Privacy Policy
Last updated: March 2026
Who we are
Stobo is operated by Johan Adda, 5 boulevard Gabriel Guist'hau, 44000 Nantes, France.
Questions? Email support@trystobo.com.
What we collect
Account data
When you create an account (via email or Google), we store:
- Email address
- Full name
- Company name, industry, and job title (optional, from onboarding)
- Website URL (optional)
- Avatar URL (from Google, if you use Google sign-in)
Audit data
When you run a site or article audit, we store:
- The domain or URL you submitted
- The HTML fetched from that URL (used for analysis, discarded after processing)
- Audit results: scores, checker outputs, recommendations
- E-E-A-T profile data (on-site and off-site signals)
- Any content we generated for you: llms.txt, robots.txt, sitemaps, rewrites
Free instant audit
No account required. We collect:
- Your email address
- The domain you submitted
API keys
If you create API keys for CLI or MCP access, we store:
- A hashed version of the key (we can't recover the original)
- The first 8 characters (prefix) for display
- Creation date and last-used date
Technical data
- Your IP address, used for rate limiting only, not stored long-term
- No cookies. Authentication tokens live in your browser's localStorage.
How we use your data
- To run the service: audits, reports, results delivery.
- To send transactional emails: audit results, re-audit notifications, OTP verification.
- To enforce rate limits: 10 requests per minute, per IP.
- To improve the product: aggregate, anonymized audit data informs what we build.
We don't sell your data. We don't serve ads. We don't build advertising profiles.
Third-party services
We share data with these providers to operate the service, nothing else:
| Provider | Purpose | What we share |
|---|---|---|
| Anthropic (Claude) | AI-powered analysis and content generation | Website HTML submitted for audit |
| Brevo | Transactional email delivery | Your email address |
| OAuth2 sign-in (only if you choose Google login) | Email, name, profile picture | |
| Serper.dev | SERP feature detection | Domain name and search queries |
| TinyFish | E-E-A-T gap analysis | Domain name, competitor names |
Each provider operates under their own privacy policy. We share data with no one else.
Data retention
- Account data is kept as long as your account is active.
- Audit results are kept indefinitely to power public report pages at
/report/{domain}. - OTP codes expire after 10 minutes and are marked used immediately.
- API keys persist until you delete them.
To delete your account and all associated data, email support@trystobo.com.
SIRENE business registry data
Our local SEO audit uses data from the French SIRENE registry, maintained by INSEE (Institut National de la Statistique et des Etudes Economiques) and published under Licence Ouverte v2 (free for commercial use).
What we store
- Company legal name and registration numbers (SIREN, SIRET)
- Business address, postal code, city, and GPS coordinates
- Business classification code (NAF/APE)
- Legal form, creation date, and active/closed status
What we do not store
- Personal names of individual entrepreneurs who have exercised their right to opposition (RGPD article 21). Only businesses with
statutDiffusion = O(publicly diffusible) are imported. - No phone numbers, email addresses, or financial data — these are not part of SIRENE.
How we use it
SIRENE data powers competitor discovery (finding nearby businesses in the same sector), NAP consistency checks (verifying your registered address matches your website), and local visibility pages.
Updates
Data is refreshed monthly from the official INSEE source at data.gouv.fr.
Cookies and tracking
No cookies. No analytics scripts. No Google Analytics. No pixels. No fingerprinting.
Authentication tokens are stored in your browser's localStorage. They never reach third parties.
Emails we send
- OTP verification when you log in or verify your account.
- Audit results when your audit completes.
- Re-audit notifications monthly, if you came through the instant audit flow.
Every non-transactional email includes an unsubscribe link. Opt out at any time.
Your rights
Under GDPR and applicable French law, you have the right to:
- Access your personal data.
- Correct inaccurate data.
- Delete your account and data.
- Export your data.
- Object to processing.
- Withdraw consent at any time.
Email support@trystobo.com to exercise any of these. We respond within 30 days.
Security
- Passwords are hashed with bcrypt.
- API keys are hashed and stored securely. The full key is shown once, at creation.
- All traffic runs over HTTPS.
- SSRF protections block requests to private IP ranges.
- Rate limiting is enforced per IP.
Children
Stobo is not for anyone under 16. We don't knowingly collect data from children.
Changes
We update this policy when needed. Changes go live on this page with an updated date. Continued use of the service after changes means you accept them.
Contact
Email: support@trystobo.com
Address: 5 boulevard Gabriel Guist'hau, 44000 Nantes, France