Legal

Interim v1. Written for our US-only beta and not yet reviewed by counsel. Some details (legal entity name, addresses, effective date) are still being finalized.

Privacy Policy

Interim v1 · Last updated June 2, 2026

On this page

Plain-English summary (30 seconds)

  • SEO Genius is a US-only B2B software product made by Rize Digital. We do not sell to people in the EU or UK.
  • We collect what we need to run the product: your account info, the website and SEO data you connect (Google Search Console, Google Analytics 4, Google Business Profile, crawl data, ranking data), and the records we generate from analyzing it.
  • We do not sell or share your personal information for money or for cross-context advertising. Period.
  • We use a small set of named third-party services (Supabase, Vercel, Stripe, Anthropic, and others listed below) to run the product. Each is contractually bound to protect your data.
  • We learn across customers only through aggregated, anonymized patterns. Your raw site data never leaves your workspace.
  • We watch account and API traffic for unusual activity to catch fraud and abuse and protect your data. See section 3.6.
  • You can see your data, correct it, delete it, or export it at any time from your account settings. California residents have extra rights described in section 6.
  • Questions: privacy@rizedigital.io.

1. Introduction and scope

1.1 Who we are

SEO Genius is a software product operated by [LEGAL ENTITY NAME: pending] ([ENTITY FORM: pending], [STATE OF FORMATION: pending], EIN [EIN: pending]) ("Rize Digital," "we," "us," or "our"). SEO Genius is a B2B subscription product that helps owners and operators of small and mid-sized businesses, plus marketing agencies serving them, run search-engine-optimization analysis and recommendations against the websites they own or are authorized to manage.

1.2 What this policy covers

This Privacy Policy explains what Personal Information we collect about you when you visit our marketing site, sign up for an account, use the SEO Genius product (the "Service"), or communicate with us. It also explains how we use that information, who we share it with, how long we keep it, what choices you have, and how California residents can exercise specific rights under California law.

In this policy:

  • "User," "you," "your" means an individual who registers for or uses the Service, including individuals acting on behalf of a business. The Terms of Service use "Customer" for the same business entity that a User binds; the two labels describe the same relationship.
  • "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person or household. This is the meaning given to "personal information" under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 ("CCPA").
  • "Service" means the SEO Genius web application, related dashboards, APIs, browser extensions, and any tools we make available under the SEO Genius brand.
  • "Sub-processor" means a third party we engage to process Personal Information on our behalf in connection with operating the Service.

1.3 US-only availability

The Service is currently offered only to residents of the United States. We do not market the Service in the European Union, the United Kingdom, or other regions with comprehensive data-protection regimes that we have not designed for. Account creation by people identifying as residents of the EU or UK is blocked at signup. See section 12.

1.4 What this policy does not cover

This policy does not cover:

  • The websites we analyze for you when you connect them. Those sites have their own privacy policies. We process data from them only on your instruction and only to deliver the Service.
  • Third-party services you connect to your SEO Genius account (for example, Google Search Console or Google Analytics 4). Those services have their own privacy policies, and the data you authorize them to share with us is governed by the OAuth permissions you grant.
  • Third-party sites we link to from the Service or our marketing pages.

1.5 Acceptance

By creating an SEO Genius account or otherwise using the Service, you confirm that you have read this Privacy Policy and that the practices described here will apply to your use of the Service. If you do not agree, do not use the Service.

2. What we collect

We collect five categories of information: account data, site and SEO data, derived and generated data, usage data, and marketing data.

2.1 Account data

When you sign up for and maintain an SEO Genius account, we collect:

  • Email address (required, verified by one-time password)
  • Name (optional)
  • Business name (required for paid plans)
  • Role (operator or agency) so we can show you the right interface
  • Password hash (we never store your raw password)
  • Two-factor authentication enrollment status and recovery codes (if you enable it)
  • Billing data, including billing contact name, billing email, billing address, and a Stripe customer identifier. We never see, store, or process your full credit card number. Stripe collects and stores payment-card data on its own systems under PCI DSS. We see only the last four digits and the card brand for display purposes.

