Slope

Legal

Privacy Policy

Last updated: May 2026. Direct, plain-English version of how we handle data. The legalese version is available on request — email hello@slope.to.

Who we are

Slope is operated by Slope Technologies Inc. ("Slope", "we", "us"). Our service is hosted on AWS in us-east-1 and provided at slope.to and app.slope.to.

What we collect

Three categories of data:

  1. Account data. Email, name, and password (the password is hashed by AWS Cognito; we never see the plaintext). Stored as long as your account exists.
  2. Connected-service data. When you connect Google Search Console + Analytics, we request read-only scopes and store a denormalized snapshot of the data: per-page clicks, impressions, CTR, position, and traffic. We do not request or store any write scopes. When you connect GitHub, we store the installation ID — never your personal access token.
  3. Crawl data. When you add a project for a domain, our crawler fetches public pages from that domain (respecting robots.txt) and stores the HTML, extracted metadata, and a vector embedding per page. We crawl only domains you've added projects for.

What we do with it

We use this data exclusively to provide the Slope service to you: detecting growth opportunities, creating GitHub issues, measuring impact. We do not sell, share, or use your data to train any public model. Aggregate, anonymized usage metrics may be used to improve detection algorithms, but never in a way that would identify you or your site.

Sub-processors

The vendors who handle data on our behalf:

  • AWS (us-east-1) — compute, storage, identity (Cognito), email (SES).
  • MongoDB Atlas (us-east-1) — primary database.
  • Anthropic — LLM scoring + AI Visibility probes (when you provide your own API key).
  • OpenAI — embeddings + alternative LLM (when you provide your own API key).
  • Perplexity — AI Visibility probes (when you provide your own API key).
  • Google — Search Console + Analytics APIs (with your authorization).
  • GitHub — issue creation via GitHub App (with your authorization).
  • Stripe — payment processing.
  • Cloudflare — DNS + CDN for slope.to.

Where we store it

Everything lives in AWS us-east-1 (Northern Virginia). Encryption at rest is provided by AWS RDS-style managed services (MongoDB Atlas, S3, Secrets Manager). Encryption in transit is TLS 1.2+ everywhere.

How long we keep it

  • Account data: as long as your account exists. Deleted within 30 days of account deletion.
  • GSC + GA4 snapshots: retained while the integration is connected. Purged within 30 days of disconnect.
  • Crawl HTML: retained for 90 days, then transitioned to AWS Glacier (still accessible by you, slower to restore).
  • Webhook payloads: archived for 60 days for debugging, then auto-deleted.
  • Audit log: retained for the lifetime of your organization (read-only ledger).

Your rights

You can at any time:

  • Export all your data (Settings → Export). Returns a JSON dump within 24 hours.
  • Disconnect any integration (Integrations → Disconnect). Connected-service data purged within 30 days.
  • Delete your account (Settings → Delete account). Everything purged within 30 days, except audit log entries that reference you (kept for compliance).

GDPR or CCPA request? Email hello@slope.to with subject "Privacy request" and we'll respond within 7 days.

Cookies

The marketing site (slope.to) uses no tracking cookies. The app (app.slope.to) uses essential cookies for session management (AWS Cognito JWT in localStorage). We don't use third-party analytics on the app. We may add Plausible or Umami (privacy-respecting, no PII) on the marketing site later — we'll update this policy if we do.

Changes to this policy

Material changes will be emailed to all active users at least 14 days before they take effect. Non-material changes (typos, clarifications) are made in-place with the "Last updated" date bumped.

Contact

Questions, complaints, or just curiosity: hello@slope.to. We answer everything.