Privacy Policy

1. Who We Are

OptimAI is operated by thus(digital) Ltd, registered in England and Wales. We are the data controller for the personal data we process through this service.

Contact: hello@optimai.live

2. What Data We Collect

Account data (from Google Sign-In)

• Email address
• Display name
• Profile picture URL
• Google account identifier

We receive this data when you sign in with Google. We do not access your Google Drive, Gmail, contacts, or any other Google services.

Usage data

• URLs and keywords you analyse
• Analysis results and scores
• Credit transactions (purchases and usage)

Technical data

• IP address (server logs)
• Browser type and version
• Access timestamps

3. How We Use Your Data

• Account management: To create and maintain your account, authenticate you, and manage your credit balance.
• Service delivery: To perform SEO analyses, store your history, and generate reports.
• Communication: To send you service-related notifications (e.g. purchase confirmations). We do not send marketing emails without explicit consent.
• Service improvement: To understand usage patterns and improve the product. We do not sell your data to third parties.

4. Legal Basis for Processing (GDPR)

• Contract: Processing necessary to provide the Service you signed up for.
• Legitimate interest: Service improvement, security, and fraud prevention.
• Consent: Marketing communications (where applicable).

5. Data Sharing

We share data with the following categories of processors to deliver the Service:

• Supabase (database hosting) - stores account and analysis data
• Hetzner (server hosting) - processes requests
• Stripe (payments) - processes credit purchases
• Google (authentication) - verifies sign-in
• DataForSEO, Google PageSpeed (data providers) - provide SEO metrics for analyses

We do not sell, rent, or trade your personal data to any third party.

6. Data Retention

• Account data: Retained for the lifetime of your account. Deleted within 30 days of account deletion request.
• Analysis data: Retained for the lifetime of your account to support history and tracking features.
• Server logs: Retained for 90 days for security and debugging purposes.

7. Your Rights (GDPR)

If you are in the UK or EEA, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

To exercise any of these rights, contact hello@optimai.live.

8. Cookies

We use minimal cookies and local storage:

• Session token: Stored in localStorage to maintain your signed-in session. This is essential for the Service to function.
• Google Sign-In: Uses cookies set by Google for authentication.

We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), secure password hashing, and access controls. However, no method of transmission over the internet is 100% secure.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the Service. The "last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or requests, contact us at hello@optimai.live.