Privacy Policy

Last updated:

The short version

  • No accounts, no passwords, no sale of personal data.
  • The Google Index Checker keeps your OAuth token in your browser’s session storage. The token never reaches our servers.
  • Contact form submissions are emailed to us via Resend; we don’t store them in a separate database.
  • If Google Analytics is enabled on the deployment, it sets the standard _ga cookies.

1. Who we are

This site, avinashvagh.com, is operated by Avinash Vagh as an individual. For any privacy question, email coefeewithav@gmail.com.

2. What we collect and why

Contact form submissions

If you submit the contact form, we collect your name, email address, website URL, product stage, monthly budget, and any optional fields you fill in (phone, needs, product description). These details are sent to our inbox via Resend so we can reply. They are not stored in a separate database on our side.

Analytics (when enabled)

When the deployment is configured with Google Analytics, the standard Google Analytics script is loaded and sets the usual _ga cookies. We use this to see aggregate, anonymous traffic patterns (page views, referrers). We do not link analytics data to any individual.

Rate-limit signals

For some tool endpoints we read your IP address from request headers and feed it into Upstash Redis for short-window rate limiting. The counter expires after the rate-limit window (typically minutes) and is not joined to any account.

Per-tool data handling

  • Google Crawler Simulator — the URL you submit is fetched server-side so we can mirror what Googlebot would see. We do not log or store the URLs you check.
  • AI Crawler Checker — the target URL is sent to our server only to fetch /robots.txt and the page itself. Not stored.
  • IndexNow Submitter — your sitemap URL and IndexNow key are kept in your browser’s localStorage only if you opt in via the “Remember on this browser” checkbox. The submit endpoint fetches your sitemap, verifies the key file at your domain root, and forwards the URL list to IndexNow-enabled engines. Your key is used in-flight and not persisted server-side.
  • Free Google Index Checker — read-only OAuth to your Google Search Console properties. The access token is stored in your browser’s sessionStorage only (cleared when the tab closes). Daily inspection counts are kept in localStorage so the quota meter works. Inspection results live in your browser tab. Every Search Console API call is made directly from your browser to Google — none of this data routes through our servers.

3. Third-party services we route through

  • Google — OAuth, Search Console API, and (optionally) Google Analytics. Subject to Google’s Privacy Policy.
  • Resend — email delivery for the contact form.
  • Vercel — hosting, edge runtime, and standard server logs.
  • Upstash Redis — short-window rate-limit counters.
  • IndexNow engines (Microsoft Bing, Yandex, Naver, Seznam, Yep) — when you use the IndexNow Submitter, your URL list is shared with these participating engines per the IndexNow protocol.

When a tool fetches a URL you submit (Google Crawler Simulator, AI Crawler Checker, IndexNow Submitter, sitemap loader), the target site’s server may log that request as originating from avinashvagh.com.

4. Cookies and local browser storage

Cookies

We do not set first-party cookies. If Google Analytics is enabled, it sets its standard _ga cookie under your browser’s control.

localStorage keys (persist until you clear them)

  • indexnow:lastSitemap — last submitted sitemap URL (opt-in)
  • indexnow:lastKey — your IndexNow key (opt-in)
  • indexnow:remember — remember-me preference
  • gsc:usage:<site>:<date> — per-property daily inspection counters

sessionStorage keys (cleared when the tab closes)

  • gsc:token — Google Search Console OAuth access token
  • gsc:prefilledUrls — handoff from IndexNow tool, consumed once

You can clear all of this any time via your browser’s site settings, or via the in-tool buttons (e.g. Forget saved values on the IndexNow tool, Disconnect on the Google Index Checker).

5. Retention

  • Contact-form emails — kept in our inbox until manually deleted.
  • Analytics data — per Google Analytics’ configured retention (default 26 months unless changed).
  • Rate-limit counters — auto-expire after the rate-limit window (minutes).
  • Browser-local data — kept until you clear it.

6. Your rights

You can ask us to delete any contact-form submission or other personal data you’ve shared. Email coefeewithav@gmail.com and we’ll handle it within a reasonable time.

For Google Search Console access specifically: you can revoke this site’s OAuth grant at any time from myaccount.google.com/permissions. That immediately invalidates the token in your browser.

7. Children

These tools are not directed at children under 13, and we do not knowingly collect personal information from them.

8. Changes to this policy

We may update this policy when we ship new tools or change how data is handled. Material changes will be reflected in the “Last updated” date at the top of this page.

9. Contact

Privacy or data questions: coefeewithav@gmail.com

See also: Terms of Service.