← Back to home

Privacy Policy

Last updated: 2 July 2026

1. Who We Are

Cerberus (“the Service”) is operated by ASPECT Research Ltd (“we”, “us”, “our”). We are the data controller for personal data processed through Cerberus. For privacy inquiries, contact us at privacy@aspectcalibration.com.

2. Information We Collect

When you use Cerberus, we collect:

  • Account information: Email address provided during signup. Passwords are hashed by our authentication provider and never stored in plain text.
  • Subscription data: Your plan tier, billing cadence, trial status, and usage counts (number of evaluations, daily usage).
  • Content submitted for evaluation:When you use Cerberus's evaluation or coaching features, your content is sent to an AI provider for processing, then returned to your browser. This content is processed in memory on our server and is not stored in our database.
  • Project and knowledge data: Project names, descriptions, preferences, and knowledge base content you explicitly save.
  • Payment information: All payment processing is handled by Stripe. No credit card numbers, bank details, or payment credentials ever touch our servers.

3. How We Use Your Information

We use your information to:

  • Provide content quality evaluation and response coaching features
  • Manage your subscription and usage limits
  • Process payments and maintain billing records
  • Enforce rate limits and prevent abuse
  • Communicate service updates, security notices, and policy changes

4. Third-Party Services That Receive Your Data

To provide Cerberus, we share specific data with the following third-party services. Each has its own privacy policy governing how they handle your data.

DeepSeek — AI Analysis Provider

Data shared:Your content text (for Cerberus's evaluation and coaching features on the Free tier, and as a fallback for paid tiers when token allocations are exhausted or the primary provider fails).

Why: DeepSeek processes your content through its reasoning model to generate quality evaluation, critique, and improvement suggestions.

Privacy policy: deepseek.com/privacy-policy

Anthropic (Claude API) — Pro AI Analysis & Deep Analysis Provider

Data shared: Your content text. Pro and Agency tier evaluations use Claude Sonnet (until your monthly token allocation is exhausted); on the Agency tier the final adjudication step also runs on Claude Opus.

Why:Paid evaluations are powered by Anthropic's frontier reasoning models for deeper analysis and higher-quality critique.

Privacy policy: anthropic.com/privacy

Voyage AI — Embedding Provider

Data shared: Knowledge base text you upload to projects (for generating search embeddings).

Why: Voyage AI converts your knowledge base content into vector embeddings for semantic retrieval during analysis.

Privacy policy: voyageai.com/privacy-policy

Perplexity — Citation Testing Provider

Data shared: The search queries and target URLs you submit when you run citation testing.

Why:Perplexity's answer engine is queried live to test whether content is cited in AI-generated answers.

Privacy policy: perplexity.ai/hub/legal/privacy-policy

Jina — Web Page Reader

Data shared: The public URLs analysed during comparative citation analysis. Your own submitted content is not sent to Jina.

Why: Jina Reader fetches and converts public web pages so competing content can be scored on the same signals as yours.

Privacy policy: jina.ai/legal

Stripe — Payment Processor

Data shared: Your email address and user ID (passed during checkout). Stripe collects your payment details directly on their hosted checkout page.

Why: Stripe handles all subscription billing. No credit card numbers, CVVs, or bank account details ever pass through or are stored on our servers.

Privacy policy: stripe.com/privacy

Supabase — Infrastructure Provider

Data shared: All account data, including email addresses, hashed passwords, subscription records, usage counts, project data, and knowledge base content.

Why: Supabase provides our database, authentication, and backend infrastructure. Data is encrypted in transit (TLS) and at rest.

Privacy policy: supabase.com/privacy

Vercel — Hosting Provider

Data shared: Request data (IP address, headers) and the content of requests processed by our application, in transit.

Why: Vercel hosts the Cerberus application and runs the serverless functions that process your requests.

Privacy policy: vercel.com/legal/privacy-policy

Upstash — Rate-Limit Store

Data shared: Rate-limit counters keyed by user ID or hashed IP address. No content is stored.

Why: Upstash Redis enforces fair-use rate limits across requests.

Privacy policy: upstash.com/trust/privacy.pdf

Resend — Email Delivery

Data shared: Your email address and the content of transactional emails we send you (welcome, trial, billing notices).

Why: Resend delivers our transactional email.

Privacy policy: resend.com/legal/privacy-policy

5. Data Retention

  • Evaluation and Coach content: Processed in memory on our server and returned to your browser. Not written to our database. This content is transient and discarded once the response is sent.
  • Account and subscription data: Retained for as long as your account is active. Deleted upon account deletion, subject to any legal retention requirements for billing records.
  • Third-party retention: DeepSeek, Anthropic, Voyage AI, Perplexity, and Jina each receive data during processing as described in Section 4. Their retention of that data is governed by their respective privacy policies linked above.

6. Cookies

We use essential cookies only, for authentication and session management (Supabase auth tokens). We also store your theme preference (Eclipse/Solstice) in localStorage. We do not use advertising, tracking, or analytics cookies.

7. Your Rights Under GDPR

If you are in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your account and all associated data.
  • Right to data portability: Request an export of your data in a machine-readable format.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to processing of your data for specific purposes.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@aspectcalibration.com. We will respond within 30 days.

8. Security

We protect your data with: TLS encryption in transit, encryption at rest via our infrastructure provider, secure HTTP-only session cookies, CSRF protection on all API endpoints, per-user rate limiting, and row-level database security policies ensuring users can only access their own data.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or through the Service. The “Last updated” date at the top reflects the most recent revision.

10. Contact

For privacy inquiries, data requests, or to exercise your GDPR rights:

Email: privacy@aspectcalibration.com

Data Controller: ASPECT Research Ltd