymous and unchanged.

What we collect when you create a Pro account:

Email address — used as your account identifier and the destination for sign-in links and weekly digest emails. Stored in our Cloudflare D1 database (the users table). Never sold, never used for marketing without explicit opt-in.
Stripe customer + subscription identifiers — opaque IDs returned by Stripe after checkout, stored alongside your email so we can match your account to your billing record on subsequent Stripe webhook events.
Plan tier and status — pro_solo or pro_agency with one of trialing / active / past_due / canceled, kept in sync via Stripe webhooks.

We do not collect your name, address, or any other contact information for the Pro tier. Stripe handles all payment details directly — we never see your card number or full billing address.

Authentication (magic links):

Sign-in is passwordless via a single-use email link. When you request a sign-in, we generate a random 256-bit token, hash it with SHA-256, and store only the hash in our database (table magic_link_tokens). The plaintext token is sent to your inbox via Resend (see "Third parties" below) and is valid for 15 minutes and one use only.
After you click the link, we issue a session by setting an HMAC-signed cookie named dh-session (HttpOnly, Secure, SameSite=Lax, 30-day sliding TTL). The session row lives in D1 (table sessions); the cookie carries only the session id, not your email or plan tier.

What we store as you use Pro features:

Tracked keywords (D1 keywords) — the keyword + country pairs you opt to track on the SERP tool, scoped to your user id. Up to 20 active rows on Solo and 200 on Agency. Archived rows are soft-deleted, not erased, so historical snapshots stay attributable.
AI Mention Monitor scans (D1 ai_mention_scans) — every Pro AI Mention Monitor scan you run is persisted with the keyword, country, AI engine, search scope, brand entities, fan-out queries, cited sources, and DataForSEO cost telemetry. See section 4 for the full data flow. Counts toward your monthly scan quota (50 Solo / 250 Agency, resets 1st of month UTC).
Watched AI scans (D1 ai_monitor_watches) — (keyword, country, AI engine) tuples you have pinned via the ★ Watch button. Up to 20 on Solo, 50 on Agency. The Monday 07:00 UTC cron iterates this list to re-scan and diff (see "What we do with this data" below). Soft-deleted on unpin.
Weekly AI mention diffs (D1 ai_monitor_diffs) — one row per (watched scan, week) recording the new brand mentions, dropped brand mentions, new cited sources, and dropped cited sources versus the previous week's scan. Surfaced on your /app/welcome dashboard. Hard-deleted with the parent watch on unpin or account closure.
Weekly SERP snapshots (D1 snapshots) — every Monday at 06:00 UTC a cron job submits your tracked keywords to DataForSEO via their asynchronous postback API. The top-10 result list returned by DataForSEO is stored against the keyword id along with the capture timestamp. Snapshots are retained for the lifetime of the keyword and are deleted when the parent keyword is hard-deleted at account closure.
Saved view configurations (D1 saved_dashboards) — when you click "Save current view" on a Pro preview, we persist the control settings (metrics, filters, date range, colour scale, etc.) as a JSON blob scoped to your user id and the tool. Up to 5 per tool on Solo, 50 per tool on Agency. Soft-deleted on archive.
Annotations (D1 annotations) — short notes you log against a calendar date (or date range) that surface across all three tools. Label and optional body text are stored verbatim against your user id. Unlimited on both Solo and Agency. Soft-deleted on archive.
Weekly digest history (D1 weekly_digest_sends) — one row per user per week recording whether the Monday-morning digest was sent, skipped, or failed, plus the Resend message id of the email. Used for idempotency (so a cron retry can't double-send) and for the "Most recent digest" line on your dashboard.
Anomaly alerts (D1 anomalies) — when the Monday cron detects an analytics value that deviates significantly from its year-over-year baseline on the Seasonal Spiral, we record the date, metric, GA4 property id, and summary statistics (the actual value, expected value, sample standard deviation, and z-score). We do not store your raw analytics data; detection re-fetches from Google on every cron run. Rows are scoped to your user id and soft-deleted when you dismiss them. The scope of GA4 access used for detection is analytics.readonly — same as the persistent connection described in section 2.
Billing event log (D1 billing_events) — every Stripe webhook we receive is recorded by provider event id for dedupe + audit. The payload is the raw Stripe event; we don't enrich it with anything we don't already have on your record.
Search Console connection (D1 gsc_connections) — if you opt to enable the persistent Search Console connection on Spiral / Grid, or the "Search Console rank overlay" feature on the SERP tool, we store the OAuth refresh token issued by Google when you authorise our app. The refresh token lets us query Google's Search Console API on your behalf (e.g. for the Monday digest cron). We do not store the access token (it lives in memory for the duration of one API request). The scope granted is webmasters.readonly only.
GA4 connection (D1 ga4_connections) — same shape as the Search Console connection above, but for GA4. Stored when you opt into the persistent connection on Spiral / Grid via "Stay connected next time". The scope granted is analytics.readonly only. Revocation works the same way: click "Disconnect" in the tool or visit your Google account permissions page; revocation soft-deletes the row and we no longer receive access.

