Privacy Policy

Last updated: April 1, 2026

This Privacy Policy describes how AI SEO Agents ("we", "us", or "our") collects, uses, and protects your information when you use our platform, Shopify app, and WordPress plugin (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you create an account or connect your WordPress site, we collect:

  • Email address (via Cognito authentication)
  • WordPress site URL
  • WordPress username

1.2 Shopify Store Data

When you connect your Shopify store via OAuth:

  • Shop domain and store name
  • Shopify offline access token (stored encrypted with AWS KMS)
  • Blog and article data accessed via the Shopify GraphQL Admin API
  • Shopify Files API data (media library metadata for image sourcing)

We request the following Shopify API scopes: read_content, write_content, read_online_store_pages, write_online_store_pages, read_files, write_files. We do not access customer data, order data, or payment information from your Shopify store.

1.3 WordPress Credentials

When you connect your site via the WordPress plugin:

  • A WordPress Application Password is created and transmitted securely to our API
  • The Application Password is stored encrypted (AES-256) in our database
  • We use this credential solely to publish and manage content on your behalf

1.4 Google Services Data

If you connect Google services (optional):

  • Google Search Console: search performance data (clicks, impressions, positions, queries)
  • Google Analytics: account summaries and property identifiers
  • Google Business Profile: location information (name, address, phone numbers, hours), reviews and review replies, local posts, performance metrics (impressions, clicks, direction requests)
  • Google OAuth refresh tokens (stored encrypted with AWS KMS)

We access Google Search Console and Analytics data in read-only mode. For Google Business Profile, we also perform write operations on your behalf when you explicitly request them (e.g., replying to reviews, creating posts).

1.5 Content Data

When you use the Service, we process:

  • Keywords and article generation parameters you submit
  • Generated article content (stored in Amazon S3)
  • SEO analysis results and scores
  • Job status and progress data

1.6 Usage Data

We automatically collect:

  • API request logs (endpoint, timestamp, response codes)
  • Job execution metrics (duration, token usage)
  • Error logs for debugging purposes

1.7 WordPress Plugin Data

The WordPress plugin stores locally on your server:

  • Your API key (encrypted with AES-256-CBC using your site's authentication salts)
  • Your site registration ID
  • Application Password UUID (for revocation)
  • Connection status

This data is stored in your WordPress database and is not transmitted elsewhere except when making API calls to our Service.

2. How We Use Your Information

DataPurposeLegal Basis
Account infoAuthentication, account managementContract performance
Shopify store dataPublishing content to your storeContract performance
WP credentialsPublishing content to your siteContract performance
Google OAuth / GSC dataSEO metrics, authority scoringConsent
Keywords / parametersAI content generationContract performance
Generated contentStorage, delivery, and publishingContract performance
Usage dataService monitoring, billing, debuggingLegitimate interest

3. Data Storage and Security

3.1 Infrastructure

  • Region: All data is processed and stored in AWS EU-North-1 (Stockholm, Sweden)
  • Encryption at rest: DynamoDB tables use AWS-managed KMS encryption; S3 buckets use server-side encryption (SSE-S3)
  • Encryption in transit: All API communication uses TLS 1.2+
  • Credentials: WordPress Application Passwords and API keys are stored encrypted in DynamoDB using AWS KMS customer-managed keys

3.2 Access Controls

  • API access requires authentication (Cognito JWT or API key)
  • Each user can only access their own sites, agents, and content
  • Lambda functions follow least-privilege IAM policies

4. Third-Party Services

The Service uses the following third-party providers:

ProviderPurposeData Shared
Amazon Web ServicesInfrastructure (compute, storage, database)All service data
Amazon Bedrock (Anthropic Claude)AI content generationKeywords, article content, prompts
FirecrawlWeb scraping for competitor researchTarget keywords, competitor URLs
StripePayment processingBilling information
ShopifyStore platform (OAuth, GraphQL Admin API)Store domain, blog content, media files
Google (Search Console, Analytics, Business Profile)SEO metrics, search performance, business profile managementOAuth tokens, search queries, traffic data, business profile data, reviews, posts
UnsplashStock image sourcingImage search queries

Each provider has their own privacy policy. We encourage you to review them.

4a. Google API Services User Data Policy

This section describes how AI SEO Agents accesses, uses, stores, and shares Google user data, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

Data We Access

With your explicit authorization via OAuth consent, we access:

  • Google Search Console: search performance metrics (clicks, impressions, CTR, average position, top queries and pages)
  • Google Analytics: account summaries and property identifiers
  • Google Business Profile: location details, reviews, local posts, and performance insights (impressions, clicks, calls, direction requests)

How We Use Google Data

Google user data is used solely to provide the Service to you:

  • Displaying SEO metrics and performance dashboards within our platform
  • Computing authority scores and tracking keyword rankings
  • Managing your Google Business Profile: posting updates, replying to reviews, and viewing performance insights — only when you explicitly initiate these actions

Data Sharing, Transfer, and Disclosure

We do not sell, rent, or trade Google user data to any third party. We do not use Google user data for advertising, data brokering, or any purpose unrelated to providing the Service.

