Privacy Policy

Company Identification

1. Introduction

SiRo Software ("we", "our", "us") operates seosiah.com (the "Service"). We respect your privacy and protect your personal data in line with the General Data Protection Regulation (GDPR) and applicable laws in the Netherlands and the European Union.

This Privacy Policy explains what we collect, how we use it, how we share it, and your choices. By using the Service, you agree to this Policy.

2. Data Controller

The data controller responsible for your personal data is SiRo Software.

3. Information We Collect

3.1 Information You Provide

• Account: Name, email, password stored with hashing.
• Payments: Processed by our payment processor. We do not store full card details.
• Website and SEO Inputs: Website URLs, company descriptions, industry, target audience, topics, keywords, competitor URLs, and other content you enter for SEO and content generation.
• Content Data: Generated posts, mindmaps, preferences.
• Referral: Referral codes and relationships.
• Support: Messages you send to us.

3.2 Automatically Collected

• Basic Technical Data: IP address, browser type, OS, pages requested. Used only to provide and secure the Service.
• Authentication: Session identifiers or tokens to keep you signed in. No advertising or analytics tracking.
• Billing Records: Credit purchases and usage for billing and delivery.

3.3 Third-Party AI and Infrastructure

To provide AI features we transmit your inputs such as website details, topics, and keywords to external artificial intelligence and data-processing platforms. These platforms analyze your inputs and return content or optimization insights.

We select reputable providers that meet strong security and data protection standards. We do not share your account credentials or payment data with these providers.

4. Legal Basis for Processing

• Contract: To provide the Service, process payments, and deliver generated content.
• Legitimate Interests: To maintain and improve the Service, ensure security, and prevent abuse.
• Legal Obligations: To meet tax, accounting, and regulatory requirements.

5. How We Use Your Information

• Create and manage your account.
• Process payments and manage credits.
• Generate SEO content, mindmaps, and suggestions based on your inputs.
• Send service messages such as confirmations and security alerts.
• Provide support and handle requests.
• Prevent fraud and security incidents.
• Comply with legal obligations and enforce our Terms.

6. Data Sharing and Service Providers

6.1 Service Providers

• AI Processing Partners: Analyze your inputs and return outputs.
• Payment Processor: Secure payment processing for credit purchases.
• Cloud Hosting: Application and database hosting.
• Email Delivery: Verification, notifications, support.

Providers are bound by contract to process data only on our instructions and in compliance with law.

6.2 International Transfers

If data is transferred outside the EEA, we use safeguards such as Standard Contractual Clauses approved by the European Commission or participation in recognized data protection frameworks.

6.3 Legal Requirements

We may disclose information if required by law, court order, or to protect rights, property, or safety.

6.4 No Sale of Personal Data

We do not sell, rent, or trade your personal data.

7. Data Retention

• Account Data: While the account is active and up to 90 days after deletion unless law requires longer.
• Transactions: 7 years for tax and accounting.
• Generated Content: While the account is active, then deleted within 90 days of closure.
• Security Logs: Kept for short periods needed for security and abuse prevention.

8. Your Rights Under GDPR

• Access your data.
• Rectify inaccurate data.
• Erase your data subject to legal limits.
• Restrict certain processing.
• Port your data in a machine-readable format.
• Object to processing based on legitimate interests.
• Withdraw consent where processing is based on consent.

To exercise your rights, contact privacy@seosiah.com. We respond within 30 days. We may verify your identity via email or additional checks before fulfilling requests.

9. Data Portability and Deletion

You can request a machine-readable export of your data and request account deletion. Deletion requests start a 90 day grace period to complete billing, fraud checks, and legal retention. After the grace period, remaining personal data will be deleted or anonymized unless a longer retention is legally required.

10. Data Security

• Password hashing with bcrypt.
• HTTPS for data in transit.
• Session tokens with secure storage.
• Role based access controls.
• Hardened database configurations.
• Payment data handled by PCI DSS compliant processors.

No method of transmission or storage is perfectly secure. We cannot promise absolute security.

11. Cookies and Tracking

We do not use cookies, analytics pixels, or other tracking technologies on public pages. If this changes, we will ask for consent and update this Policy.

12. Children’s Privacy

The Service is not intended for individuals under 16. If you believe a child provided data to us, contact us and we will delete it.

13. Changes to This Policy

We may update this Policy to reflect changes in practices or legal requirements. We will post the new version here with an updated date. For material changes, we may provide additional notice.

14. Data Protection Officer