This Privacy Policy applies to SEO Capitalist ("Platform", "we", "us", or "our"), operated by Apollo Digital EOOD, a company registered in Bulgaria (EIK: 208750949), with registered address in Sofia, Bulgaria. This policy explains how we collect, use, store, and protect your personal information when you use our platform at seocapitalist.com.

By accessing or using SEO Capitalist, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Platform.

1. Information We Collect

We collect the following categories of information:

• Account Information: Your name, email address, and password when you register for an account.
• Business Information: Website URLs, business descriptions, target audiences, and competitor information that you provide during onboarding or project setup.
• Google Search Console Data: When you connect your Google Search Console account, we access your verified property list and search analytics data (queries, pages, impressions, clicks, positions) solely to provide our SEO features.
• Content Data: Articles, keywords, and content plans you create or import within the Platform.
• Integration Credentials: Encrypted credentials for third-party platforms you connect (e.g., WordPress, Shopify, Webflow, Notion). These are stored in encrypted form and never shared with third parties.
• Usage Data: Log data, IP addresses, browser type, pages visited, and actions taken within the Platform for analytics and security purposes.
• Payment Information: Billing details processed through Stripe. We do not store credit card numbers directly — all payment data is handled by Stripe in accordance with PCI-DSS standards.

2. How We Use Your Information

We use the collected information to:

• Provide, operate, and improve the SEO Capitalist platform
• Generate AI-powered SEO content based on your inputs
• Analyze your Google Search Console data to provide keyword insights, internal linking suggestions, and content recommendations
• Publish content to your connected CMS platforms
• Process payments and manage your subscription
• Send transactional emails (account confirmations, billing receipts, important platform updates)
• Respond to support requests and communicate with you about your account
• Monitor platform security and prevent fraudulent activity
• Comply with legal obligations under applicable law

3. Google API Services

SEO Capitalist integrates with Google Search Console via OAuth 2.0. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• We only request the minimum necessary scopes (webmasters.readonly) to provide our features.
• Google Search Console data is used exclusively to power SEO features within the Platform and is never sold or shared with third parties for advertising purposes.
• Access tokens and refresh tokens are encrypted using AES-256-CBC encryption before being stored in our database.
• You can disconnect your Google Search Console at any time from your project settings, which will delete all stored tokens.

4. Third-Party Services

We use the following third-party services to operate the Platform:

• Supabase: Database and authentication infrastructure. Data is stored on servers within the European Union.
• OpenAI: AI content generation. Content prompts and inputs are sent to OpenAI for processing in accordance with their Privacy Policy.
• Firecrawl: Website scraping for auto-fill and content analysis features.
• Ahrefs: SEO metrics (Domain Rating, organic traffic) fetched during onboarding.
• DataForSEO: Keyword research data and SERP analysis.
• Stripe: Payment processing. We do not store payment card data directly.
• Vercel / Hetzner: Hosting infrastructure.
• QStash (Upstash): Asynchronous job processing for content generation.

5. Data Storage and Security

We take the security of your data seriously and implement the following measures:

• All third-party credentials (Google, CMS platforms) are encrypted using AES-256-CBC encryption before storage.
• All data transmissions use HTTPS/TLS encryption.
• Database access is restricted using Row Level Security (RLS) policies — users can only access their own data.
• Passwords are hashed and never stored in plain text.
• Regular security audits and monitoring are conducted.

Despite these measures, no system is completely immune to security breaches. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data is retained until you delete your account.
• Google Search Console tokens are deleted immediately upon disconnecting your GSC integration.
• Content and project data is retained until you delete the project or close your account.
• Payment records are retained for 7 years as required by Bulgarian and EU financial regulations.

7. Your Rights (GDPR)

As a company registered in Bulgaria and operating within the European Union, we comply with the General Data Protection Regulation (GDPR). You have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Data Portability: Request your data in a machine-readable format.
• Right to Object: Object to processing of your personal data for certain purposes.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@seocapitalist.com. We will respond within 30 days.

8. Cookies

We use essential cookies to maintain your session and authentication state. We do not use third-party advertising cookies. The following cookies may be set:

• Authentication cookies: Required to keep you logged in during your session.
• Preference cookies: To remember your platform settings.

9. Children's Privacy

SEO Capitalist is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or a prominent notice on the Platform. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Company: Apollo Digital EOOD
• Registration: Bulgaria, EIK 208750949
• Email: privacy@seocapitalist.com
• Website: seocapitalist.com