Google user data may be shared with the following service providers solely to deliver the Service:

  • Amazon Web Services (AWS): infrastructure provider — data is stored encrypted (AES-256) in EU-North-1 (Stockholm, Sweden)
  • Amazon Bedrock (Anthropic Claude): AI model used to generate review reply suggestions — only when you explicitly request an AI-generated reply. Review text is sent to the model; no other Google data is shared.

Data Storage and Protection

  • Google OAuth refresh tokens are encrypted with AWS KMS (AES-256) at rest
  • Google metrics data is stored in DynamoDB with a 90-day TTL
  • All data resides in the EU (AWS EU-North-1, Stockholm, Sweden)
  • Access is restricted via IAM least-privilege policies

Revoking Access

You can disconnect Google services at any time from the Settings page in our dashboard. When you disconnect:

  • Your Google OAuth tokens are immediately deleted from our database
  • We stop accessing any Google data on your behalf
  • Previously collected metrics data is retained per our data retention policy and deleted upon request

You can also revoke access from your Google Account permissions page.

5. Data Retention

  • Generated articles: Retained in S3 with 90-day lifecycle policy (moved to Glacier after 90 days)
  • Job records: Retained in DynamoDB for the duration of your subscription
  • WebSocket connections: Ephemeral, TTL of 2 hours
  • API logs: Retained for 30 days in CloudWatch
  • Account data: Retained until account deletion or 12 months after subscription cancellation

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data we hold
  • Correct inaccurate personal data
  • Delete your personal data ("right to be forgotten")
  • Export your data in a portable format
  • Restrict processing of your personal data
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at privacy@aiagentssee.com.

7. Shopify App Data Handling

7.1 Shopify App Uninstallation

When you uninstall the Shopify app from your store:

  • Your Shopify OAuth access token is immediately deleted from our database
  • Your site registration is removed
  • Previously published articles remain on your Shopify store (they are your content)
  • Generated articles in S3 are retained per our data retention policy and deleted upon request

7.2 Shopify Mandatory GDPR Webhooks

We comply with Shopify's mandatory privacy webhooks:

  • Customer Data Request (customers/data_request): When a merchant's customer requests their data, we respond with any data we hold related to that customer. Our app does not collect or store end-customer personal data — we only process store-level content (blog articles, pages, media).
  • Customer Data Erasure (customers/redact): When a merchant's customer requests deletion, we delete any data we hold related to that customer. As our app does not store customer personal data, no action is typically required.
  • Shop Data Erasure (shop/redact): Within 48 hours of receiving this webhook after app uninstallation, we delete all data associated with the shop, including OAuth tokens, site configuration, and any generated content references.

7.3 No Customer Personal Data

Our Shopify app does not access, collect, or store personal data of your store's customers. We do not request access to customer, order, or checkout data. Our API scopes are limited to content management (blog articles, pages) and file management (media library).

7.4 Compliance

Our Shopify app complies with Shopify's Partner Program Agreement and API License and Terms of Use. We respond to all mandatory compliance webhooks within 30 days as required.

8. Disconnecting Your WordPress Site

When you disconnect your WordPress site from the Service:

  • The Application Password is revoked immediately
  • Your site registration is removed from our database
  • Previously published articles remain on your WordPress site (they are your content)
  • Generated articles in S3 are retained per our data retention policy

9. Plugin Uninstallation

When you uninstall the WordPress plugin, all locally stored data is removed from your WordPress database, including:

  • Encrypted API key
  • Site registration ID
  • Application Password UUID
  • All plugin settings and transient caches

10. Cookies

The web dashboard uses session cookies for authentication (Cognito). The WordPress plugin and Shopify app do not set any cookies on your site's frontend or storefront.

11. CCPA Disclosure (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of your personal information — we do not sell personal information to third parties
  • Non-discrimination for exercising your privacy rights

To exercise your CCPA rights, contact us at privacy@aiagentssee.com.

12. International Data Transfers

All data is processed and stored in the European Union (AWS EU-North-1, Stockholm, Sweden). If you access the Service from outside the EU, your data will be transferred to and processed in the EU. We rely on standard contractual clauses and AWS's data processing agreements to ensure adequate data protection for international transfers.

13. Children's Privacy

The Service is not directed at individuals under 18. We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or a notice on the Service. The "Last updated" date at the top reflects the most recent revision.

15. Contact Us

For privacy-related questions or requests:

Email: privacy@aiagentssee.com

Website: https://aiagentssee.com