[a]the seo agent

Privacy Policy

Last updated: May 1, 2026

This policy explains what data THE SEO AGENT PTY LTD (ACN 697 573 989, registered in Queensland, Australia) collects when you use The SEO Agent (“Service”), why we collect it, who we share it with, and the rights you have over it.

What we collect

  • Account data: name, email address, password hash (or Google OAuth identifier), organisation name, role.
  • Project data: site URL, sitemap, brand voice settings, keyword preferences, articles generated for you, integration settings.
  • Billing data: handled by Stripe. We receive non-card metadata only (last four digits of the card, country, plan, subscription status). We never see or store full card numbers.
  • Usage data: pages viewed, features used, request logs (which include IP address and browser user-agent for security and abuse prevention).
  • Communications: emails you send us and our replies.

Why we use it

  • To operate the Service: authenticate you, run the keyword and content pipelines, deliver generated articles.
  • To bill paid subscriptions, process trial fees, and prevent payment abuse.
  • To improve the Service via aggregated, de-identified product analytics.
  • To send transactional emails (account confirmation, billing receipts, security alerts). You cannot opt out of these while you have an active account.
  • To respond to support requests and meet legal obligations.

Subprocessors

We share the minimum data necessary with the following processors to operate the Service:

  • Supabase (USA) — primary database, authentication, file storage.
  • Vercel (USA) — web application hosting and edge delivery.
  • Cloudflare (USA / global edge) — background workers, queues, and object storage for the content pipeline.
  • Stripe (USA) — payment processing and subscription billing.
  • Anthropic (USA) — language-model inference for article generation. See “AI training” below.
  • PostHog (USA) — product analytics tied to your account ID.
  • Sentry (USA) — error and performance monitoring; error reports may include account ID and request metadata.
  • Google (USA) — optional Search Console integration, only if you explicitly connect it.

We may also use other vendors that handle non-identifying technical data (e.g. SEO data providers, affiliate-tracking pixels). We will update this list when we add a new processor that handles personal data.

AI training

We do not use Your Content to train artificial intelligence models. Anthropic, our language-model provider, does not train its models on prompts or outputs sent through the API by default, and we have not opted in to any training programme.

Cookies and local storage

We use first-party cookies for authentication and a small number of analytics cookies. We also store a theme preference in your browser's local storage. See our Cookie Policy for the full list.

Your rights

You can access, export, or delete your personal data at any time from the Service's settings, or by emailing us at the address below. If we cannot fulfil a request, we will tell you why.

Australian users have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, including the right to access and correct personal information we hold about you, and the right to make a complaint to the Office of the Australian Information Commissioner (OAIC).

EU/UK users have rights under the GDPR and UK GDPR: access, rectification, erasure, restriction, portability, and objection.

California residents have rights under the CCPA/CPRA: to know, to delete, to correct, and to opt out of the sale or sharing of personal information. We do not sell personal information.

Retention

We retain account data while your account is active and for up to 90 days after closure, for backup, audit, and abuse-prevention purposes. Generated articles are retained until you delete them or close your account. Billing records are retained for the period required by Australian tax and accounting law (currently 5 years).

Security

Data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted by our infrastructure providers (Supabase, Cloudflare, Vercel) using their managed encryption. Where the Service stores third-party credentials on your behalf (such as credentials for connected content management systems), those credentials are encrypted with libsodium before storage.

No security control is perfect. If we become aware of an eligible data breach affecting your personal information, we will notify you and the OAIC as required by the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

International transfers

Most of our subprocessors are based in the United States. By using the Service, you acknowledge that your personal data will be transferred to and processed in jurisdictions outside Australia (primarily the United States and the European Union). We rely on contractual protections, including Standard Contractual Clauses for transfers from the EU, and we require all subprocessors to maintain appropriate safeguards.

Children

The Service is not intended for, and not directed to, anyone under 18.

Changes

We will notify you of material changes to this policy by email or in-app notice at least 30 days before they take effect.

Chrome extension

Our Chrome extension “The SEO Agent. Article Audit” (the “Extension”) is a standalone product. It does not require an account and does not connect to the Service described above.

When you click the Extension's toolbar icon on a web page, it reads the page's DOM (headings, meta tags, links, images, JSON-LD scripts, body text) and computes an audit entirely inside your browser. The Extension:

  • does not transmit the page, your browsing activity, or any other data to our servers or to any third party;
  • does not run in the background. It only executes when you click the icon;
  • does not request all-sites host permissions. It uses Chrome's activeTab permission, which grants access only to the tab that has focus when you click;
  • does not use cookies, local storage, or any persistent identifier;
  • does not load remote code. All logic is bundled in the Extension's published package.

Because the Extension transmits nothing, no personal data is collected, shared, sold, or used for any other purpose by us when you use it.

Contact

THE SEO AGENT PTY LTD (ACN 697 573 989). Privacy questions and requests: support@theseoagent.ai.