Policy

Privacy policy

Last updated: July 14, 2026

The short version

Sumhound processes settlement files in memory to produce the result you requested. We do not persist the original file, its rows, order-level data or payout amounts. A commerce profile is optional, and the anonymous analyzers remain available without one.

Information you choose to provide

  • Briefing subscription: email address, selected platforms, consent status and delivery/suppression history.
  • Commerce profile: email, role, optional business name, declared platforms, topics, operational surfaces, API versions and digest preference.
  • Optional client context: a label, declared platforms/topics/surfaces and notes you enter. Do not put credentials, payout values or sensitive personal data there.
  • Action state and feedback: signal references, match reasons, status and an enumerated relevance choice. We do not ask for free-text match feedback.
  • Attribution and referrals: an allowlisted first-touch channel, landing path, optional anonymous referral code and conversion surface. A referral code does not contain your email, profile ID or settlement data.
  • AI visibility scan: a brand name, up to three questions and optional competitor names that you actively submit. Do not include personal, confidential or customer data in these fields.

Settlement uploads

Uploaded CSV or text files are parsed for the current request and are not written to product storage. Results and specific amounts are not added to a profile. If you explicitly enable upload telemetry, Sumhound may record a bounded header fingerprint to improve schema recognition; telemetry is off by default and never includes file rows or amounts.

AI visibility scans

Sumhound processes an AI visibility scan in memory and does not persist the submitted brand, questions, competitor names, provider answers or report. To perform the scan, the submitted brand, questions and optional competitor names are sent to the AI providers listed on the scan page. Those providers process the request under their own terms and privacy policies; do not submit information you are not authorized to share with them.

Abuse controls keep only a short-lived, truncated hash of the requesting network address in the running process for the current daily limit. It is not written to the database or logs and is cleared when the process restarts or the day changes.

Authentication and email

Confirmation, login, manage and unsubscribe links use short-lived or purpose-bound opaque credentials. The database stores hashes rather than the original link token. Delivery workers keep status, retry and suppression metadata; they do not persist message bodies or a second email copy in their outboxes.

Analytics and public sources

Sumhound measures page and product-flow events to understand whether the free tools work. Event properties are filtered to reject emails, tokens, files, header names, amounts, currencies, orders, SKUs and customer data. Credential pages do not initialize analytics, and session recording and broad autocapture are disabled. Analytics providers may process standard request and device metadata under their own policies.

We also retain hourly aggregate service-health counters for analyzer outcomes and public not-found responses. These counters contain only a time bucket, an allowlisted outcome and a count; they do not contain request paths, filenames, file contents, amounts, email addresses, IP addresses, referrers or user-agent strings.

For a confirmed profile, Sumhound can record one daily, allowlisted value event such as a settlement analysis, period comparison, matched-change view, action update or briefing click. These records contain the profile's public identifier, event name, a bounded entity key and date. They do not contain file contents, row data, amounts, filenames or email addresses, and they are used only for activation, retention and product-quality reporting.

Platform change pages are built from official public sources and human-reviewed operational notes. Public source content is separate from private profile and delivery state.

Use, sharing and retention

We use this information to operate the requested analyzer, AI visibility scan, profile, action inbox and email briefing; prevent abuse; recover failed delivery; and improve source and matching quality. We do not sell personal data. Infrastructure, AI, analytics and email providers process the information needed to provide the requested service.

We retain active profile and consent state while the service is used. Unsubscribe, suppression and aggregate delivery records may be retained to honor opt-out and prevent repeat sending. Profile attribution and value-event records are removed when the associated profile is permanently deleted. Legacy interest records are not treated as confirmed commerce subscriptions.

Your control

Email links provide manage and unsubscribe controls. An authenticated profile can be paused or permanently deleted; permanent deletion clears declared profile/client context and revokes outstanding credentials. You can continue using the anonymous analyzers after deletion.

Sumhound

Commerce intelligence for payouts, platform changes and business impact.

Private by default. Settlement files are processed in memory and never stored.

Source-backed operational guidance, not accounting, tax or legal advice.