2.2 Site and SEO data you connect

When you connect a website or analytics property to SEO Genius, we collect the following on your instruction:

  • Website URL(s) you submit
  • Google Search Console data for properties you connect: queries, pages, clicks, impressions, average positions, country, device, and search appearance dimensions
  • Google Analytics 4 data for properties you connect: sessions, users, events, conversions, traffic source dimensions, page paths, and event parameters within the scopes your OAuth grant allows
  • Google Business Profile data: either through the Google Business Profile API when you connect it, or through structured fields you paste in yourself (business name, address, primary and secondary categories, hours, services, and similar publicly displayed listing information). During the current beta, we do not scrape Google Business Profile pages.
  • Screaming Frog crawl output generated by our self-hosted crawler: page URLs, HTTP status codes, response headers, HTML body, page titles, meta descriptions, heading structure, internal link graph, canonical tags, structured data, image alt text, and similar on-page elements
  • DataForSEO ranking and SERP data for the queries and domains you submit
  • Backlink data from our third-party backlink provider, for accounts on plans that include backlink analysis
  • Competitor URLs you add (up to three per workspace)

We rely on you to confirm at signup that you own the domains you submit or have written authorization from the owner. See section 11.

2.3 Derived and generated data

When the Service runs, it produces records that we store under your account:

  • Issue lists generated from analysis of your connected data
  • Recommendations produced by our scoring and prompting pipeline
  • Action records and outcomes capturing what you marked as done and what happened after
  • Composite scores and confidence scores for issues and recommendations
  • Embeddings (numeric vector representations) of pages, keywords, and issues
  • Memory records capturing context tied to your workspace
  • Logs sent to Sentry for error tracking. These include stack traces, request context, your user ID for correlation, and the URL path where the error occurred. We have configured Sentry to scrub known sensitive fields from request bodies.

2.4 Usage data

When you use the Service, our infrastructure records:

  • API and route hits, including endpoint paths, response codes, response times, and request volume per account
  • Login events, including the timestamp, user ID, and the IP address used at signup and at each login (used for fraud detection and one-time-password verification)
  • Feature usage events, including which dashboard tabs and actions you used. We use these to understand what is working in the product. We do not link this data to advertising profiles outside the Service.
  • Approximate location at signup and login, derived from the IP address. This is coarse geolocation (city or region level), not precise geolocation. We do not collect device GPS coordinates.

2.5 Marketing data

If you opt in to marketing communications, or if you respond to one of our emails, we collect:

  • Email open and click events from Dittofeed (our self-hosted marketing-orchestration tool) and Resend (our email-delivery vendor)
  • Unsubscribe state
  • UTM parameters from the inbound links you click. We use these to attribute signups and engagement to specific marketing campaigns.

2.6 What we do not collect

We do not collect:

  • Precise geolocation (no GPS or fine-grained device location)
  • Race or ethnic origin
  • Religious or philosophical beliefs
  • Trade-union membership
  • Genetic or biometric data
  • Health information
  • Information about sex life or sexual orientation
  • Government-issued identifiers (Social Security number, driver's license, passport number)
  • The contents of your private communications (we are not an email or messaging provider)
  • Information about minors under 13

If any of those categories would later be relevant to a product feature, we will update this Privacy Policy and provide notice before collecting them.

3. How we use it

We use the information described above for the following business and commercial purposes:

3.1 To deliver the Service

We process the site and SEO data you connect so we can crawl, score, analyze, and report on it. We store derived and generated data so you can see history, track progress, and have recommendations to act on. We use account data so we know who is logged in, who owns which workspace, and who has access to what.

3.2 To communicate with you about the Service

We send transactional emails: welcome and onboarding, billing receipts and notices, password reset, one-time-password verification, plan changes, security notices, sub-processor change notices, and material updates to this policy. These are not marketing emails and you cannot opt out of them while you have an active account.

If you opted in at signup or in account settings, we send drip sequences, product updates, and broadcast emails. Every marketing email contains an unsubscribe link. Unsubscribing from marketing does not affect transactional emails.

3.4 To improve the Service through aggregated learning

We use aggregated, anonymized patterns drawn from across the customer base to improve our recommendation logic and scoring. For example, we may compute that "in the tree-service vertical, fixing missing title tags moves the composite score by a certain average amount." No raw data, no client identifier, no URL, no business name, and no competitor list leaves your workspace boundary in this process. This activity is part of what you accept by using the Service under our Terms of Service, and is described in more detail in section 10 below.

3.5 To bill and collect

We use account data and billing data, in coordination with Stripe, to charge subscriptions, send invoices, manage failed payments, and handle plan changes.

3.6 To detect fraud, unusual activity, and protect the Service

We monitor account activity and API and usage traffic for unusual patterns so we can detect fraud and abuse, protect your data, and keep the Service running. This includes:

  • Login and authentication monitoring. We watch for login anomalies, credential-stuffing attempts, failed one-time-password bursts, logins from unexpected locations, and similar signals.
  • Traffic-pattern and rate monitoring. We watch API and route traffic for abnormal request volume, abnormal request timing, rate-limit abuse, automated scraping of the Service, and other patterns that depart from normal use of an account.
  • Payment and account-abuse monitoring. We watch for payment fraud, chargeback abuse, and attempts to evade plan limits or create multiple accounts to bypass restrictions.

