Privacy Policy

The data controller is Maven Innovation Ltd (trading as Measure), [Registered office address], United Kingdom, company number [Company No. — fill in]. For any privacy question, or to exercise your rights, contact us at hello@measure.co.

We collect only what we need to provide and improve the service:

• Account data — your name, work email, password hash, workspace and role, and the brand, domain and competitors you ask us to track.
• Billing data — plan, subscription status and billing identifiers. Card details are handled entirely by Stripe; we never see or store full card numbers.
• Workspace content — the prompts, topics and settings you create, and the measurements we produce from them (AI-engine answers, citations, rankings and related metadata).
• Connected accounts (optional) — if you connect Google Search Console or Google Analytics, we store an encrypted, read-only OAuth token and the metrics needed to power your dashboards. You can disconnect at any time.
• Usage & device data — log data, IP address, browser/device information, and product analytics events that tell us how the service is used.

• To provide, secure and operate the service and your dashboards.
• To manage your account, subscription and support requests.
• To send service and transactional messages, and — where permitted — product updates you can opt out of.
• To monitor, debug and improve performance, reliability and security.
• To improve the service for everyone using aggregated, anonymised measurement data, as described in our Terms of Service. Aggregated data never identifies you, your workspace or your customers.
• To comply with our legal obligations and enforce our agreements.

Measure measures the public answers that third-party AI engines (ChatGPT, Perplexity, Gemini, Claude, Google AI) give to the prompts you track. Those answers are produced by the engine providers under their own terms and may be inaccurate; we record them as observed.

We also use Anthropic’s Claude to power features such as topic suggestions and the Measure Copilot. Anthropic processes this data to return a result and does not train its models on it. We never sell your personal data, and we do not use your private workspace content to train any model.

Where UK or EU data protection law applies, we rely on the following bases:

• Performance of a contract — to deliver the service you have signed up for.
• Legitimate interests — to secure, analyse and improve the service, balanced against your rights.
• Consent — for optional cookies and marketing, which you can withdraw at any time.
• Legal obligation — to meet accounting, tax and other statutory requirements.

We share personal data only with the vendors that help us run the service (our sub-processors), and only as far as needed. The current list — what each does and where it is located — is on our Sub-processors page. We may also disclose data where required by law, to protect our rights, or as part of a merger or acquisition (in which case this policy continues to apply). We do not sell your personal data.

Some of our sub-processors are located in the United States and elsewhere. Where we transfer personal data outside the UK or EEA, we rely on appropriate safeguards — UK International Data Transfer Agreement / Addendum, the European Commission’s Standard Contractual Clauses, and adequacy decisions or the EU–US Data Privacy Framework where available.

We keep personal data for as long as your account is active. When you close your account or ask us to delete your data, we delete your workspace data within 90 days (including from backups), except for aggregated anonymised data and records we must keep to meet legal, tax or accounting obligations.

Depending on where you live, you have rights over your personal data. Under UK and EU GDPR you may access, rectify, erase, restrict, port or object toour processing, and withdraw consent. Under the California Consumer Privacy Act (CCPA/CPRA) you may request access to, deletion of, and details about the personal information we hold, and you have the right not to be discriminated against for exercising those rights — and because we do not sell or “share” personal information for cross-context advertising, there is nothing to opt out of in that respect.

To exercise any right, email hello@measure.co. We respond within 30 days. You also have the right to complain to a supervisory authority — in the UK, the Information Commissioner’s Office (ICO).

We use a small number of strictly-necessary cookies to keep you signed in and the service secure, and — with your consent where required — product analytics (PostHog) to understand and improve how the service is used. You can control cookies through your browser settings.

We protect your data with encryption in transit and at rest, row-level access controls, least-privilege access for staff, and ongoing monitoring. See our Security page for details. No system is perfectly secure, but we work hard to keep your data safe.

Measure is a business tool not intended for anyone under 18. We do not knowingly collect data from children; if we learn we have, we will delete it.

We may update this policy; material changes will be notified in-app or by email and the effective date above will change. Questions or requests: hello@measure.co.