Processing...
Legal

Privacy Policy

This Privacy Policy explains what information TopicalDrift.com ("Topical Drift", "we", "us") collects, how we use it, and the choices you have. This tool is free during beta (up to 500 pages/site, unlimited scans with fair use).

Effective date: January 10, 2026 • Last updated: January 10, 2026
Quick summary
  • Passwordless login via MagicLinks (email-based).
  • We collect only what we need to run scans and support the product.
  • Embeddings & UMAP data stored for analysis.
  • GSC access used only for requested analysis.
  • We don't sell your personal information.
  • You can request deletion of your data.
On this page
Who we are Information we collect Authentication (MagicLinks) How we use information Embeddings & UMAP data Legal bases Third-party services Data retention International transfers Cookies & tracking Security Your rights Children Changes Contact
Questions? Contact us.
Who we are

TopicalDrift.com

TopicalDrift.com provides semantic drift and internal-link mismatch analysis using:

  • Sitemap crawling and main-content extraction
  • 768-dimensional embeddings (sentence transformers)
  • UMAP semantic projection for 2D visualization
  • K-means clustering for topical grouping
  • Internal link context analysis
  • Google Search Console (GSC) data integration (optional)

"You" refers to the person or organization using our website and services.

Information

Information we collect

A) Information you provide
  • Account/contact info: email address (for MagicLinks passwordless authentication), name (optional), and any message content you submit via contact forms.
  • Website inputs: sitemap URL(s), site URL(s), and configuration you provide for scans.
  • Uploads (if offered): files you upload for analysis (e.g., internal link exports, GSC CSV exports).
  • Payment information (when paid plans launch): processed by third-party payment processors (we don't store full credit card numbers).
B) Information we collect automatically
  • Usage data: pages viewed, scans initiated, actions taken in the app, timestamps, and basic diagnostic events.
  • Device/log data: IP address, browser type, operating system, referring/exit pages, and approximate location derived from IP.
  • Cookies/local storage: used for essential site features (authentication session, theme preference) and optional analytics (see "Cookies & tracking" section).
  • Performance metrics: scan duration, error logs, API response times for service improvement.
C) Crawled website data
  • Page content: HTML fetched from your sitemap URLs (we extract main content, not full raw HTML)
  • Internal links: anchor text, surrounding text, container/heading context
  • Metadata: page titles, meta descriptions, canonical tags, status codes
  • Processed data: high-dimensional embeddings, UMAP 2D projections, cluster assignments, semantic distances
D) Google Search Console data (optional)

If you connect Google Search Console via OAuth 2.0, we may access GSC performance data such as:

  • Queries, clicks, impressions, CTR, and average position for your property
  • Page-level performance metrics
  • Date ranges you specify for analysis

We use GSC data only to produce the analyses and reports you request. We do not access unrelated properties or use your GSC data for purposes beyond your requested scans. You can revoke access at any time through your Google account settings.

Authentication

Passwordless authentication via MagicLinks

We use MagicLinks for passwordless authentication:

  • When you sign in, we send a time-limited login link to your email address
  • Clicking the link authenticates your session
  • We do not store passwords — only your email address and authentication tokens
  • Authentication tokens expire after a set period (typically 30 days)
  • We use secure, encrypted cookies to maintain your logged-in session
Security benefit: Passwordless authentication eliminates password-related risks (weak passwords, reuse, breaches). You authenticate via your email provider's security.
Use

How we use information

  • Provide the service: run unlimited scans (fair use), generate embeddings, compute UMAP projections, calculate semantic distances, detect drift/mismatch, build clusters, create interactive radial maps, identify linking opportunities, and produce reports/exports.
  • Authentication: send MagicLinks emails, maintain login sessions, manage account access.
  • Support: respond to requests, troubleshoot issues, provide implementation guidance, and improve reliability.
  • Improve the product: analyze aggregate usage patterns (not individual site content) to improve UI, embedding accuracy, UMAP parameters, clustering quality, and workflows.
  • Security: prevent abuse (including fair use policy enforcement), protect accounts, monitor for suspicious activity, and detect automated attacks.
  • Billing (when paid plans launch): process subscriptions, manage plan limits, handle upgrades/downgrades.
  • Communications: send service updates, feature announcements, beta notifications, and (with consent) marketing emails.
What we DON'T do:
  • We do not sell your personal information
  • We do not use your website content to train public models for other customers
  • We do not share your embeddings or semantic analysis with third parties (except service providers)
  • We do not use your GSC data for purposes beyond your requested analysis
Technical data

Embeddings & UMAP data storage

To provide analysis and track improvements over time (especially with unlimited scans), we store:

  • Page embeddings: high-dimensional vectors representing semantic meaning (generated via sentence-transformers/all-MiniLM-L6-v2)
  • UMAP projections: 2D coordinates (x, y) for visualization
  • Semantic angles: Angular positions calculated from UMAP projections
  • Cluster assignments: K-means cluster IDs and centroids
  • Distance measurements: Actual (0-2.0) and normalized (0-1) semantic distances
  • Link context embeddings: Vectors for anchor + surrounding text + container context

What we don't store:

  • Full raw HTML of your pages (only extracted main content text)
  • Complete GSC query lists (only aggregate performance data)
  • Passwords (we use passwordless MagicLinks)
Third parties

Third-party services we use

We share information with service providers who help us operate the service:

Service Purpose Data shared
Hosting provider Infrastructure, servers, databases All service data
MagicLinks Passwordless authentication Email address, authentication tokens
OpenAI API Generate embeddings (when applicable) Cleaned page text (not full HTML)
Serilog / Log aggregator Error monitoring, logging Error logs, usage metrics, IP addresses
Email service Send MagicLinks, notifications Email address, message content
Payment processor (future) Subscriptions, billing Payment details, billing address
Analytics (optional) Aggregate usage patterns Anonymized page views, events

Other sharing scenarios:

  • Legal: to comply with lawful requests, court orders, protect rights/safety, or prevent fraud/abuse.
  • Business changes: in connection with a merger, acquisition, or asset sale (we'll provide notice where required by law).
When we use vendors, we limit access to what they need to perform their services and expect them to protect your data consistent with this policy and applicable law.
Retention

Data retention periods

We keep data only as long as necessary for the purposes described above:

Data type Retention period
Account data Until account deletion + 30 days backup retention
Scan results & reports Starter: Current scan only
Professional: 6 months
Agency: Unlimited
Embeddings & UMAP data Same as scan results (enables historical tracking)
Raw HTML fetches Processed and deleted within 7 days (not permanently stored)
Logs (errors, access) 90 days for security/troubleshooting
Authentication tokens 30 days or until logout/revocation
Billing records 7 years (tax/legal requirements)
You can request deletion of your account and associated data (see "Your rights" section). Some data may be retained longer where required by law or legitimate business needs (e.g., fraud prevention).
International

International data transfers

Your information may be transferred to, stored, and processed in countries other than your own, including the United States.

  • We use service providers that operate globally (hosting, OpenAI API, etc.)
  • Where we transfer data from the EU/UK/EEA to other countries, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions
  • By using the service, you consent to these transfers as necessary to provide the service
Cookies

Cookies & tracking technologies

We use cookies and similar technologies:

Type Purpose Duration Required?
Authentication Maintain logged-in session (MagicLinks) 30 days ✅ Essential
Preferences Theme (light/dark), UI settings 1 year ✅ Essential
Security CSRF protection, abuse prevention Session ✅ Essential
Analytics Understand usage patterns (anonymized) 1 year ❌ Optional
Your choices: You can control cookies through your browser settings. Disabling essential cookies may affect functionality. For optional analytics cookies, we'll ask for consent where required by law.
Security

Security practices

We use reasonable administrative, technical, and organizational measures designed to protect your data:

  • Encryption: HTTPS/TLS for data in transit; encryption at rest for sensitive data
  • Passwordless authentication: MagicLinks eliminate password-related vulnerabilities
  • Access controls: Least-privilege principles, role-based access
  • Monitoring: Automated alerts for abuse, suspicious activity, and anomalies
  • Regular updates: Security patches applied promptly
  • Data minimization: We don't store full HTML, passwords, or unnecessary data
Important: No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at our contact page.
Your rights

Your privacy rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data (subject to legal/operational requirements)
  • Portability: Receive your data in a structured, machine-readable format (CSV/JSON exports)
  • Object: Object to processing based on legitimate interests
  • Restrict: Request restriction of processing in certain circumstances
  • Withdraw consent: Where we rely on consent (e.g., marketing emails, optional cookies), you can withdraw it at any time
  • Lodge a complaint: Contact your data protection authority (if in EU/UK/EEA)

Specific actions:

  • Revoke GSC access: Via your Google account permissions (google.com/permissions)
  • Export data: Use our CSV/JSON export features in the app
  • Delete account: Contact us with your request
  • Unsubscribe from emails: Click unsubscribe link in emails
To exercise your rights:
Use our contact page or email us. We'll respond within 30 days (or as required by law). We may request verification of your identity.
Children

Children's privacy

Our services are not directed to children under 13 (or 16 in the EU, or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we've inadvertently collected information from a child, please contact us immediately so we can delete it.

Updates

Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date above, and if changes are material we will provide additional notice (such as a banner, email, or in-app notification, where appropriate). Continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact

Contact us

For privacy questions, data requests, or security concerns, contact us here:

Contact We typically respond within 2-3 business days (privacy requests within 30 days).
View Terms Start Free Beta