For this purpose we use account data, login events, IP address, coarse location derived from IP, and the API, route, and request-volume logs described in section 2.4. When monitoring flags unusual activity, we may rate-limit, challenge, suspend, or lock an account, and we may notify you. We do not use this monitoring to build advertising profiles, and we do not sell or share the data it produces. We keep authentication and traffic logs for the periods in section 7.

3.7 To comply with law and protect rights

We may use Personal Information when we believe in good faith that doing so is necessary to comply with applicable law, a court order, or a lawful government request; to protect the rights, property, or safety of users, the public, or Rize Digital; or to investigate, prevent, or take action regarding illegal activity, suspected fraud, or violations of our Terms of Service.

3.8 What we do not do

  • We do not sell your Personal Information for monetary or other valuable consideration.
  • We do not share your Personal Information for cross-context behavioral advertising. We do not run ad pixels on the Service or sync our user list to advertising networks.
  • We do not use your data to train any third-party AI model. See section 10 for our AI-training stance.
  • We do not rent, trade, or barter your data to data brokers.

4. Sub-processors

We use a small set of named third-party services to operate the Service. Each Sub-processor in the table below is contractually bound by a Data Processing Agreement (DPA) or equivalent terms to process Personal Information only on our instruction, to protect it with appropriate technical and organizational measures, and to not use it for their own marketing purposes.

If we add or remove a Sub-processor, we will update this list. If a new Sub-processor materially expands the categories of Personal Information we process, we will give active accountholders at least thirty (30) days' email notice before activation.

Sub-processorPurposeCategories of data sharedLocationSub-processor terms
SupabasePrimary database, authentication, file storageAccount data, site and SEO data, derived data, usage logsUnited States[Supabase DPA URL: pending verification]
VercelWeb application hosting, edge runtimeRequest data, headers, logs, IP addressesUnited States[Vercel DPA URL: pending verification]
StripeSubscription billing and paymentsName, email, billing address, card token (last 4 only), Stripe customer IDUnited States[Stripe DPA URL: pending verification]
SentryError monitoring and crash reportingUser ID, error context, stack traces, request pathsUnited States[Sentry DPA URL: pending verification]
ResendTransactional and marketing email deliveryEmail addresses, message content, delivery and engagement eventsUnited States[Resend DPA URL: pending verification]
Dittofeed (self-hosted by Rize Digital)Marketing email orchestrationEmail addresses, engagement events, lifecycle stateSelf-hosted on our infrastructureInternal processing under this policy
AnthropicLLM inference for recommendation generationPrompts and outputs constructed from your site and SEO data; never raw account credentialsUnited States[Anthropic Commercial Terms / DPA URL: pending verification]
OpenRouterModel routing layer for selected embedding and LLM callsSame prompt and embedding payloads as the underlying modelUnited States[OpenRouter DPA / privacy URL: pending verification]
DataForSEOSearch-engine results and ranking dataDomain and keyword queries you submitUnited States[DataForSEO DPA URL: pending verification]
Screaming Frog (self-hosted runner)Website crawlerOutbound requests to sites you submit; resulting HTML and headers stored back in SupabaseSelf-hosted on our infrastructureInternal processing under this policy
Google APIs (Search Console, Analytics 4, Business Profile)User-connected analytics and listing dataOAuth tokens, returned analytics dataUnited StatesGoogle API Services User Data Policy applies; [Google policy URL: pending verification]
BrightLocal (when activated)Citation and local-SEO dataBusiness names, addresses, listing identifiersUnited States[BrightLocal DPA URL: pending verification; conditional on plan and feature flag]
Cloudflare (when activated)DNS, WAF, edge network protectionIP addresses, request metadataUnited States[Cloudflare DPA URL: pending verification; conditional on activation]

Self-hosted services (Dittofeed, the Screaming Frog runner) run on infrastructure we control. They are not third-party processors in the legal sense; they are listed here so you have a complete picture of where your data sits.

A public sub-processor list page mirrors this table and is updated whenever the list changes. This Privacy Policy and the public Sub-Processor Page publish together so the link resolves.

5. Your rights (US baseline)

You have the following rights with respect to Personal Information we hold about you. These rights apply to all US users. Additional rights for California residents are in section 6.

