Privacy Policy

What RampScape Collects

RampScape collects account details, business profile details, site content, uploaded images, lead submissions, growth events, support messages, billing state, and integration data you choose to connect.

• Business profile data can include trade, service area, phone, email, website, Google profile details, services, proof claims, reviews, and project photos.
• Lead submissions can include homeowner name, phone, email, service requested, message, source page, UTM parameters, IP address, user agent, and referrer.
• Generated-site analytics can include form starts, form submissions, call clicks, CTA clicks, page path, labels, UTM parameters, IP address, user agent, and referrer.

How RampScape Uses Data

• Create and cache website drafts without regenerating on every page load.
• Route lead requests to the business owner and support owner-side follow-up.
• Measure generated-site conversion paths and Lead Growth checks.
• Prevent abuse, spam, fraud, and unauthorized access.
• Operate integrations you connect, such as Google Search Console, GA4, Google Business Profile, Supabase, Resend, and OpenAI-compatible model providers.

AI Processing

RampScape sends only the profile and scaffold data needed for the requested generation or rewrite. AI output is validated before it is saved or published, but owners remain responsible for checking final public claims.

Data Lifecycle and Export

• Site configuration, generated copy, uploaded project images, leads, growth events, and integration tokens are treated as customer-controlled business data.
• Lead records and growth events are retained so owners can respond to requests and understand site performance; deletion and export are handled through authenticated account support until self-serve tools ship.
• OAuth tokens for Google integrations are scoped to the connected account, encrypted before storage, and used only for the owner-requested Search Console, GA4, or Business Profile workflow.
• Supabase row-level security remains the database boundary for customer data; service-role access stays server-only for controlled write paths, background sync, and exports.
• AI generation should not train on private customer data unless a future provider agreement and product control explicitly allow it.

Deletion Requests

Account, site, lead, and integration deletion is handled by authenticated support request during the MVP. Some operational records may be retained where required for security, billing, dispute handling, or legal compliance.