Privacy Policy
Last updated: 24 April 2026
The short version: we collect the information you give us when you sign up for Pharos, the brand names and prompts you add to track, the data we generate by querying AI platforms on your behalf, and basic usage data. We use this information to run Pharos, keep it secure, and show you your results. We don't sell your data. We don't use your content to train AI models. We delete your data when you ask. The long version follows.
Who we are
Pharos is operated by Leadlynk Limited, a company registered in England and Wales (company number 15137196) with its registered office at 128 City Road, London, EC1V 2NX, United Kingdom. You can reach us any time at privacy@heypharos.com.
For users in the EU/UK, Leadlynk Limited is the data controller for personal data we process about you. You can contact our data protection lead at privacy@heypharos.com.
What we collect
Information you give us directly:
- Account data: name, email address, password (stored hashed), and any profile details you add.
- Brand data: the brand names, domains, prompts, competitors, and topics you choose to monitor.
- Billing data: handled by Stripe. We store your Stripe customer ID and subscription status, but we never see or store your full card number.
- Connected social / third-party accounts: if you choose to connect a social or third-party account (for example, to publish content or pull analytics), we store the OAuth access tokens you authorize, the permission scopes you grant, and any data those platforms return within those scopes. You can disconnect at any time from your account settings; when you do, we revoke and delete the token.
- Communications: anything you send us via email or support channels.
Information we collect automatically:
- Usage data: which pages you visit inside the app, which features you use, and basic technical data (browser, operating system, approximate location from IP).
- Session recordings: we record aggregated, anonymized user sessions inside the product via Microsoft Clarity to improve usability. These recordings mask sensitive form inputs by default.
- Cookies and similar technologies: see our Cookie Policy.
Information we generate on your behalf:
- AI visibility data: when you add a brand to monitor, Pharos sends prompts about your brand and category to AI platforms (ChatGPT, Claude, Gemini, Perplexity, Google AI Overviews), collects the responses, and analyzes them for mentions, sentiment, citations, and competitor positioning. These responses are stored in your account.
If you joined via an organization invitation
If you received an invitation to a Pharos workspace from an organization (for example, your employer), that organization is the controller of your workspace data for GDPR purposes, and Leadlynk Limited is the processor. This means questions about why your organization uses Pharos, what happens to workspace content, or requests to delete it should be directed to your organization first. We'll help the organization respond and will forward any request we receive directly to them where appropriate.
Why we process your data, and our legal basis (GDPR)
| Purpose | Legal basis |
|---|---|
| Creating and operating your account | Performance of a contract (our Terms) |
| Running your brand monitoring (prompts, analyses, scoring) | Performance of a contract |
| Taking payment | Performance of a contract + legal obligation (tax) |
| Keeping Pharos secure and detecting abuse | Legitimate interest |
| Product analytics to improve Pharos | Legitimate interest (or consent in the EU/UK — see Cookie Policy) |
| Sending product updates and transactional email | Performance of a contract |
| Sending optional marketing email | Consent (you can withdraw any time) — see "Service and marketing emails" below |
Service and marketing emails
We send two kinds of email, and we (acting reasonably) decide which category a given message falls into:
- Service emails are necessary to operate your account or deliver the service you've asked for — examples include sign-up confirmations, billing receipts and payment failure notices, security alerts, changes to these terms, product announcements that affect how the service works, and responses to support enquiries. We send these for as long as you have an account. You cannot opt out of service emails while remaining a user.
- Marketing and onboarding emails (including educational "drip" sequences that promote paid features, newsletters, feature announcements that are promotional in nature, and similar content) are sent only where you have opted in — for example, by providing your email during signup under a clear notice that you will receive such messages, or by subscribing from our website. Every marketing message contains a one-click unsubscribe link, and you can also manage preferences in your account settings. Unsubscribing from marketing does not affect service emails.
You are responsible for keeping the email address on your account current and monitored. We are not responsible for the consequences of any notice or message sent to the email address you have given us, including if that address becomes inactive, filtered, or no longer monitored by you.
How long we keep your data
- Account data: for as long as your account is active.
- Brand monitoring data (prompts, analyses, scores): for as long as your account is active.
- Cached LLM responses (
llm_query_cache): rotated on our schedule; typically kept up to 90 days for performance, then purged or re-queried. - Billing and tax records: 7 years, as required by law.
- Support email: 3 years after last contact.
- Server logs: 30 days.