5.1 The rights

  • Right to access. You can request a copy of the Personal Information we hold about you.
  • Right to correction. You can ask us to correct inaccurate Personal Information.
  • Right to deletion. You can ask us to delete your account and the Personal Information associated with it, subject to limited exceptions (legal hold, tax records, completion of an open transaction, fraud detection, security investigation).
  • Right to export. You can download your data in a machine-readable format (JSON or CSV bundle). This includes your account profile, connected sites, crawl history, issues, recommendations, action records, outcomes, and memory records. It excludes other tenants' data, internal Sentry logs, and billing records (those live in the Stripe customer portal).

5.2 How to exercise these rights

The fastest path is the in-product dashboard:

  1. Sign in at the Service.
  2. Go to Account → Settings → Privacy.
  3. Use the Download my data, Correct my data, or Delete my account controls.

You can also email privacy@rizedigital.io with your request. Please include the email address associated with your account and a description of what you want us to do. We may ask follow-up questions to verify your identity (see section 6.7).

5.3 Response timing

We respond to verifiable requests within forty-five (45) days of receipt. If your request is complex or we have received a high volume of requests, we may extend that period by an additional forty-five (45) days. If we do, we will tell you within the first forty-five (45) days that we are extending and why. We apply the 45-day CCPA window to all US users.

5.4 No retaliation

We do not deny service, charge different prices, or provide a different quality of service because you exercised a privacy right.

6. California-specific rights (CCPA / CPRA)

This section applies to you if you are a California resident, as defined under California law. It describes additional disclosures and rights provided by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (together, the "CCPA").

6.1 Categories of Personal Information collected, mapped to CCPA categories

For the twelve (12) months preceding the effective date of this policy, we have collected the following categories of Personal Information, mapped to the categories defined in California Civil Code § 1798.140:

CCPA categoryExamples we collectSourcesBusiness or commercial purposeDisclosed to (Sub-processor categories)
A. IdentifiersReal name, email address, business name, account ID, IP address, Stripe customer ID, Google OAuth user identifierDirectly from you at signup; from your browser at login; from Google when you connect a propertyAccount creation and authentication; communication; billing; fraud and unusual-activity preventionHosting and infrastructure (Supabase, Vercel, Cloudflare); billing (Stripe); email delivery (Resend); error monitoring (Sentry); connected analytics providers (Google)
B. Personal information in Cal. Civ. Code § 1798.80(e)Name, billing address, business contact informationDirectly from you at signup and billingAccount management; billingBilling (Stripe); hosting (Supabase)
C. Characteristics of protected classificationsWe do not collect this categoryn/an/an/a
D. Commercial informationSubscription plan, transaction history, billing records, plan-change historyGenerated when you transact with usAccount management; billing; analytics on the Service businessBilling (Stripe); hosting (Supabase)
E. Biometric informationWe do not collect this categoryn/an/an/a
F. Internet or other electronic network activity informationLogin timestamps, IP at login, feature-usage events, API and route hit logs, request-volume logs, email open and click eventsAutomatically from your browser and our server logs; from Resend and Dittofeed when you engage with emailsService delivery; security and unusual-activity detection; product improvement; marketing analyticsHosting (Supabase, Vercel); error monitoring (Sentry); email (Resend, Dittofeed)
G. Geolocation dataApproximate location (city or region) derived from IP address at signup and login. We do not collect precise geolocation.Automatically from your IP addressFraud and unusual-activity prevention; sign-up region eligibility (US-only enforcement)Hosting (Supabase, Vercel); WAF (Cloudflare, when activated)
H. Sensory dataWe do not collect this categoryn/an/an/a
I. Professional or employment-related informationRole (operator or agency), business name, agency client list within your workspaceDirectly from youTailored product experience; agency-tier featuresHosting (Supabase)
J. Non-public education informationWe do not collect this categoryn/an/an/a
K. InferencesIssue lists, recommendations, composite and confidence scores, memory records derived from analyzing your connected site and SEO dataGenerated by the Service from data you connectService delivery (the inferences are the product output you pay for)Hosting (Supabase); LLM inference for generation step (Anthropic, OpenRouter)
L. Sensitive Personal InformationWe do not collect Sensitive Personal Information as defined in Cal. Civ. Code § 1798.140(ae). See section 6.3 below.n/an/an/a

The "Disclosed to" column lists categories of Sub-processors. The named Sub-processors in each category are listed in section 4.

6.2 Sale or sharing of Personal Information

We do not sell Personal Information for monetary or other valuable consideration as those terms are defined in the CCPA.

We do not share Personal Information for cross-context behavioral advertising as that term is defined in the CCPA.