What we do with this data:

Render your Pro dashboard at /app/welcome with your tracked keywords, watched AI scans, weekly AI mention diffs, saved views, recent annotations, and most recent digest status.
Submit your tracked keywords to DataForSEO weekly (Monday 06:00 UTC cron) so the SERP map and weekly digest stay up to date.
Re-scan your watched AI Mention Monitor tuples weekly (Monday 07:00 UTC cron) and compute the brand / source diff versus the previous week. These cron-driven scans draw from a separate budget and do not decrement your manual monthly quota.
Send you the weekly digest email each Monday morning at 08:00 UTC (skipped automatically if you have no rank changes and no recent annotations — quiet weeks don't generate inbox noise).
Enforce your plan-tier caps on inserts (tracked keywords, watched scans, saved views, AI scans per month) and authorise gated routes.
Generate on-demand AI overviews of the visible chart on Spiral, Timing Grid, AI Mention Monitor, and SERP Seasonality Map when you click the "Generate AI overview" button (see the next paragraph for the data flow).

AI overview (on-demand Pro feature). Every Pro-tier chart page (Spiral, Timing Grid, AI Mention Monitor, SERP Seasonality Map) offers a "Generate AI overview" button that produces a 2-4 sentence plain-English summary of the visible chart. The data we send to Anthropic differs per tool:

Seasonal Spiral: the dataset label (e.g. "GA4 · 382578512"), the chosen metric (e.g. "sessions"), any active filter selections, and the array of (date, value) data points currently rendered. Capped at 730 points (~2 years of daily data).
Timing Grid: the dataset label, metric, filter selections, and the 7×24 array of (day, hour, aggregate value) cells.
AI Mention Monitor: the keyword, country, AI engine, and the top brand / fan-out / source rows the scan returned (capped at 20 each).
SERP Seasonality Map: the keyword, country, and 12-month top-10 SERP table (covered in section 3).

In each case the request goes to Anthropic via the Claude API; the response is sanitised (only <strong> tags allowed) and rendered inline. Generated overviews are cached in Cloudflare Workers KV for 24 hours, keyed by a hash of the full input payload, so re-clicking Generate on identical chart state returns the cached output without a fresh API call. We never send your email, user id, or any other account identifier to Anthropic. Per Anthropic's published policy, API requests are not used to train their models by default.

We do not use your Pro account data for advertising, profiling, AI model training, or any purpose unrelated to operating the tools.

Third parties that receive Pro account data:

Stripe (privacy policy) — receives your email and payment details directly via the Stripe Checkout and billing portal flows. Stripe is the payment processor and is acting as a processor on our behalf for the subscription record.
Resend (privacy policy) — receives your email address and the rendered content of any magic-link or weekly digest email we send. Acts as a processor on our behalf.
DataForSEO (privacy policy) — receives the keywords + countries you have opted to track on the SERP tool, once per week (Monday 06:00 UTC), to look up the latest SERP top 10. Also receives the keywords + countries + AI engine of your watched AI Mention Monitor scans, once per week (Monday 07:00 UTC), to re-scan the LLM Mentions endpoint. DataForSEO does not receive your email or any other account identifier.
Anthropic (privacy policy) — receives the visible chart data each time you click "Generate AI overview" on any of the four tools (see the "AI overview" paragraph above for per-tool specifics). Anthropic does not receive your email, user id, or any other account identifier. Per Anthropic's published policy, API requests are not used to train their models by default.
Cloudflare (privacy policy) — hosts the Worker, D1 database, KV store, cron triggers, and edge rate-limiting. Cloudflare acts as a processor on our behalf.

We never sell or share Pro account data with any party other than the processors listed above. We never combine your Pro data with any other identifier.

Closing your Pro account: to permanently delete your Pro account and all associated data (tracked keywords, SERP snapshots, AI Mention Monitor scans, watched AI scans, weekly AI mention diffs, saved views, annotations, anomaly alerts, sessions, digest history, billing event log entries scoped to your record), email hello@datahit.co from the address registered on the account. We will cancel any active subscription via Stripe and hard-delete your D1 rows. You can also self-serve cancel the subscription at any time from your dashboard via the Stripe billing portal — that ends future billing but leaves your account data in place until you also email us to request deletion.

