← Back to login

Privacy Policy

Last updated: April 16, 2026

1. Who We Are

Araptus ("we", "us", "our") operates the Araptus Dashboard at dashboard.araptus.com. This privacy policy explains how we collect, use, and protect your information when you use our client dashboard platform.

Contact: Kris Black — [email protected]
Website: araptus.com

2. Information We Collect

Account Information

When you are invited to the dashboard, we store:

  • Email address (used for login via magic link)
  • Name and contact details you provide in your profile
  • Business name, domain, and address

Device & Security Information

For account security, we collect:

  • Device fingerprint (browser type, screen resolution, timezone — hashed, not stored in plaintext)
  • IP address (for rate limiting and threat detection)
  • Login timestamps and approved device records

Third-Party Service Data

We access the following data on your behalf through integrations you or your account manager have authorized:

  • Google Business Profile: Business listing views, search queries, phone call clicks, direction requests, and customer reviews. Accessed via Google OAuth using your account manager's authorized credentials.
  • Google Search Console: Search performance data including clicks, impressions, and ranking positions for your website.
  • Vercel: Website visitor analytics (pageviews, referrers, geographic data) and deployment status.
  • ClickUp: Project task names, statuses, and due dates for work being performed on your behalf.

3. How We Use Your Information

We use collected information to:

  • Provide the dashboard service — displaying your website performance, project status, and business metrics
  • Authenticate your identity and secure your account
  • Detect and prevent unauthorized access (honeypot traps, rate limiting, IP blocking)
  • Send transactional emails (login links, device verification)
  • Improve the dashboard based on usage patterns

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Google API Services — Limited Use Disclosure

Araptus Dashboard's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only access Google data necessary to provide the dashboard features described above
  • We do not use Google data for advertising or to serve ads
  • We do not allow humans to read your Google data except as necessary to provide the service, with your consent, for security purposes, or to comply with law
  • We do not transfer Google data to third parties except as necessary to provide the service or as required by law
  • Google data is stored in our Supabase database with row-level security ensuring only you and your authorized account manager can access it

5. Data Storage & Security

Your data is stored in:

  • Supabase (PostgreSQL) — hosted on AWS infrastructure with encryption at rest and in transit
  • Vercel — application hosting with edge network and DDoS protection

Security measures include:

  • Row-level security — each client can only access their own data
  • Device fingerprinting and verification for new login devices
  • Rate limiting with progressive penalties and automatic IP blacklisting
  • HTTPS enforced with HSTS preload
  • Content Security Policy headers
  • Admin access locked to environment variables (requires deployment to change)

6. Data Retention

  • Analytics data (Vercel, GBP, PageSpeed): retained for 90 days, then automatically deleted
  • Project tasks (ClickUp): completed tasks removed after 30 days
  • Reviews: retained as long as your account is active
  • Account data: retained until you request deletion or your service agreement ends
  • Security logs: IP addresses and honeypot events retained for 30 days

7. Your Rights

You have the right to:

  • Access your data — everything visible in your dashboard is your data
  • Correct inaccurate information via your profile settings
  • Delete your account and all associated data — contact us at [email protected]
  • Revoke Google access at any time via your Google Account permissions
  • Export your data in a machine-readable format upon request

8. Cookies

We use minimal cookies:

  • Authentication cookie — Supabase session token (httpOnly, secure, sameSite)
  • Theme preference — stored in localStorage (light/dark mode)

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the dashboard or email. The "Last updated" date at the top reflects the most recent revision.

10. Contact

For privacy-related questions or data requests:
Kris Black
[email protected]
Araptus — araptus.com