Prowl

Privacy Policy

Last updated: March 4, 2026

1. Information We Collect

We collect the following types of information:

Information you provide

  • Account information: Name, email address, and authentication data provided during sign-up (managed by Clerk).
  • Competitor data: Names, website URLs, pricing page URLs, and careers page URLs of competitors you choose to monitor.
  • Notes: Any notes you create about competitors within the Service.
  • Settings: Your preferences for scan frequency, digest emails, Slack webhook URLs, and notification preferences.

Information collected automatically

  • Scan results: Publicly available data collected about your monitored competitors (website content, news articles, job postings, social media mentions).
  • AI analysis: AI-generated summaries, threat scores, and strategic recommendations derived from scan data.
  • Usage data: Basic interaction data such as page views and feature usage, collected by our hosting provider (Vercel).

Information we do NOT collect

  • We do not collect or store payment card numbers. All payment processing is handled by Stripe.
  • We do not collect passwords. Authentication is handled entirely by Clerk.
  • We do not use tracking cookies, advertising pixels, or third-party analytics scripts.

2. How We Use Your Information

  • To provide, maintain, and improve the competitive intelligence service
  • To send you scheduled digest emails with scan results (only when you opt in)
  • To generate AI-powered strategic analysis of your competitors
  • To process payments and manage your subscription
  • To send you Slack notifications (only when you configure and enable them)
  • To respond to support requests or inquiries
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services to operate Prowl. We share only the minimum data necessary for each service to function:

  • Clerk (authentication): Receives your email and name for account management. Privacy Policy
  • Stripe (payments): Receives your payment information for subscription billing. Privacy Policy
  • Firecrawl (web scraping): Receives competitor website URLs to collect public page content. Does not receive your personal data.
  • Tavily (web search): Receives competitor names to search for public news, jobs, and social mentions. Does not receive your personal data.
  • Anthropic (AI analysis): Receives anonymized scan data to generate analysis. Does not receive your personal data, account information, or payment details. Privacy Policy
  • Resend (email): Receives your digest email address to deliver reports. Privacy Policy
  • Vercel (hosting): Hosts the application and may collect basic access logs (IP addresses, request metadata). Privacy Policy

4. Cookies & Tracking

Prowl uses only essential cookies required for the Service to function:

  • Authentication cookies: Set by Clerk to maintain your logged-in session. These are strictly necessary and cannot be disabled while using the Service.
  • Security cookies: Used to prevent cross-site request forgery and other security threats.

We do not use advertising cookies, tracking pixels, social media widgets, or third-party analytics tools (such as Google Analytics). We do not track you across other websites.

5. Data About Competitors

Prowl collects only publicly available information about the competitors you monitor. This includes content from public web pages, public news articles, public job postings, and public social media posts. We do not collect private, protected, or confidential data from any source. If you believe Prowl has inadvertently collected non-public information, please contact us immediately.

6. Data Retention

  • Account data: Retained for as long as you maintain an active account.
  • Scan history: Retained to provide historical comparison and trend analysis. Older scans may be automatically pruned after 12 months.
  • Notes: Retained until you delete them or your account is closed.
  • After account deletion: We delete your personal data within 30 days of receiving a deletion request. Some anonymized, aggregated data may be retained for service improvement.

7. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted over HTTPS (TLS encryption in transit)
  • Database encryption at rest
  • Authentication managed by Clerk (SOC 2 compliant)
  • Payment processing by Stripe (PCI DSS compliant)
  • Server-side access controls ensuring users can only access their own data
  • Rate limiting on all API endpoints
  • Input validation and sanitization on all user inputs

No method of transmission or storage is 100% secure. If we become aware of a data breach affecting your personal information, we will notify you and any applicable regulatory authorities within 72 hours as required by law.

8. Your Rights

Regardless of where you are located, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated personal data.
  • Data portability: Request your data in a machine-readable format.
  • Opt out of communications: Unsubscribe from digest emails at any time via your settings page.

For California residents (CCPA)

Under the California Consumer Privacy Act, you have additional rights including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at privacy@prowlai.app.

For EU/EEA residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to restrict processing, the right to object to processing, and the right to lodge a complaint with a supervisory authority. Our lawful basis for processing your data is (a) your consent when you create an account, (b) contractual necessity to provide the Service, and (c) our legitimate interest in improving and securing the Service.

9. International Data Transfers

Prowl is hosted in the United States via Vercel. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure that our third-party service providers maintain appropriate safeguards for international data transfers.

10. AI & Automated Processing

Prowl uses artificial intelligence (Anthropic Claude) to analyze scan data and generate strategic insights, threat scores, and recommendations. This automated processing does not make decisions that have legal or similarly significant effects on you. The AI analysis is provided as a decision-support tool only. You may request human review of any AI-generated analysis by contacting us.

11. Children’s Privacy

Prowl is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact

For privacy-related inquiries, data access requests, or deletion requests, contact us at:

Email: privacy@prowlai.app

We will respond to all privacy requests within 30 days.

Terms of Service