This has been true for the twelve (12) months preceding the effective date of this policy and remains our practice going forward. If this ever changes, we will update this policy and provide notice before any sale or sharing begins, and we will provide a working opt-out mechanism.

Because we do not sell or share Personal Information, we do not direct the linked sale or sharing of the Personal Information of consumers under sixteen (16) years of age.

6.3 Sensitive Personal Information

CCPA defines "Sensitive Personal Information" to include precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, the contents of mail, email, and text messages unless we are the intended recipient, genetic data, biometric information processed for unique identification, personal information collected and analyzed concerning health, sex life or sexual orientation, and certain government-issued identifiers (Social Security number, driver's license number, state ID card number, passport number, financial-account log-in credentials, and similar).

We do not collect Sensitive Personal Information. Because we do not collect it, we do not use or disclose it for any purpose, and the right to limit use and disclosure of Sensitive Personal Information does not apply. We do not provide a "Limit the Use of My Sensitive Personal Information" link because we do not have any Sensitive Personal Information to limit.

If our practices ever change, this section will be updated and the corresponding link, request flow, and operational handling will be added.

6.4 Categories of third parties we disclose to

We disclose Personal Information to the following categories of third parties for business purposes:

  • Hosting and infrastructure providers (Supabase, Vercel, Cloudflare when activated)
  • Payment processors (Stripe)
  • Email delivery providers (Resend)
  • Error monitoring providers (Sentry)
  • AI inference providers (Anthropic, OpenRouter)
  • Search-data providers (DataForSEO)
  • Citation and local-SEO data providers (BrightLocal when activated)
  • Analytics providers connected by you (Google for Search Console, Analytics 4, Business Profile)
  • Government authorities and other parties when we believe in good faith that disclosure is necessary to comply with law or to protect rights, property, or safety

The named Sub-processors in each category are listed in section 4.

6.5 California consumer rights

As a California resident, you have the following rights:

6.5.1 Right to know

You may request that we disclose:

  • The categories of Personal Information we collected about you
  • The categories of sources from which the Personal Information was collected
  • The business or commercial purposes for collecting it
  • The categories of third parties with whom we shared it
  • The specific pieces of Personal Information we collected about you

You may make a request to know up to twice in any twelve (12)-month period.

6.5.2 Right to delete

You may request that we delete Personal Information we collected from you, subject to the exceptions in the CCPA (for example, to complete a transaction you initiated, to comply with legal obligations, to detect security incidents, to maintain billing records required by tax law).

6.5.3 Right to correct

You may request that we correct inaccurate Personal Information we hold about you.

6.5.4 Right to opt out of sale or sharing

We do not sell or share Personal Information. There is no active sale or sharing for you to opt out of. We honor Global Privacy Control browser signals as described in section 6.8. A "Do Not Sell or Share My Personal Information" link and a "Your California Privacy Rights" link appear in our footer and resolve to this section.

6.5.5 Right to limit use of Sensitive Personal Information

We do not collect Sensitive Personal Information, so this right does not currently apply to us. See section 6.3.

6.5.6 Right to non-discrimination

We will not deny you the Service, charge you a different price, or provide a different level or quality of service because you exercised any of the rights above.

6.6 How to exercise your California rights

You can exercise any of these rights through the same channels described in section 5.2:

We will confirm receipt of your request within ten (10) business days and respond substantively within forty-five (45) days. If we need more time we will extend by up to another forty-five (45) days and tell you why within the first window.

6.7 How we verify your identity

Requests to know, delete, or correct must be verified. The standard CCPA framework is "commercially reasonable" verification matched to the sensitivity of the information requested.

  • Signed-in dashboard requests. If you are signed in to your SEO Genius account and make a request from the dashboard, we treat the authenticated session as verification. We may still require you to re-enter your password or complete a one-time-password check before fulfilling a deletion request.
  • Email-based requests. If you email privacy@rizedigital.io from an address that matches an account on file, we will send a confirmation link to that email and ask you to confirm specific account details (such as the business name on file, the date of account creation, or the last four digits of the most recent invoice). For deletion requests we require this two-step confirmation.
  • Requests where we cannot verify identity. If we cannot verify your identity with commercially reasonable confidence, we may deny the request and will tell you why. You can re-submit with additional information.

We will never ask you to send a copy of a government ID. If a request requires a higher level of verification than our standard process can support, we will explain why and propose alternatives.

6.8 Global Privacy Control

We honor the Global Privacy Control ("GPC") browser signal as a valid request to opt out of any sale or sharing of Personal Information, as required by California regulations effective January 1, 2026. We do not sell or share Personal Information regardless of GPC. When we detect a GPC signal from your browser on a public page, we visibly indicate that the opt-out preference has been processed.

