Privacy Policy

    Last updated: 2 June 2025

    1. Who We Are

    SEOforGPT ("SEOforGPT", "we", "us" or "our") is a sole proprietorship operating under Dutch law. SEOforGPT is the controller of the personal data described in this Policy.

    You can reach our privacy team at hello@seoforgpt.io.

    2. Scope of This Policy

    This Privacy Policy applies to personal data processed when you:

    • visit or interact with our website seoforgpt.io and any sub‑domains;
    • create or use an account on the SEOforGPT platform (the "Service");
    • communicate with us via email, chat or social media;
    • receive marketing communications from us.

    3. Personal Data We Collect

    CategoryExamplesSource
    Account dataname, email address, password (hashed), company name, role, avatarProvided by you
    Usage dataIP address, browser & device information, timestamps, pages viewed, clicks, referral URLCollected automatically
    Platform contenttext, files, images and other materials you upload or generate through the ServiceProvided by you
    Payment datalast four digits of card, billing country, subscription details (processed by Stripe)Provided by you / Stripe
    Support datacorrespondence, bug reports, feedbackProvided by you
    Third–party dataOAuth profile data (Google/GitHub), public company info from our website crawlerThird parties

    4. Purposes and Legal Bases

    PurposeLegal basis (Art. 6 GDPR)
    Create and administer your account; provide the ServiceContract performance Art. 6(1)(b)
    Process payments and invoicesContract performance Art. 6(1)(b); Legal obligation Art. 6(1)(c)
    Provide customer supportLegitimate interest Art. 6(1)(f)
    Improve, secure and debug the Service; analyticsLegitimate interest Art. 6(1)(f)
    Send product updates and newslettersConsent Art. 6(1)(a) or Legitimate interest Art. 6(1)(f) (B2B soft opt‑in)
    Comply with legal obligations (tax, accounting, law‑enforcement requests)Legal obligation Art. 6(1)(c)

    If we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

    5. Cookies and Similar Technologies

    We use:

    • Essential cookies – required for site functionality and security;
    • Analytics cookies – help us understand how the Service is used;
    • Marketing cookies – allow us to deliver relevant content.

    You can manage cookie preferences via our banner or your browser settings. For more detail please see our [Cookie Policy].

    6. How Long We Keep Your Data

    We keep personal data only as long as necessary:

    • Account data – for the lifetime of your account and up to 12 months after closure;
    • Financial records – 7 years (statutory requirement);
    • Support tickets – 24 months;
    • Back‑ups – retained securely for 30 days before automatic deletion.

    7. Sharing and Disclosure

    We never sell your data. We share it only with:

    RecipientRoleSafeguards
    Netlify, Inc. (USA)Front‑end hosting & CDNStandard Contractual Clauses ("SCCs")
    Supabase Inc. (Ireland / USA)Managed database, authentication & storageSCCs; EU region option
    OpenAI, L.L.C. (USA)AI content generationSCCs + data residence controls
    Stripe Payments Europe Ltd. (Ireland)Payment processingGDPR‑compliant DPA
    Competent public authoritiesLegal complianceLegal obligation

    All processors act under written Data Processing Agreements and only on our instructions.

    8. International Transfers

    Where personal data is transferred outside the European Economic Area ("EEA"), we rely on:

    • an adequacy decision of the European Commission; or
    • Standard Contractual Clauses and supplementary safeguards such as encryption and strict access controls.

    9. Security Measures

    We implement appropriate technical and organisational measures including:

    • HTTPS/TLS encryption in transit and AES‑256 encryption at rest;
    • Least‑privilege access controls and role‑based permissions;
    • Regular penetration testing and vulnerability scanning;
    • 2‑factor authentication for staff and critical systems;
    • Business continuity and incident response procedures.

    10. Your Rights

    Subject to conditions and limitations under the GDPR, you have the right to:

    1. Access your personal data;
    2. Rectify inaccurate or incomplete data;
    3. Erase data ("right to be forgotten");
    4. Restrict processing;
    5. Object to processing based on legitimate interests or direct marketing;
    6. Data portability (receive data in machine‑readable format);
    7. Withdraw consent at any time;
    8. Lodge a complaint with the Dutch Supervisory Authority (Autoriteit Persoonsgegevens) or your local authority.

    To exercise your rights, email hello@seoforgpt.io.

    11. Automated Decision‑Making and Profiling

    We do not use personal data for decisions producing legal or similarly significant effects based solely on automated processing.

    12. Children

    Our Service is not directed at children under 16. We do not knowingly process children's data. If you believe we have collected such data, please contact us immediately.

    13. Changes to This Policy

    We may amend this Policy from time to time. We will post the updated version on this page and, if changes are material, notify you via the Service or email. Please review this page periodically.

    14. Contact

    If you have questions about this Policy or our privacy practices, contact us at:

    SEOforGPT
    Email: hello@seoforgpt.io
    Operating under Dutch law

    Version 1.0 – Effective 2 June 2025