Privacy Policy

Last updated: April 2026

What we collect

We only collect data that’s needed to provide AutoSEOPilot. Here’s the full list:

  • Account info — email address, name, and Google login credentials (via OAuth, we never see your password).
  • Workspace & site data — workspace name, your site URL, and page data we crawl (titles, content, URLs, health scores).
  • Competitor data — competitor URLs you submit for analysis.
  • Content — drafts, edits, and published content generated through the service.
  • Usage data — how you interact with the service (product analytics, session replay with inputs masked, and heatmaps via PostHog).
  • Payment data — Stripe handles all card details. We never see or store your credit card number.

How we use it

  • To provide and improve AutoSEOPilot — crawling your site, analyzing competitors, generating content.
  • To communicate with you — service updates, billing notices, and material policy changes.
  • To prevent abuse — detecting unauthorized access, spam, or fraud.

We never sell your data. We never use it to build advertising profiles.

AI content generation

To generate SEO content for you, we send your site content, product descriptions, and keyword data to AI providers (OpenAI and Anthropic) via Vercel AI Gateway. These providers process your data solely to generate the content you requested.

Neither OpenAI nor Anthropic train their models on your API data. This is guaranteed under their API terms of service.

Generated content is stored in our database (PostgreSQL via Neon) and Cloudflare R2 storage so you can access, edit, and publish it.

Who we share your data with

We use a small set of trusted services (subprocessors) to run AutoSEOPilot. Each one handles specific data:

  • Stripe — payment processing. Handles card details directly; we never touch them.
  • PostHog — product analytics, hosted in the EU (eu.posthog.com). We use PostHog to understand how you use the product so we can improve it. Session replays mask all input fields by default.
  • OpenAI & Anthropic — AI content generation via Vercel AI Gateway. Receive site content and keywords as prompts; do not train on your data.
  • DataForSEO — SERP and keyword data. We send keywords and URLs, receive search results back.
  • Cloudflare (R2) — object storage for content artifacts.
  • Google — OAuth authentication only. We receive your email and basic profile; Google does not receive your site data.
  • Neon (PostgreSQL) — primary database hosting.

We don’t share your data with anyone else. No ad networks, no data brokers, no exceptions.

Cookies

We use a strictly necessary cookie to keep you logged in (session authentication).

We also use PostHog for product analytics, session replay, and heatmaps. PostHog sets cookies to understand how you use the product so we can improve it. PostHog is hosted in the EU (eu.posthog.com). No data is sold or shared with advertisers.

No marketing cookies. No tracking pixels. No ad networks.

Data storage & security

Your data is stored in the United States and European Union. All data is encrypted in transit (TLS) and at rest where supported by our infrastructure providers.

We take reasonable security measures to protect your information, including access controls, encrypted communications, and regular reviews of who has access to production systems.

Your rights

You can request any of the following at any time by emailing [email protected]:

  • Access — get a copy of all data we hold about you.
  • Correction — fix inaccurate information.
  • Deletion — delete your account and associated data.
  • Export — receive your data in a portable format.

If you’re in the EU or UK, you also have the right under GDPR to: restrict processing, object to processing, request data portability, and lodge a complaint with your local supervisory authority.

Data retention

We keep your data while your account is active. If you delete your account, we remove your personal data within 30 days. Payment records are retained as required by law and tax regulations.

International data transfers

AutoSEOPilot is a US-based company. If you use our service from outside the US, your data may be transferred to and processed in the United States. We use standard contractual clauses or equivalent safeguards to ensure your data is protected during these transfers.

Children’s privacy

AutoSEOPilot is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have, we’ll delete it promptly.

Changes to this policy

We may update this policy from time to time. For material changes, we’ll notify you by email before they take effect. The latest version will always be available at this page.

Contact

Questions about this policy or your data? Reach us at [email protected].

AutoSEOPilot Inc, incorporated in Delaware, USA.

← Back to home