Legal

Privacy Policy

Last Updated: March 1, 2026

AgentSEO (“we”, “us”, or “our”) provides an SEO intelligence API, dashboard, website, and related support and billing services. This Privacy Policy explains what personal information we collect, where it comes from, how we use it, when we share it, how long we keep it, and the rights and choices that may apply to you.

This policy is intended to be concise, transparent, and easy to use. It applies to our website, dashboard, API, hosted MCP endpoint, support interactions, and related communications. If you are a business customer and we process personal data on your behalf as a processor or service provider, our Data Processing Addendum also applies.

1. Who We Are

AgentSEO is the controller for personal information we use to operate our business, including account, authentication, billing, support, security, marketing, and website analytics data. When customers submit content, prompts, domains, URLs, or other data through the API or dashboard for us to process on their behalf, we generally act as a processor or service provider for that customer data.

2. Information We Collect

We may collect the following categories of personal information:

  • Account and identity data: name, email address, account IDs, organization or workspace identifiers, and authentication-related data from our identity providers.
  • API and product usage data: API key identifiers, request metadata, endpoint usage, job status, timestamps, project and workflow attribution headers, logs, and error events.
  • Customer-submitted content: URLs, domains, business names, keywords, prompts, query parameters, webhook endpoints, and other content submitted through the API, dashboard, or support channels.
  • Billing and commercial data:subscription plan, invoice state, payment status, transaction metadata, and limited billing profile information from our payment processor. We do not store full payment card numbers.
  • Support and communications data:contact form submissions, emails, support messages, attachments, and related anti-abuse metadata such as IP-derived or device signals.
  • Website, cookie, and analytics data: cookie identifiers, session data, device/browser information, IP-derived geolocation, product analytics events, and website interaction data.
  • Security and fraud-prevention data: logs, rate-limit events, abuse signals, hashed or truncated technical identifiers, and security review records.

3. Sources of Information

We collect personal information:

  • Directly from you when you create an account, contact us, or use the website or dashboard.
  • From your use of the API, hosted MCP endpoint, SDKs, and related tools.
  • From service providers that help us authenticate users, process payments, host infrastructure, measure analytics, or monitor errors.
  • From customer instructions and customer-submitted data when we process jobs on a customer’s behalf.
  • From automated technologies such as cookies, server logs, and telemetry tools.

4. How We Use Information

We use personal information to:

  • Provide, operate, secure, debug, and improve AgentSEO.
  • Authenticate users, manage accounts, and issue or revoke API keys.
  • Process API requests, async jobs, webhook deliveries, and customer-configured workflows.
  • Process billing, subscriptions, renewals, invoices, and account changes.
  • Monitor reliability, investigate incidents, prevent abuse, and enforce our Terms of Service.
  • Respond to support requests, service notices, and operational communications.
  • Measure product usage and improve documentation, performance, and developer experience.
  • Comply with legal obligations, resolve disputes, and protect our rights, users, and systems.

5. Legal Bases for Processing

Where data protection law requires a legal basis, we typically rely on one or more of the following:

  • Contract: to provide the services you request, including account access, API processing, and billing.
  • Legitimate interests: to secure and improve the service, prevent abuse, monitor performance, understand usage, and communicate with customers.
  • Consent: where required for non-essential cookies, marketing, or similar activities.
  • Legal obligation: where processing is necessary to comply with applicable law, regulation, court order, or lawful request.

6. Cookies and Similar Technologies

We use cookies and similar technologies for essential functionality, security, analytics, and product improvement. Some cookies are necessary to run the site, including session and authentication-related cookies. Others help us understand how the website and product are used. You can manage cookies through your browser settings, and where legally required we request consent before placing non-essential cookies.

7. How We Share Information

We do not sell personal information. We may disclose personal information to:

  • Service providers and subprocessors that help us operate the product and business, such as providers for identity, hosting, storage, infrastructure, payments, analytics, monitoring, email, and support.
  • Upstream data and search providers when needed to fulfill SEO intelligence requests you submit through the service.
  • Professional advisors such as lawyers, accountants, auditors, or insurers where needed for legitimate business purposes.
  • Authorities or counterparties where required by law, to investigate fraud or abuse, to protect rights and safety, or in connection with legal claims.
  • Acquirers or successors in connection with a merger, financing, acquisition, reorganization, or sale of assets.

Current material providers may include Clerk (authentication), Supabase (database and storage), Stripe (payments), PostHog (product analytics), Sentry (error monitoring), Vercel (hosting and deployment), Resend (email), and upstream SEO/data providers used to process customer requests. Provider lists may change over time as our service evolves.

8. Data Retention

We keep personal information only as long as reasonably necessary for the purposes described in this policy, including to provide the service, maintain account history, secure the platform, handle billing, resolve disputes, and comply with legal obligations. Retention periods vary by data type. For example:

  • Account and billing records may be retained for tax, accounting, and fraud-prevention purposes.
  • Operational logs and job metadata may be retained for reliability, security, audit, and abuse-prevention needs.
  • Support records may be retained to resolve prior issues, train support processes, and preserve legal records.
  • Customer-submitted data may be retained according to service configuration, customer instructions, and operational needs, subject to legal exceptions.

9. International Transfers

We and our providers may process information in the United States and in other jurisdictions where we or our service providers operate. If we transfer personal information across borders, we rely on appropriate legal mechanisms where required, such as contractual safeguards or comparable transfer measures.

10. Security

We use reasonable technical and organizational measures designed to protect personal information, including access controls, encrypted transport, environment-scoped secrets, monitoring, rate limits, and operational review processes. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

11. Privacy Rights and Choices

Depending on where you live and subject to applicable law, you may have rights to access, correct, delete, or obtain a copy of your personal information, object to or restrict certain processing, withdraw consent where consent is used, or appeal certain decisions. California residents may also have rights to know, delete, correct, and opt out of sale or sharing if applicable. We do not sell personal information.

To submit a request, email daniel@joytecnologies.com. We may need to verify your identity before fulfilling certain requests. Authorized agents may make requests where permitted by law.

We do not currently use personal information to make solely automated decisions that produce legal or similarly significant effects about individuals.

12. Do Not Track / Global Privacy Control

Some browsers and extensions provide privacy preference signals such as Global Privacy Control (GPC). Where legally required, we treat recognized opt-out preference signals as valid requests for applicable opt-out rights.

13. Children's Privacy

AgentSEO is intended for business and developer use and is not directed to children under 13. We do not knowingly collect personal information from children under 13.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date and, where required, provide additional notice.

15. Contact and Complaints

Questions about this Privacy Policy or privacy requests can be sent to daniel@joytecnologies.com. If applicable law gives you the right to complain to a supervisory authority or regulator, you may also do so.

16. Related Legal Terms

Your use of AgentSEO is also governed by our Terms of Service. If you are a business customer and require processor terms, see our Data Processing Addendum.