Privacy Policy

1. Who We Are

OptimAI is operated by thus(digital) Ltd, registered in England and Wales. We are the data controller for the personal data we process through this service.

Contact: support@optimai.live or use the contact form on our help page.

2. What Data We Collect

Account data (from Google or Microsoft Sign-In)

• Email address
• Display name
• Profile picture URL
• Account identifier (Google or Microsoft)

We receive this data when you sign in with Google or Microsoft. We do not access your Drive, email, contacts, or any other services from these providers.

Usage data

• URLs and keywords you analyse
• Analysis results and scores
• Credit transactions (purchases and usage)

Technical data

• IP address (server logs)
• Browser type and version
• Access timestamps

3. How We Use Your Data

• Account management: To create and maintain your account, authenticate you, and manage your credit balance.
• Service delivery: To perform SEO analyses, store your history, and generate reports.
• Communication: To send you service-related notifications (e.g. purchase confirmations). We do not send marketing emails without explicit consent.
• Service improvement: To understand usage patterns and improve the product. We do not sell your data to third parties.

4. Legal Basis for Processing (GDPR)

• Contract: Processing necessary to provide the Service you signed up for.
• Legitimate interest: Service improvement, security, and fraud prevention.
• Consent: Marketing communications (where applicable).

5. Data Sharing

We share data with the following categories of processors to deliver the Service:

• Supabase (database hosting) - stores account and analysis data
• Hetzner (server hosting) - processes requests
• Stripe (payments) - processes credit purchases and Partner subscriptions
• Google / Microsoft (authentication) - verifies sign-in
• PostHog (product analytics) - records anonymised usage events to measure conversion and improve the product. IP addresses are anonymised, Do Not Track is respected.
• Third-party data providers - provide SEO metrics, keyword data, and performance scores for analyses

Some processors may transfer data outside the UK / EEA (for example to the United States). Such transfers are protected by Standard Contractual Clauses or equivalent safeguards as required by UK GDPR.

We do not sell, rent, or trade your personal data to any third party.

6. Data Retention

• Account data: Retained for the lifetime of your account. Deleted within 30 days of an account deletion request.
• Analysis data: Retained for the lifetime of your account to support history and tracking features.
• Server logs: Retained for 90 days for security and debugging purposes.

To request account deletion, email support@optimai.live from the address registered to your account, or use the contact form on our help page.

7. Your Rights (GDPR)

If you are in the UK or EEA, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

To exercise any of these rights, contact support@optimai.live or use the contact form on our help page.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use minimal cookies and local storage:

• Session token (essential): Stored in localStorage to maintain your signed-in session. Required for the Service to function.
• Google / Microsoft Sign-In (essential): Cookies set by your authentication provider during sign-in.
• PostHog analytics (anonymised, opt-in): A first-party cookie used to record anonymised product usage events, only after you accept the consent banner shown on first visit. IP addresses are anonymised, Do Not Track is respected, and you can reject or change your choice at any time by clearing site data. No data is shared with advertising networks.

We do not use advertising cookies and we do not sell or share data with ad networks.

9. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), secure password hashing, and access controls. However, no method of transmission over the internet is 100% secure.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the Service. The "last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or requests, contact us at support@optimai.live or use the contact form on our help page.