6.9 Authorized agents

You may use an authorized agent to make a CCPA request on your behalf. To do so, the agent must:

  1. Provide us with signed written permission from you authorizing them to make the request, OR provide a valid power of attorney under California Probate Code §§ 4000-4465.
  2. Provide proof of their own identity.
  3. Allow us to confirm with you, directly, that you authorized the request and intend the action.

Send authorized-agent requests to privacy@rizedigital.io.

6.10 Notice at Collection

This is the Notice at Collection required by the CCPA. A short version of this notice is also displayed inline on our signup and audit-submission flows and in our footer.

Notice at Collection. When you visit our website, sign up for an account, or use SEO Genius, we collect: identifiers, commercial information, internet activity information, coarse geolocation, professional information, and inferences derived from analysis of the data you connect (CCPA categories A, B, D, F, G, I, and K from section 6.1). We do not collect Sensitive Personal Information. We use this information to provide the Service, to communicate with you about it, to bill you, to detect fraud and unusual activity, and to improve the Service through aggregated learning. We retain it for the periods described in section 7. We do not sell or share Personal Information. You have rights under California law, described in section 6.5, including the right to know, correct, and delete. To exercise these rights, sign in and visit Account → Settings → Privacy, or email privacy@rizedigital.io. We respond within forty-five (45) days.

7. Data retention

We keep different categories of data for different periods of time based on how we use them, what we are required to keep by law, and our security needs. The table below shows our standard retention periods.

CategoryStandard retention periodNotes
Account profileLifetime of the account, then deleted within thirty (30) days of an account deletion requestBilling records excluded, see below
Site and SEO data you connectedLifetime of the account, then deleted within thirty (30) days of an account deletion requestYou can also delete specific connected properties at any time from the dashboard
Raw crawl artifacts (HTML, headers, raw crawl output)Ninety (90) days during beta, then aggregated and the raw artifact is dropped
Derived data (issues, recommendations, scores, action records, outcomes)Lifetime of the account, then deleted within thirty (30) days of account deletionYou can delete specific records on demand
Memory recordsLifetime of the account, then deleted within thirty (30) days of an account deletion requestDeleted on request at any time
EmbeddingsSame as the underlying source recordRe-derived if the source is updated
Authentication and unusual-activity logs (login attempts, IP at signup and login, traffic-pattern flags)One (1) yearRequired for fraud, unusual-activity, and security investigation
Sentry error logsThirty (30) daysAuto-purged at the Sentry tier we use
Marketing email engagement events (opens, clicks)Two (2) years after the last engagementThen aggregated, individual event records deleted
Unsubscribe stateIndefiniteRequired to honor your opt-out across time
Billing records (invoices, transaction history)Seven (7) yearsUS tax-record retention requirement; anonymized after account deletion to the extent legally possible
BackupsUp to thirty (30) days for daily backups; quarterly snapshots up to one (1) yearBackups are encrypted at rest. Deletion requests honored at next backup cycle.
Sub-processor change notice recordsThree (3) yearsDemonstrates compliance with notice obligations

After the retention period expires, we either delete the data or anonymize it so it can no longer be linked to you. Anonymized aggregate data may be kept longer (see section 10 on the aggregated learning loop).

If we are required by law to keep data beyond the period in this table (for example, a litigation hold), we will keep only what is necessary to satisfy that obligation.

8. Security

We build the Service with the following technical and organizational measures.

8.1 In transit

All traffic to and from the Service is encrypted with TLS 1.2 or higher. We do not accept connections that try to negotiate older protocols.

8.2 At rest

User data sits primarily in Supabase, which encrypts data at rest. Backups are encrypted. Object storage (file uploads, crawl artifacts) is encrypted with provider-managed keys.

8.3 Tenant isolation

Every record tied to a user or workspace carries a client_id. We enforce Supabase Row-Level Security policies on tables that hold tenant data. Client-side reads are scoped by Better Auth JWT claims. Vector and search RPCs require a tenant identifier as a parameter. The result is that one customer cannot read another customer's data through the Service.

8.4 Service-role keys

Backend service-role keys (which bypass row-level security so we can run platform-wide jobs) are restricted to a narrow set of administrative and pipeline contexts. They are not used in the user-facing application. They are rotated on a schedule and on any suspected compromise.

8.5 Authentication

We support email and one-time-password sign-in. Two-factor authentication is available on all accounts and recommended. Passwords are hashed using a modern algorithm with a per-user salt. We rate-limit login and OTP attempts.

