Privacy Policy

SEObrain (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to your data when you use the SEObrain platform at app.seobrain.io, the website at seobrain.io, our free SEO tools, and all related services (collectively, the “Platform”).
By using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform. This Privacy Policy is incorporated by reference into our Terms and Conditions.

1. Who We Are and How to Contact Us
SEObrain is the data controller responsible for the personal data you provide through the Platform.
Website: https://seobrain.io/
Email: contact@seobrain.io
Support & Demo: https://seobrain.io/book-a-demo/
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at contact@seobrain.io. We aim to respond to all privacy-related inquiries within 30 days.

2. Data We Collect
2.1 Account and Registration Data
When you create a SEObrain account, we collect:
Full name and email address
Password (stored in hashed, encrypted form — we never store plaintext passwords)
Company or organization name (optional)
Billing name and address (collected via our payment processor)
Payment method details (card number, expiry — processed and stored by our payment processor; we do not store raw card data)
2.2 Platform Usage Data
As you use the Platform, we automatically collect:
Keywords, topics, and briefs you enter as inputs to the AI
AI-Generated Content produced on your behalf
Content calendar entries, scheduling preferences, and publishing history
CMS integration configuration (connection status, site URLs, API token metadata — not the tokens themselves in readable form)
Google Search Console data you authorize us to access (rankings, impressions, clicks, CTR)
Feature usage patterns — which tools you use, how often, and workflow sequences
2.3 Technical and Device Data
We automatically collect technical data when you access the Platform:
IP address and approximate geolocation (country/city level)
Browser type, version, and operating system
Device type (desktop, mobile, tablet)
Pages visited, time on page, and navigation paths within the Platform
Referral source (how you arrived at seobrain.io)
Session duration and timestamp data
2.4 Communications Data
If you contact us directly, we collect:
Email correspondence and support ticket content
Demo booking details and scheduling information
Feedback, survey responses, and feature requests you submit
2.5 Free Tool Usage Data
When you use the free SEO tools at seobrain.io/tools/ (Blog Outline Generator, Blog Keyword Generator, Content Brief Generator, Meta Description Generator, AI Article Summarizer), we collect the keyword or URL inputs you provide and the outputs generated. No account is required for free tools; however, IP address and session data are collected for abuse prevention and service improvement.
2.6 Data We Do Not Collect
We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or data relating to criminal convictions. We do not knowingly collect data from children under the age of 18.

3. How We Use Your Data
3.1 To Provide and Operate the Platform
The primary use of your data is to deliver the services you signed up for:
Creating and managing your account and subscription
Executing AI keyword research and content generation based on your inputs
Managing your content calendar and publishing articles to connected CMS platforms
Connecting to and syncing data from Google Search Console
Delivering AI search engine analytics and performance reporting
Processing payments and managing billing cycles
3.2 To Improve the Platform
We use aggregated and anonymized usage data to:
Improve the accuracy, relevance, and quality of AI-Generated Content
Develop new features, tools, and integrations
Identify and fix bugs, performance issues, and usability problems
Understand which features deliver the most value to users
3.3 To Communicate With You
We use your email address to:
Send account-related notifications (subscription confirmations, renewal reminders, payment receipts)
Notify you of material changes to our Terms and Conditions or Privacy Policy
Respond to support requests and demo inquiries
Send product updates, new feature announcements, and educational content (you may opt out at any time)
Send security alerts if we detect unusual activity on your account
3.4 For Legal and Compliance Purposes
We may process your data to:
Comply with applicable laws, regulations, and legal obligations
Enforce our Terms and Conditions and protect our legal rights
Prevent fraud, abuse, and unauthorized access to the Platform
Respond to lawful requests from public authorities

4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar data protection laws, we process your personal data on the following legal bases:
Contract Performance: Processing necessary to provide the Platform services you have subscribed to, including account management, content generation, CMS publishing, and billing.
Legitimate Interests: Processing for Platform improvement, security, fraud prevention, and product analytics, where our interests do not override your rights and freedoms.
Consent: Processing for marketing communications and optional analytics. You may withdraw consent at any time by unsubscribing or contacting us.
Legal Obligation: Processing required to comply with applicable laws, respond to legal requests, or exercise/defend legal claims.

