Privacy Policy — Digital Health Audit

1. Who we are

Dragon’s Eye Consulting (“Dragon’s Eye”, “we”, “our”) operates the Digital Health Audit tool ataudit.dragonseyeconsulting.com. This page explains how we handle the data you share with us when you use the tool.

2. What we collect

• Your email address— submitted via the audit form so we can send you the report.
• The website URL you ask us to audit— used to fetch publicly available signals from that site.
• Audit findings— data we collect from the public web (performance scores, SEO data, technology stack, social media profiles linked from your site, screenshots of your own homepage and a small number of internal pages, etc.).
• Meeting booking details— if you book a meeting, your name, email, and scheduled time as provided to our calendar tool.
• Standard server logs— IP address, user agent, and request metadata, retained for security and abuse prevention.

3. What we do NOT collect

• We do not collect data behind a login or paywall on the site being audited.
• We do not collect data on individuals other than the submitter.
• We do not use third-party advertising trackers on this tool.

4. How we use it

• To generate your digital audit report and deliver it to you.
• To notify a Dragon’s Eye representative that you may benefit from our services.
• To improve the audit product over time (in aggregate; never by exposing your data to others).

5. Who we share it with

We do not sell or rent your data. We share limited data with vetted service providers we rely on to operate the tool, including:

• Hosting (Vercel)
• Backend storage and edge functions (InsForge)
• AI synthesis (Anthropic)
• Audit data sources (Google PageSpeed Insights, DataForSEO)
• Browser infrastructure (Browserbase)
• Email delivery (Resend)
• Meeting scheduling (Google Calendar)
• Error monitoring (Sentry)

Each provider has its own privacy commitments; we choose providers that meet industry-standard security and data-handling practices.

6. How long we keep it

• Audit reports for prospects who do not book a meeting: 180 days.
• Audit reports for prospects who book: 2 years (or until you request deletion).
• Server logs: 30 days.

7. Your rights

You can request a copy of your data, request deletion, or ask us to correct anything we hold by emailingprivacy@dragonseyeconsulting.com. We will respond within 30 days. If you’re in the EU/UK, you have the rights afforded by GDPR; if you’re in California, you have the rights afforded by CCPA.

8. Security

All data is transmitted over HTTPS. Access to backend systems is restricted to a small number of authorised personnel. We use HMAC-signed tokens to restrict access to generated reports.

9. Children

The tool is intended for business use. We do not knowingly collect data from individuals under 16.

10. Changes

We may update this policy. The “last updated” date at the top reflects the most recent revision. Material changes will be highlighted on this page for at least 30 days.

11. Contact

Privacy questions: privacy@dragonseyeconsulting.com.