Foo logoFoo

Privacy Policy

Last updated: May 1, 2025

1. Who We Are

Foo (“we”, “us”, “our”) provides automated Lighthouse monitoring at foo.software. This policy explains what personal data we collect, how we use it, and your rights regarding that data.

2. Information We Collect

  • Account data: name, email address, and password (stored as a bcrypt hash) when you register.
  • Billing data: your subscription plan and payment status. Payment card details are handled entirely by Stripe or Braintree — we never store raw card numbers.
  • Usage data: URLs and pages you add to the Service, Lighthouse audit results, API tokens, and notification preferences.
  • Analytics data: interaction events (pages visited, features used, approximate location) collected via PostHog. See Section 5 for details.
  • Log data: server logs including IP address, browser type, and request timestamps, retained for security and debugging purposes.

3. How We Use Your Information

  • To create and maintain your account.
  • To process payments and send billing receipts.
  • To run Lighthouse audits on URLs you submit and deliver results to you.
  • To send transactional emails (e.g. audit alerts, payment confirmations).
  • To analyse product usage and improve the Service.
  • To comply with legal obligations.

4. Payment Processors

We use Stripe as our primary payment processor for new subscriptions and Braintreefor legacy accounts. Both are PCI-DSS compliant services. Stripe's privacy policy is available at stripe.com/privacy.

5. Analytics — PostHog

We use PostHog to collect product analytics. PostHog may collect events such as page views, feature interactions, and browser metadata. This data helps us understand how the Service is used and identify areas for improvement.

PostHog data is stored on PostHog-managed infrastructure. We do not sell this data. You can opt out of analytics tracking by contacting us at hello@foo.software with the subject line “Analytics Opt-Out”.

6. Data Sharing

We do not sell your personal data. We share data only:

  • With payment processors (Stripe, Braintree) to process transactions.
  • With analytics providers (PostHog) as described above.
  • With email service providers to deliver transactional notifications.
  • When required by law or to protect the rights and safety of our users.

7. Data Retention

We retain your account data for as long as your account is active. After your subscription ends, data is retained for 30 days to allow you to reactivate. After 30 days, your account and all associated data are permanently deleted.

Log data is retained for up to 90 days. Analytics event data is retained per PostHog's data retention settings.

8. Security

We use industry-standard security measures including HTTPS, bcrypt password hashing, and access controls. No system is completely secure; we encourage you to use a strong, unique password.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your personal data. To exercise these rights, contact us at hello@foo.software.

10. Cookies

We use an httpOnly cookie to maintain your authenticated session. We do not use third-party advertising cookies. PostHog may set a first-party analytics cookie.

11. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or an in-app notice. The “Last updated” date at the top of this page reflects the most recent revision.

12. Contact

Questions about privacy? hello@foo.software