5. How We Share Your Data
5.1 We Do Not Sell Your Data
SEObrain does not sell, rent, or trade your personal data to third parties for their marketing purposes. Your data is not a product.
5.2 Service Providers (Data Processors)
We share data with trusted third-party service providers who process data on our behalf under strict contractual obligations:
Payment Processing: We use a PCI-compliant payment processor to handle billing transactions. We share your billing name, email, and plan details. We do not share raw payment card data.
Cloud Hosting and Infrastructure: Our Platform is hosted on cloud infrastructure providers. Your account data and generated content are stored on these servers.
Email Delivery: We use an email service provider to deliver transactional and marketing emails.
Analytics: We use privacy-respecting analytics tools to understand Platform usage patterns. Analytics data is aggregated and does not identify individual users.
Customer Support: We may use support ticketing software that processes the content of your support communications.
5.3 CMS Platform Integrations
When you connect a CMS (WordPress, Webflow, Shopify, or Framer), data including article content, metadata, and publishing instructions is transmitted to those platforms on your behalf. Each third-party platform has its own privacy policy governing how it handles data received through its API.
5.4 Google Search Console
When you authorize Google Search Console integration, your search performance data (rankings, impressions, clicks) is retrieved from Google and stored within your SEObrain account. This data is used solely for your reporting and content recommendations. We do not share your Google Search Console data with third parties.
5.5 Legal Requirements
We may disclose your data if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of SEObrain, our users, or the public.
5.6 Business Transfers
In the event of a merger, acquisition, asset sale, or corporate restructuring, your data may be transferred to the acquiring entity. We will provide notice via email or a prominent notice on the Platform before your data is transferred and becomes subject to a different privacy policy.

6. Cookies and Tracking Technologies
6.1 What We Use
The Platform uses cookies and similar tracking technologies to operate and improve our services:
Essential Cookies: Required for the Platform to function. These include session authentication cookies that keep you logged in and security cookies that prevent cross-site request forgery. These cannot be disabled.
Functional Cookies: Remember your preferences such as language settings, dashboard configuration, and content calendar view.
Analytics Cookies: Help us understand how users interact with the Platform — which pages are visited most, where users encounter difficulties, and how features are used. We use this data in aggregated, anonymized form.
Marketing Cookies: Used on the seobrain.io marketing website to measure the effectiveness of our advertising campaigns. These are not used within the authenticated app.seobrain.io application.
6.2 Third-Party Tracking
The marketing website at seobrain.io uses a Facebook Pixel for conversion tracking on advertising campaigns. This technology collects standard event data (page views, form submissions) to measure ad performance. You can opt out of Facebook ad tracking through your Facebook account settings or via your browser’s privacy controls.
6.3 Managing Cookies
You can control non-essential cookies through your browser settings. Disabling certain cookies may affect Platform functionality. Most browsers allow you to refuse cookies, delete existing cookies, and be notified when new cookies are set. Refer to your browser’s help documentation for instructions.

7. Data Retention
We retain your personal data for as long as necessary to provide the Platform services and fulfill the purposes described in this Privacy Policy:
Account Data: Retained for the duration of your active account, plus 90 days after account deletion to allow for recovery requests.
Generated Content and Calendar Data: Retained while your account is active. Deleted within 90 days of account deletion.
Billing Records: Retained for 7 years to comply with financial record-keeping obligations.
Support Communications: Retained for 3 years after the resolution of your inquiry.
Analytics and Usage Data: Retained in anonymized, aggregated form indefinitely for product improvement purposes.
Free Tool Inputs: Retained for up to 30 days for abuse prevention, then deleted or anonymized.
When your data is no longer required, we securely delete or anonymize it in accordance with industry-standard practices.

