Privacy Policy
Last updated: March 2026
Courior ("we", "us", "our") provides a report generation platform for digital marketing agencies. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
By creating an account or using Courior, you agree to the collection and use of information as described below.
1. Information We Collect
Account information
- Full name, email address, and agency name (provided during signup or onboarding)
- Password (hashed; only for email/password accounts)
- Brand settings: logo, colors, and font preferences you configure
Analytics data via Google OAuth
- Google Analytics 4: sessions, users, page views, conversions, bounce rate, top pages, and traffic sources for properties you connect
- Google Search Console: impressions, clicks, CTR, average position, and top queries for sites you connect
- We request read-only access. We never write to, modify, or delete data in your Google accounts.
- OAuth tokens (access and refresh) are stored encrypted and used solely to fetch report data on your behalf
Billing information
- Payment details (card number, billing address) are collected and processed by Stripe. We do not store card numbers on our servers. We receive and store your Stripe customer ID and subscription status.
Usage data
- Basic product analytics (pages viewed, features used, report generation events) collected via PostHog to improve the product
2. How We Use Your Information
- To generate client reports using your connected GA4 and Search Console data
- To personalize exported PDFs with your agency branding (name, logo, colors, fonts)
- To process payments and manage your subscription via Stripe
- To send transactional emails: welcome messages, report-ready notifications, trial reminders, and password resets
- To improve and maintain the platform based on aggregated usage patterns
- To respond to support requests sent to our contact email
We do not sell, rent, or share your personal information or your clients' analytics data with third parties for marketing purposes.
3. Third-Party Services
Courior relies on the following third-party services to operate. Each has its own privacy policy governing how they handle data:
- Google OAuth — Authentication and read-only access to GA4 and Search Console data
- Stripe — Payment processing, subscription management, and billing
- Supabase — Database hosting, authentication, and file storage (hosted on AWS)
- Resend — Transactional email delivery
- Vercel — Application hosting and edge delivery
- PostHog — Product analytics
- Anthropic (Claude) — AI-generated report narratives. Analytics data is sent to Claude to generate executive summaries, insights, and recommendations. This data is processed per-request and is not used to train models.
4. Data Retention
We retain your account information, client data, and generated reports for as long as your account is active. Analytics snapshots (the GA4 and GSC data used to generate a report) are stored alongside the report they were generated for.
If you cancel your subscription, your data remains accessible until you choose to delete your account.
5. Data Deletion
You can delete your account at any time from Settings → Account → Danger Zone. Account deletion is permanent and irreversible. When you delete your account:
- Your agency record, all clients, and all reports are permanently deleted from our database
- Your Stripe subscription is canceled and your payment information is removed from Stripe
- Your authentication credentials are removed from Supabase Auth
- Uploaded logos and exported PDFs are removed from storage
- Google OAuth tokens are deleted; however, you should also revoke Courior's access from your Google Account permissions page for completeness
6. Security
All data is transmitted over HTTPS. OAuth tokens are stored in a database with row-level security policies. Passwords are hashed by Supabase Auth using bcrypt. We do not store payment card numbers — these are handled entirely by Stripe's PCI-compliant infrastructure.
7. Cookies
Courior uses essential cookies for authentication session management (managed by Supabase Auth). We use PostHog for product analytics, which may set cookies. We do not use advertising cookies or third-party tracking cookies.
8. Your Rights
You may request a copy of your data, correction of inaccurate data, or deletion of your account and all associated data at any time by emailing us or using the in-app account deletion feature. We will respond to data requests within 30 days.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by placing a notice on the platform. Continued use of Courior after changes constitutes acceptance of the updated policy.
10. Contact
If you have questions about this Privacy Policy or how your data is handled, contact us at hello@courior.io.