Privacy Policy

3. Information We Collect

3.1 Information You Provide

• Account Information: Email address, name (when creating an account)
• Product Data: Product titles, descriptions, keywords you input for optimization
• Payment Information: Processed securely through Stripe (we don't store payment details)
• Communication Data: Messages you send us through contact forms or support channels

3.2 Information Automatically Collected

• Usage Data: How you interact with our service, features used, time spent
• Technical Data: IP address, browser type, device information, operating system
• Analytics Data: Through Google Analytics and Meta Pixel (with your consent)
• Cookies and Tracking: As described in our Cookie Policy

3.3 Integration Data

• Shop Data: Store information and listing data (when provided)
• Access Tokens: Secure tokens for authorized integrations (when applicable)
• Listing Metadata: Product categories, tags, pricing information

4. How We Use Your Information

4.1 Service Provision (Legal Basis: Contract Performance)

• Generate AI-powered SEO recommendations for your product listings
• Optimize product titles, descriptions, and tags
• Provide personalized content suggestions
• Manage your account and subscription

4.2 Service Improvement (Legal Basis: Legitimate Interest)

• Analyze usage patterns to improve our AI algorithms
• Develop new features and optimize existing ones
• Monitor service performance and reliability

4.3 Communication (Legal Basis: Contract Performance/Consent)

• Send service updates and important notifications
• Provide customer support
• Send marketing communications (with your consent)

4.4 Legal Compliance (Legal Basis: Legal Obligation)

• Comply with applicable laws and regulations
• Respond to legal requests and prevent fraud
• Maintain records as required by law

5. Third-Party Data Processors

We work with trusted third-party service providers who process your data on our behalf. All processors are bound by strict data protection agreements and GDPR compliance requirements.

5.1 AI and Content Processing

• OpenAI (United States): AI content generation and optimization
• Legal Basis: Standard Contractual Clauses (SCCs) for EU-US data transfers
• Data Processed: Product descriptions, titles, keywords (no personal data)

5.2 Payment Processing

• Stripe (Ireland/United States): Secure payment processing and subscription management
• Legal Basis: Adequacy decision (Ireland) and SCCs (US operations)
• Data Processed: Payment information, billing addresses, transaction data

5.3 E-commerce Integration

• Third-party Services: Marketplace integrations and listing management services
• Legal Basis: Standard Contractual Clauses (SCCs) for EU-US data transfers
• Data Processed: Shop data, product listings, OAuth tokens

5.4 Hosting and Infrastructure

• Replit (United States): Application hosting and infrastructure services
• Legal Basis: Standard Contractual Clauses (SCCs) for EU-US data transfers
• Data Processed: All application data, user accounts, usage logs

5.5 Analytics and Marketing (With Consent)

• Google Analytics: Website usage analytics and performance monitoring
• Meta Pixel: Social media advertising and conversion tracking
• Legal Basis: Your explicit consent through our cookie management system

6. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion
• Product Optimization Data: Stored for 2 years to improve our AI algorithms
• Payment Records: Retained for 7 years as required by tax and accounting laws
• Marketing Consent: Until you withdraw consent or after 3 years of inactivity
• Analytics Data: Anonymized after 26 months (Google Analytics default)

7. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Restrict Processing: Limit how we process your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing or analytics

To exercise these rights, contact us at [info.craftseoai@gmail.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in transit and at rest using industry-standard protocols
• Regular security assessments and vulnerability testing
• Access controls and authentication for all systems
• Employee training on data protection and security practices
• Incident response procedures for potential data breaches

9. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). We ensure adequate protection through:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Adequacy Decisions: For transfers to countries with adequate protection
• Additional Safeguards: Technical and organizational measures for extra security

10. Children's Privacy

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a notice in our application

Your continued use of our service after any changes indicates your acceptance of the updated policy.

12. Contact Information

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local data protection authority.