Privacy Policy

Last updated: March 11, 2026

1. Introduction

Welcome to SEO AI Agent ("we," "our," or "us"), operated by seo-ai.biz. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered SEO platform, including our website, web application, and all related services (collectively, the "Service"). Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and organization name. This information is required to provide you with access to the Service and to manage your subscription.

2.2 Website Data

When you connect your WordPress site, we collect your site URL and API credentials. All API credentials are stored encrypted using Fernet symmetric encryption and are never stored in plaintext. We use these credentials solely to read your existing content and publish content you have approved.

2.3 Google Search Console Data

With your explicit consent, we access your Google Search Console data using the webmasters.readonly OAuth scope. This is strictly read-only access. The data we access includes: search queries, click data, impression counts, average page positions, and indexing status. This data is used exclusively to provide SEO analysis and content strategy recommendations within the Service.

2.4 AI-Generated Content

We store the articles, content strategies, analysis results, and other content generated by our AI system on your behalf. This content is associated with your account and organization.

2.5 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, and interaction timestamps. This helps us improve the Service and provide better user experiences.

2.6 Technical Data

We collect technical information including your IP address, browser type and version, device information, and operating system. This data is used for security, fraud prevention, and service optimization.

3. How We Use Your Information

  • Provide SEO analysis, content strategy generation, and AI-powered article writing services
  • Improve and optimize the quality of our Service
  • Process billing and manage your subscription through Stripe
  • Send service-related notifications and updates
  • Maintain security, detect fraud, and prevent abuse of the Service
  • Comply with legal obligations and enforce our Terms of Service

4. Google API Services User Data Policy

SEO AI Agent's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 Scope of Access

We request only the webmasters.readonly OAuth scope from Google. This provides strictly read-only access to your Google Search Console data. We cannot modify any settings or data in your Google Search Console account.

4.2 Data Accessed

The specific data we access from Google Search Console includes: search performance metrics (queries, clicks, impressions, average position) and page indexing status.

4.3 Purpose of Access

We use Google Search Console data exclusively to analyze your search performance and generate SEO strategies and content recommendations. This data drives features such as content gap analysis, declining page detection, keyword cannibalization checks, and topical authority mapping.

4.4 Data Sharing Restrictions

  • We do NOT sell, share, or transfer Google user data to third parties
  • We do NOT use Google user data for advertising or ad targeting purposes
  • We do NOT use Google user data for any purpose other than providing the SEO analysis features described in this policy

4.5 Data Security

All Google-sourced data is stored encrypted and isolated per organization in our multi-tenant architecture. Each organization can only access its own data, enforced at the database query level.

4.6 Revoking Access

You can revoke our access to your Google Search Console data at any time through your Google Account permissions page (https://myaccount.google.com/permissions). You can also disconnect Google Search Console from within the SEO AI Agent application.

4.7 Data Deletion

Upon account deletion or when you revoke Google access, all Google-sourced data associated with your account is permanently deleted from our systems within 30 days.

5. Data Storage & Security

We implement industry-standard security measures to protect your data:

  • PostgreSQL database with encryption at rest
  • Fernet symmetric encryption for all stored credentials (WordPress API keys, OAuth tokens)
  • HTTPS/TLS encryption for all data in transit
  • JWT-based authentication with secure token handling
  • Role-based access control (RBAC) with four permission levels
  • Multi-tenant data isolation — each organization's data is strictly separated at the database level

6. Third-Party Services

We use the following third-party services to operate the platform. Each service receives only the minimum data necessary for its function:

  • Anthropic (Claude AI) — AI content generation, analysis, and strategy recommendations. Article text and site context are sent to Claude for processing. Anthropic's data usage policy applies.
  • Stripe — Payment processing and subscription management. We do not store your credit card details; Stripe handles all payment data securely.
  • Pexels — Stock photography for AI-generated articles. No user data is shared with Pexels.
  • Google Search Console API — Search performance data retrieval with read-only access as described in Section 4.
  • Sentry — Error monitoring and crash reporting to maintain service reliability. May receive sanitized technical data (no personally identifiable information).
  • Redis — Self-hosted caching, rate limiting, and background task management. All data remains within our infrastructure.

7. Data Retention

  • Active accounts: Your data is retained for as long as your subscription is active and your account exists.
  • Cancelled accounts: Data is retained for 30 days after cancellation, then permanently deleted.
  • AI-generated content: Retained until you explicitly delete it or your account is removed.
  • Google Search Console data: Synced weekly during active use. All Google-sourced data is deleted upon account removal or access revocation.

8. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights regarding your personal data:

  • Right to Access — Request a copy of all personal data we hold about you.
  • Right to Rectification — Request correction of inaccurate or incomplete personal data.
  • Right to Erasure — Request deletion of your personal data ("right to be forgotten").
  • Right to Data Portability — Receive your data in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing — Request limitation of how we process your personal data.
  • Right to Object — Object to processing of your personal data for specific purposes.
  • Right to Withdraw Consent — Withdraw previously given consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@seo-ai.biz. We will respond to your request within 30 days. If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.

9. Cookies

We use a minimal set of cookies strictly necessary for the Service to function:

  • Session cookies — Required for authentication and maintaining your logged-in session.
  • Preference cookies — Store your language and theme preferences for a consistent experience.

We do NOT use third-party tracking cookies. We do NOT use advertising cookies. We do NOT use analytics cookies that track individual users across websites.

10. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@seo-ai.biz.

11. International Data Transfers

Our servers are located in the European Union. When data is transferred outside the EU (for example, to AI processing services), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission. We only transfer data to jurisdictions that provide adequate data protection or where appropriate safeguards exist.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email at least 30 days before the changes take effect. Non-material changes may be posted on this page without individual notification. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. We encourage you to review this page periodically.

13. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SEO AI Agent

Email: privacy@seo-ai.biz

Website: seo-ai.biz