- Deleted accounts: we purge personal data within 30 days of deletion, excluding data we're legally required to retain (e.g., invoices).
Who we share data with (our sub-processors)
We use carefully selected third parties to run Pharos. They process your data on our behalf under contract. The full, up-to-date list lives at /subprocessors, and currently includes:
Core infrastructure:
- Supabase — database, authentication, file storage (European Union) — privacy policy
- Stripe — payments — privacy policy
- Resend — transactional and onboarding email — privacy policy
- Vercel — web hosting — privacy policy
Analytics:
- PostHog — product analytics — privacy policy
- Microsoft Clarity — session recording and heatmaps — privacy policy
AI platforms we query on your behalf:
- OpenAI (ChatGPT) — privacy policy
- Anthropic (Claude) — privacy policy
- Google (Gemini + AI Overviews) — privacy policy
- Perplexity — privacy policy
We do not share your data with anyone outside this list for their own commercial purposes. We never sell your data.
International transfers
If you are in the EU, UK, or Switzerland, your data may be transferred to the United States or other countries where our sub-processors operate. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and where applicable, the UK International Data Transfer Addendum.
EU representative
Leadlynk Limited is established in the United Kingdom. We are currently evaluating the need for a designated EU representative under GDPR Article 27. Until that evaluation concludes, EU-based data subjects can reach us directly at privacy@heypharos.com and we commit to responding within the timelines set by GDPR.
Your rights
Depending on where you live, you have the right to:
- Access the personal data we hold about you.
- Correct data that's wrong.
- Delete your data ("right to erasure").
- Port your data to another service (we provide exports in CSV or JSON).
- Object to processing, or restrict it.
- Withdraw consent at any time, for anything we do based on consent.
- Complain to your data protection authority. In the UK, that's the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, it's the supervisory authority of the country where you live, work, or believe the issue occurred.
California residents (CCPA/CPRA): you also have the right to know what categories of personal information we collect, the right to delete that information, the right to correct inaccurate information, and the right to opt out of "sale" or "sharing" of personal information. We do not sell or share your personal information. We do not collect, use, or disclose "sensitive personal information" as defined by the CPRA, and we do not use personal information for purposes that would require a Notice of Right to Limit.
To exercise any right, email privacy@heypharos.com. We respond within 30 days.
Automated processing and profiling
Pharos uses automated systems and large language models to analyze AI platform responses, extract brand mentions, score sentiment, rank competitors, and surface citation patterns. These outputs are informational — they are intended to help you understand how AI platforms describe your brand and category, and do not produce legal effects or similarly significant effects on any data subject. We do not use this analysis to make automated decisions about individuals within the meaning of GDPR Article 22. If you disagree with an analysis and want human review, email privacy@heypharos.com.
Children
Pharos is not intended for anyone under 16. We don't knowingly collect data from children. If you think we have, email privacy@heypharos.com and we will delete it promptly.
Security
We keep your data encrypted at rest and in transit. We use Row Level Security on all customer-scoped database tables. Access to production data is limited to employees who need it, logged, and reviewed. We'll notify affected users and regulators without undue delay if we ever suffer a breach involving personal data.
AI-specific disclosures
Because Pharos is an AI-visibility tool, we want to be explicit:
- We send your brand names, prompts, and competitor queries to third-party AI APIs (OpenAI, Anthropic, Google, Perplexity) in order to produce your results. These providers have their own privacy policies and data-handling terms.
- We do not use your account data, prompts, or results to train any AI models, ours or anyone else's.
- Where available, we use AI providers' zero-retention / no-training options for API traffic.
- The AI responses we collect are stored in your account and visible only to you and your team.
EU AI Act. In our assessment, Pharos's automated analyses — sentiment scoring, ranking extraction, citation detection, and competitor framing — are limited-risk applications of AI under the EU AI Act. Pharos is not used, and must not be used by customers, for any "high-risk" purpose listed in Annex III of the Act (including employment, creditworthiness, access to essential public or private services, law enforcement, migration/asylum, or administration of justice). If Pharos's classification under the Act changes, we will update this policy.
Changes to this policy
If we make material changes, we'll email you and update the "Last updated" date at the top of this page. Routine wording tweaks won't trigger an email.
Contact
Email privacy@heypharos.com for anything privacy-related. Postal mail to Leadlynk Limited, 128 City Road, London, EC1V 2NX, United Kingdom.
Adapted from Basecamp's open-source policies (CC BY 4.0).