8. Data Security
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
All data transmission between your browser and the Platform is encrypted using TLS (HTTPS)
Passwords are hashed using a strong, one-way cryptographic algorithm — we cannot read your password
CMS API keys and authentication tokens are encrypted at rest
Access to production systems and user data is restricted to authorized personnel on a need-to-know basis
We conduct regular security reviews and monitor for suspicious activity
Payment processing is handled by a PCI DSS-compliant processor; we do not store raw card data
Despite these measures, no internet-based service can guarantee absolute security. In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and relevant authorities as required by applicable law, within the timeframes specified by law.

9. Your Privacy Rights
9.1 Rights Under GDPR (EEA and UK Users)
If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:
Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data where there is no compelling reason for us to continue processing it.
Right to Restriction of Processing: Request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability: Receive your personal data in a structured, machine-readable format and transmit it to another controller.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: Lodge a complaint with your local data protection supervisory authority.
9.2 Rights Under CCPA (California Users)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
Right to Opt Out of Sale: We do not sell personal information. This right is not applicable.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
9.3 How to Exercise Your Rights
To exercise any of the rights above, please submit a request to contact@seobrain.io with the subject line “Privacy Rights Request.” We will respond within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

10. Marketing Communications and Opt-Out
With your consent (or where permitted by applicable law), we may send you product updates, new feature announcements, educational content about AI SEO, and promotional offers by email.
You can opt out of marketing emails at any time by:
Clicking the “Unsubscribe” link in any marketing email we send
Updating your communication preferences in your account settings
Emailing contact@seobrain.io with the subject line “Unsubscribe”
Please note that opting out of marketing emails does not opt you out of transactional emails related to your account (such as billing receipts, security alerts, and policy update notifications). These are necessary for account operation.

11. International Data Transfers
SEObrain operates globally and your data may be stored and processed in countries outside your country of residence, including countries that may not have the same level of data protection laws as your home country.
Where we transfer personal data from the EEA or UK to countries not recognized as providing an adequate level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.
By using the Platform, you acknowledge that your data may be transferred and processed in countries outside your jurisdiction. If you have questions about international data transfers, please contact us at contact@seobrain.io.

12. Children’s Privacy
The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data without parental consent, please contact us immediately at contact@seobrain.io and we will take steps to delete such information promptly.

13. Third-Party Websites and Services
The Platform may contain links to third-party websites, and our CMS integrations connect to third-party platforms (WordPress, Webflow, Shopify, Framer). This Privacy Policy applies only to the SEObrain Platform. We are not responsible for the privacy practices of third-party websites or platforms. We encourage you to review the privacy policies of any third-party services you connect to or visit.

14. AI Processing and Automated Decision-Making
14.1 How AI Uses Your Input Data
The Platform uses artificial intelligence models to process the keywords, topics, briefs, and URLs you provide, and to generate content outputs. Your input data is used as context for content generation within your session and account. We use aggregated, anonymized input patterns to improve model performance over time; individual inputs are not used to train publicly shared models without your consent.
14.2 Automated Publishing
If you enable automatic CMS publishing, the Platform will autonomously publish AI-Generated Content to your connected website without a manual trigger from you for each article. This is an automated process. You retain full responsibility for all published content and are advised to configure approval settings within your account to maintain editorial oversight. See Section 5.3 of our Terms and Conditions for more detail.
14.3 No Automated Decisions About You
We do not use automated decision-making or profiling to make decisions that produce legal or similarly significant effects about you as an individual. Our AI processes your content inputs — it does not make decisions about your account status, creditworthiness, or eligibility for services.

15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
Notify you by email to your registered address at least 14 days before the changes take effect
Display a prominent notice within the Platform
Update the “Last Updated” date at the top of this policy
We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after the effective date of the updated policy constitutes your acceptance of the changes. If you do not agree with the revised policy, you should stop using the Platform and delete your account.

16. Contact Us and How to Complain
16.1 Privacy Inquiries
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
Email: contact@seobrain.io
Subject line: “Privacy Inquiry” or “Privacy Rights Request”
Website: https://seobrain.io/
We will respond to all privacy-related inquiries within 30 days.
16.2 Complaints
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. For EEA users, this is the data protection authority in your EU member state. For UK users, this is the Information Commissioner’s Office (ICO) at ico.org.uk.
We encourage you to contact us first so we can address your concern directly before escalating to a supervisory authority.