8.6 Cross-repo callbacks

Server-to-server callbacks between our internal services are signed with HMAC verification, so an unauthenticated request cannot trigger a sensitive action.

8.7 Monitoring

We use Sentry to monitor for application errors, auth failures, crawl failures, and HMAC verification failures, and we monitor account and API traffic for the unusual-activity signals described in section 3.6. Alerts route to the on-call engineer.

8.8 What no system can guarantee

No system is perfectly secure. We do not promise that the Service will be free of breaches or intrusions. If we learn of a breach affecting your Personal Information, we will notify you per section 9.1.

9. Incident response and breach notification

9.1 Notification

If we discover a breach of security that resulted in the unauthorized acquisition of unencrypted Personal Information of California residents, we will notify affected users without unreasonable delay and, where the breach triggers California Civil Code § 1798.82, within thirty (30) days of discovery. We will also notify the California Attorney General within fifteen (15) calendar days of notifying affected residents if the breach affects more than five hundred (500) California residents, as required by law.

For users outside California, we follow the breach-notification timelines required by the state of the affected user's residence.

9.2 What we will tell you

Notices will describe (to the extent we know): what happened, what categories of Personal Information were involved, what we are doing to investigate and contain it, what we recommend you do, and how to reach us with questions.

9.3 Internal process

Our internal incident-response process is: detect, triage severity, contain, eradicate, recover, notify, and document. The Incident Response Plan is maintained in a separate internal document.

10. AI and machine-learning data practices

10.1 Third-party LLM providers

We use Anthropic for large-language-model inference and OpenRouter as a routing layer for selected embedding and inference calls. When the Service calls one of these providers, the inputs and outputs of that call may include text extracted from the site and SEO data you have connected.

Anthropic. Anthropic's Commercial Terms, which govern our use of the Claude API, state that Anthropic does not train its models on customer inputs or outputs submitted through the API. [Counsel to confirm the live Commercial Terms language and our specific contract status, including whether we have or will sign a Zero Data Retention agreement. We do not assert a Zero Data Retention agreement is in place unless and until one is signed.]

OpenRouter. OpenRouter routes calls to underlying providers. The retention and training posture depends on the routed provider and the OpenRouter configuration flags we set. [OpenRouter privacy and routing policy: pending verification.]

10.2 Our own learning loop

We use aggregated, anonymized patterns derived from across the customer base to improve our scoring and recommendation logic. It is governed by the following hard rules, which are also written into the architecture:

  1. No raw client URL leaves the tenant boundary.
  2. No business name leaves the tenant boundary.
  3. No competitor list leaves the tenant boundary.
  4. No raw prompt or LLM output leaves the tenant boundary.
  5. Only aggregate scoring deltas, action types, vertical (industry) labels, and outcome ranges contribute to the cross-tenant learning set.

Because the learning loop operates on aggregated and anonymized data and because the resulting model improvements benefit all customers, participation in the learning loop is part of accepting our Terms of Service. There is no separate opt-in or opt-out. If this design conflicts with your data-handling requirements, the Service may not be the right fit.

10.3 Inputs we never send to a third-party model

  • Account passwords, OTP codes, and recovery codes
  • Billing data
  • IP addresses
  • Authentication logs

10.4 Why we structure it this way

The Service exists to use machine learning to find SEO issues and propose fixes. The product is the inference. We have structured it so that the inference happens against your data on your behalf, the third-party models see only what they need to see to produce the output, and the only data that ever crosses a tenant boundary internally is data that has been stripped of identity.

11. Web data we pull on behalf of users

The Service crawls websites and queries search engines on your instruction. This section explains how that works and what your obligations are.

11.1 Crawling sites you connect

When you add a website to your workspace and request analysis, our self-hosted crawler (built on Screaming Frog) fetches public pages of that site, parses them, and stores the results for analysis.

You agree, by adding a domain to your workspace, that you are the owner of the domain or you have written authorization from the owner to authorize automated access for the purpose of SEO analysis. This is the attestation described in our Terms of Service. We may also require technical domain verification (DNS TXT record or a verification file uploaded to the site root) before initial crawl.

Our crawler:

  • Identifies itself with a SEOGeniusBot User-Agent string and a contact URL
  • Fetches and honors /robots.txt, including Disallow directives and Crawl-Delay
  • Defaults to no more than one (1) request per second per host when no Crawl-Delay is specified
  • Honors Retry-After headers and HTTP 429 / 503 responses with exponential backoff
  • Crawls only on direct user request. It does not crawl speculatively, and it does not crawl for AI-model training purposes.

