Privacy Policy

Agentic SEO ("we", "us", "our") operates the Agentic SEO platform at myagenticseo.com, a multi-tenant SaaS application for AI-powered SEO analysis, content strategy, and article generation.

We are the data controller for the personal data processed through our service. For any privacy-related inquiries, you can reach us at hello@myagenticseo.com.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have. It applies to all users of our hosted service.

We collect the following categories of information:

• Account information — When you sign in via Google OAuth, we receive your name, email address, and profile picture from Google. We do not store your Google password.
• Google Search Console data — If you connect GSC, we access your search performance data (queries, impressions, clicks, positions) in read-only mode. We store this data to provide analytics and recommendations.
• Project data — Content you create within the platform: SEO projects, site crawl results, content briefs, generated articles, writing style samples, and chat conversations with our AI agent.
• API keys — We store encrypted credentials for connected services (e.g., Google Search Console tokens). See Section 5 for details.
• Payment information — Billing is handled by Stripe. We do not store your credit card details. We receive from Stripe your subscription status, Stripe customer ID, and payment history.
• Usage data — We log message counts, AI token usage, and cost data to enforce tier limits and for billing purposes.
• Writing samples — If you upload writing samples for style analysis, we process them to extract your writing style profile. The samples and resulting style data are stored with your project.
• AI-generated task data — Our AI agent autonomously creates persistent task records containing SEO findings and recommendations based on its analysis of your site and search data. These tasks are stored with your project and may be included in AI provider context on subsequent requests to provide continuity.
• Consultation interest — If you click "Book Free Consultation" on the task board, we store your name and email address to follow up about consultation scheduling. We also store a behavioral timestamp (consultation_dismissed_at) when you dismiss the consultation prompt, to avoid showing it again.

We use your data for the following purposes:

• Service operation — To provide our SEO analysis, content generation, and site crawling features.
• AI routing — To send your prompts and project context to AI model providers for generating responses, content briefs, and articles.
• Billing and usage tracking — To manage subscriptions, enforce tier limits, and track managed-key AI costs.
• Internal usage metrics — We track message counts and cost data in our own database to monitor service health and improve the platform. We do not use any third-party analytics services.
• Communication — To respond to support requests sent to our contact email.

We do not use your data for advertising, user profiling, or selling to third parties.

Legal Basis for Processing (GDPR Art. 6)

• Contract performance — Service operation, AI routing, billing, and usage tracking are necessary to provide you the service you signed up for.
• Legitimate interest — Internal usage metrics and product update emails, where we have a genuine business need and the impact on your privacy is minimal. You can opt out of product emails at any time.
• Consent — Optional integrations (Google Search Console, Webflow publishing) are only activated when you explicitly connect them.

Our service uses AI language models to analyze your SEO data, generate content, and provide recommendations. When you interact with our AI agent, your messages and relevant project context are sent to third-party AI providers for processing.

We route AI requests through OpenRouter, which may forward them to providers including OpenAI, Anthropic, Google, Meta, and others depending on the model you select.

Each AI provider has its own data handling and privacy policies. We encourage you to review the privacy policies of the providers whose models you use. We do not control how these providers process data once it leaves our system.

Important: Do not include sensitive personal information (financial data, health records, government IDs) in your conversations with the AI agent, as this data will be transmitted to third-party providers.

We implement the following security measures to protect your data:

• Database — Your data is stored in Supabase (hosted on AWS infrastructure). All database tables use Row-Level Security (RLS), ensuring each user can only access their own data.
• Encryption at rest — API keys and Google OAuth tokens are encrypted using AES-256-CBC before storage. The encryption key is managed server-side and never exposed to the client.
• Encryption in transit — All data transmitted between your browser and our servers uses HTTPS/TLS encryption.
• Authentication — We use Supabase Auth with Google OAuth. Session tokens are managed securely and refreshed on every request.
• Hosting — The application is hosted on Vercel with automatic security updates and DDoS protection.

We use essential cookies only. We do not use analytics, tracking, or advertising cookies.

The cookies we set are:

• Supabase auth cookies (sb-*) — These are strictly necessary for authentication and session management. They store your encrypted session token so you remain logged in across page loads.

Because we only use essential cookies that are strictly necessary for the service to function, we do not require a cookie consent banner under GDPR. You can delete these cookies at any time through your browser settings, but doing so will log you out.

We share data with the following third-party service providers, solely to operate our service:

• Supabase — Database hosting, authentication, and storage (AWS infrastructure, US region).
• Stripe — Payment processing. Stripe receives your email and payment details for subscription management.
• OpenRouter / AI providers — Your prompts and project context are sent to AI providers for content generation and analysis.
• Google — OAuth authentication and Google Search Console API access (read-only).
• DataForSEO — Keyword and search query data is sent to DataForSEO for SERP analysis, keyword research, and competitor discovery.
• Resend — We use Resend to send transactional and product update emails to your registered email address.
• Webflow — If you use the Webflow publishing integration, article content is sent to your Webflow site via their API.
• Vercel — Application hosting and CDN.

We do not sell, rent, or trade your personal data to any third party. We do not share data with data brokers or advertising networks.

We retain your data for as long as your account is active. When you delete a project, all associated data (crawl results, briefs, articles, chat history, writing samples) is cascade-deleted from our database.

If you delete your account, all your data — including all projects, API keys, configuration, and usage logs — is permanently removed. We do not retain backups of deleted user data beyond standard database backup windows (up to 30 days), after which it is permanently purged.

Stripe retains payment records independently in accordance with their own data retention policy and applicable financial regulations.

Depending on your location, you may have the following rights regarding your personal data:

Under GDPR (EU/EEA residents)

• Right of access — Request a copy of all personal data we hold about you.
• Right to rectification — Request correction of inaccurate data.
• Right to erasure — Request deletion of your data ("right to be forgotten").
• Right to data portability — Receive your data in a structured, machine-readable format.
• Right to restrict processing — Request that we limit how we use your data.
• Right to object — Object to processing based on legitimate interests.
• Right to withdraw consent — Where processing is based on consent, withdraw it at any time.
• Right to lodge a complaint — You have the right to lodge a complaint with a supervisory authority in your EU/EEA member state if you believe our processing of your personal data violates GDPR.

Under CCPA (California residents)

• Right to know — What personal information we collect, use, and share.
• Right to delete — Request deletion of your personal information.
• Right to opt-out — We do not sell personal information, so this right is automatically satisfied.
• Right to non-discrimination — We will not discriminate against you for exercising your rights.

To exercise any of these rights, contact us at hello@myagenticseo.com. We will respond within 30 days (or within the time required by applicable law).

Our infrastructure providers (Supabase, Vercel, Stripe) operate primarily in the United States. If you are located in the EU/EEA, your data may be transferred to and processed in the US.

These transfers are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission, as well as the data processing agreements of our infrastructure providers. We ensure that all transfers comply with applicable data protection laws.

Agentic SEO is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us at hello@myagenticseo.com and we will promptly delete it.

Agentic SEO is open-source software licensed under the AGPL-3.0 license. This Privacy Policy applies specifically to the hosted service operated at myagenticseo.com.

If you self-host an instance of Agentic SEO, you are responsible for your own data handling practices and privacy compliance. This policy does not apply to self-hosted instances.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:

hello@myagenticseo.com