This Privacy Policy explains how SEOsite.app ("SEOsite", "we", "us") collects, uses, discloses, and protects personal data when you use our website, editor, marketplace, and hosting services (collectively, the "Services"). We act as a data controller for account and billing data, and as a data processor for the content you publish on your websites.
1. Data We Collect
- Account data: email address, hashed password, authentication provider identifiers.
- Profile data: display name, avatar, language preference.
- Billing data: transaction receipts, invoice history, and payment metadata processed by Stripe. We never store full card numbers on our servers.
- Wallet data: your virtual coin balance and an append-only log of every coin transaction (top-ups, purchases, refunds) required for financial transparency and dispute resolution.
- Site content: pages, modules, media, and settings you create through the editor.
- Usage data: IP address, device and browser information, and interaction logs, used to secure the Services and improve performance.
2. Legal Bases
We process personal data under one or more of the following bases: performance of a contract (Article 6(1)(b) GDPR), compliance with a legal obligation (6(1)(c)), our legitimate interests in operating and securing the Services (6(1)(f)), and, where required, your consent (6(1)(a)).
3. Coin Transaction Transparency
Every coin credit or debit is written to an append-only ledger tied to your tenant. This ledger is not editable — not even by our staff — and exists to guarantee that your wallet balance is auditable at any point in time. You may request an export of your full ledger at any time.
4. Cookies and Similar Technologies
We use strictly necessary cookies to keep you signed in and to remember your preferences. Optional analytics cookies are only set after you opt in. You can manage cookie preferences in your browser at any time.
5. Sharing and Subprocessors
We share personal data only with vetted subprocessors that support the Services, including hosting, database, email delivery, and payment providers. Each subprocessor is bound by a data processing agreement with confidentiality and security obligations.
6. International Transfers
Where personal data is transferred outside the European Economic Area, we rely on adequacy decisions or on Standard Contractual Clauses adopted by the European Commission, together with appropriate supplementary measures.
7. Retention
Account and site content are retained while your account is active. Billing and ledger records are retained for the period required by applicable tax and accounting law. When retention is no longer required, data is deleted or irreversibly anonymised.
8. Your Rights
- Right of access, rectification, and portability.
- Right to erasure ("right to be forgotten"), subject to legal retention duties.
- Right to restrict or object to processing.
- Right to withdraw consent at any time.
- Right to lodge a complaint with your local supervisory authority.
To exercise any of these rights, contact us at privacy@seosite.app.
9. Security
We implement row-level security on all tenant data, encryption in transit (TLS) and at rest, hashed credentials, principle-of-least-privilege access controls, and continuous monitoring.
10. Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated in-app or by email at least 14 days before they take effect.