6. Analytics

We use Plausible Analytics, a privacy-focused analytics service, to collect anonymous usage statistics about our tools pages. Plausible does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR. No Google user data, scan data, keyword data, or Pro account data is shared with Plausible. The only data collected relates to page views and lightweight custom events (e.g. that a scan was triggered, that a Pro annotation was created — never the keyword text or annotation content itself).

7. Cookies and local storage

The free tools at tools.datahit.co set no tracking cookies. We use the following browser localStorage items, all of which are purely UI preferences with no identifying value and no third-party visibility:

dh-theme — your light/dark theme preference.
dh-spiral-annotation-hint-dismissed — set to 1 after you dismiss the one-time "right-click any cell to annotate" hint on the Seasonal Spiral tool (Pro feature). Suppresses the hint on subsequent visits.

Pro accounts use one HTTP cookie — dh-session, HMAC-signed, HttpOnly, Secure, SameSite=Lax, 30-day sliding expiry. The cookie carries only the session id; identity is resolved server-side. The cookie is not set unless you sign in. Signing out (from the dashboard or via the sidebar) deletes both the cookie and the server-side session row.

For information about cookies used on the main DATA HIT website, see our main privacy policy.

8. Data retention summary

Free tools:

OAuth Google user data — never persisted; browser-memory only; discarded on disconnect, tab close, or token expiry.
SERP scan results — cached in Workers KV for 24 hours, then automatically deleted.
Share-link slugs — stored in Workers KV for 30 days from creation, then automatically deleted.
IP addresses — consumed transiently for rate limiting; never persisted.
Browser preferences (theme, dismissed UI hints) — stored in your browser's localStorage until you clear it. See section 7 for the full list.

Pro accounts:

Magic-link tokens — D1; SHA-256 hashed; 15-minute TTL; single-use. The hash is retained briefly past expiry for audit but never the plaintext.
Sessions — D1; 30-day sliding expiry from last activity. Deleted immediately on sign-out.
Tracked keywords — D1; retained until you archive them. Archived rows are soft-deleted (kept for snapshot attribution); hard-deleted on account closure.
Weekly SERP snapshots — D1; retained for the lifetime of the parent keyword. Hard-deleted with the keyword on account closure.
AI Mention Monitor scans — D1; retained for the lifetime of the account; the cached payload in Workers KV expires after 7 days. Hard-deleted on account closure.
Watched AI scans + weekly diffs — D1; retained until you unpin the watch (which cascades the diffs) or close the account.
AI overview text — cached in Workers KV for 24 hours from generation, then automatically deleted. The generated text is not retained in any other store.
Saved view configurations — D1; retained until you delete them (soft-archive); hard-deleted on account closure.
Annotations — D1; retained until you delete them (soft-archive); hard-deleted on account closure.
Weekly digest history — D1; retained for as long as the account exists for audit and dedupe.
Billing event log — D1; retained for as long as the account exists for audit and reconciliation. After closure, your billing record at Stripe is retained per Stripe's own policy (typically 7 years for tax/regulatory reasons); we delete our local mirror.

To request earlier deletion of a specific cached scan, share slug, or entire Pro account, email hello@datahit.co.

9. Data protection

All communication between your browser, our Workers, and any third party we transmit data to is encrypted using HTTPS/TLS. Our Worker runs on Cloudflare's edge with strict secret-management for the API credentials used to call DataForSEO, Anthropic, Stripe, Resend, and (for OAuth tools) Google. The OAuth client IDs for our connected tools are restricted to authorised JavaScript origins, preventing use from unauthorised domains. Session cookies are signed with a server-side HMAC key so a tampered cookie cannot impersonate a Pro user; Stripe webhooks are verified with Stripe's HMAC-SHA256 signature scheme before any database write.

10. Your rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict the processing of your data
Withdraw consent at any time

Free tools: because we do not collect personal information (name, email, account) to use any of our free-tier tools, and because all cached SERP data is short-lived and not tied to your identity, most of these rights are effectively fulfilled by design. To revoke OAuth access, use the tool's disconnect button or your Google Account permissions page. To purge a cached SERP scan or share slug, email hello@datahit.co.

Pro accounts: you can review the bulk of what we hold about you directly from the dashboard at /app/welcome (tracked keywords, saved views, annotations, recent digest activity). To request a full export of your account data, to correct anything inaccurate, or to delete the account entirely, email hello@datahit.co from the address registered on the account.

If you have any concerns about how your data is handled, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

11. Changes to this policy

We may update this privacy policy from time to time. Any changes will be reflected by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our tools after changes are posted constitutes your acceptance of the updated policy.

12. Contact

If you have any questions about this privacy policy or how your data is handled, please contact us:

Email: hello@datahit.co
Address: DATA HIT Ltd, 2 Infirmary Street, Leeds, LS1 2JP