11.2 Competitor URL analysis

You can add up to three (3) competitor URLs per workspace. We do not crawl those competitor sites. We run public SERP queries about them through our SERP-data provider and report the results back to you. We do not access any private system belonging to a competitor.

11.3 Google Business Profile

During the current beta, we do not scrape Google Business Profile listing pages. If you want GBP data in your workspace and you have not connected the Google Business Profile API, the Service asks you to paste the relevant fields yourself from your own listing. We may revisit this approach after the beta and, if we do, we will update this policy and obtain a counsel sign-off before resuming any automated collection of GBP listing pages.

11.4 Search-engine queries

We use DataForSEO to obtain ranking and SERP data on your behalf. The queries we send (your tracked keywords, your domains, your competitor domains) are processed by DataForSEO under the Sub-processor terms in section 4.

12. EU and UK exclusion

The Service is currently available only to residents of the United States. We block account creation by people identifying as residents of the European Union or the United Kingdom at signup. We do not market the Service in the EU or the UK.

We are not currently compliant with the General Data Protection Regulation (GDPR), the UK GDPR, or related instruments. If we expand into those regions, we will update this policy, provide the additional disclosures required by those regulations, and put the required contractual and technical safeguards in place before activating accounts in those regions.

If you reach the Service from an IP address in the EU or UK, you may see a "not yet available in your region" screen instead of the signup form. If you previously created an account from the US and travel to the EU or UK, your account continues to function, but our data-protection commitments to you remain the US commitments described in this policy.

13. Cookies and tracking

13.1 What we set

The Service sets a small number of strictly-necessary cookies and local-storage values:

  • Authentication session cookie (set by Better Auth) - required to keep you signed in.
  • CSRF token - required to protect against cross-site request forgery.
  • Preference values (theme, dashboard layout state) - used to remember your in-product preferences.

These are all first-party. They are required for the Service to function. We do not request consent for them because consent for strictly-necessary cookies is not required under US law.

13.2 What we do not set

  • No third-party advertising cookies
  • No retargeting pixels (no Meta Pixel, no LinkedIn Insight Tag, no Google Ads conversion pixel on the Service itself)
  • No cross-site tracking

If we ever add third-party analytics or advertising tools to the Service, we will update this section, present a clear notice, and where required offer a working consent control before activating them.

13.3 Browser controls

You can block or delete cookies in your browser settings. If you block our strictly-necessary cookies, the Service will not work for you, because we cannot keep you signed in.

13.4 Cookies page

A separate Cookies page lists every cookie and local-storage value we set, with purpose and duration. That page is referenced from our footer and publishes alongside this policy so the link resolves.

14. Children

The Service is a business tool. It is not directed at children under thirteen (13), and we do not knowingly collect Personal Information from children under thirteen (13). If you are a parent or guardian and you believe your child has provided Personal Information to us, please email privacy@rizedigital.io and we will delete the information and the account.

15. Changes to this policy

We may update this policy from time to time. When we do, we will change the "Last updated" date at the top.

  • For material changes (new categories of data, new categories of Sub-processors, changes to the rights or remedies you have, anything that meaningfully alters how we treat your Personal Information), we will email active accountholders at least thirty (30) days before the change takes effect and will display an in-product banner during that window.
  • For non-material changes (clarifications, corrections, formatting), we will update the policy and the "Last updated" date and display an in-product banner.

If you do not agree with a material change, you can delete your account before it takes effect.

We maintain previous versions of this policy on request. Email privacy@rizedigital.io if you want a copy of an older version.

16. Contact

For privacy questions, requests, or complaints, contact:

Email: privacy@rizedigital.io Mail: [LEGAL MAILING ADDRESS: pending] Response window: confirmation within ten (10) business days; substantive response within forty-five (45) days, with a possible one-time forty-five (45)-day extension as described in section 5.3.

If you are not satisfied with our response, you may contact the California Privacy Protection Agency or the California Attorney General. For users in other states, you may contact your state Attorney General.

17. Defined terms (quick reference)

  • CCPA - California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020.
  • DPA - Data Processing Agreement.
  • GPC - Global Privacy Control browser signal.
  • OAuth - the authorization standard used when you connect Google products to the Service.
  • Personal Information - defined in section 1.2.
  • Service - defined in section 1.2.
  • Sensitive Personal Information - defined in section 6.3.
  • Sub-processor - defined in section 1.2.
  • User - defined in section 1.2.

END OF v1 INTERIM. Adopted for beta per N18. Counsel ratification deferred to post-scale.