Privacy Policy
Last updated: 27 May 2026 · GDPR + India DPDP Act compliant
1. Who we are
SEOSparrows is operated by AISparrows Technologies, Mumbai, India. Contact: privacy@aisparrows.com.
2. What data we collect
- Account data: email, hashed password, display name, business address (optional), GSTIN (optional)
- Plugin/site data: WordPress site URL, plugin version, detected SEO plugins, brand voice notes you provide
- Usage data: audit runs, fixes applied, content generated, credit consumption — for billing and product analytics
- Payment data: processed by PhonePe and PayPal (we do NOT store card or UPI details ourselves)
- Webpage content: only the specific page content needed for an AI fix is sent to our AI provider — processed once, deleted immediately, not used to train models
3. How we use it
To deliver the SEOSparrows service: process payments, run audits, generate fixes, send transactional emails, provide support. We do NOT sell your data. We do NOT use your data for advertising.
4. Third-party processors
- AI providers: Anthropic Claude, OpenAI, Google Gemini — page content sent for fix generation. They do not retain prompts or train on our data per their API agreements.
- SendLayer: transactional emails (invoices, notifications)
- PhonePe + PayPal: payment processing
- Hostinger: server hosting (VPS in Manchester, UK)
- Let's Encrypt: SSL certificates
5. Data retention
Account data: kept until you delete your account, then 30 days for backup retention. Page content sent to AI: not stored — processed once and discarded. Payment records: retained 8 years for Indian tax compliance.
6. Your rights
You can:
- Access your data — request a full export via support@aisparrows.com
- Correct your account details from the dashboard
- Delete your account — permanent, irreversible, processed within 30 days
- Opt out of marketing emails (one-click in any email; transactional emails cannot be opted out of while subscribed)
- Restrict processing, lodge complaints with data protection authorities
7. Security
Passwords are hashed (SHA-256 + salt). API keys are random 256-bit tokens. All traffic is HTTPS (TLS 1.2+). We follow industry-standard practices but no system is 100% secure. We notify users within 72 hours of any breach affecting their data.
8. Cookies
We use one localStorage entry to remember your sign-in API key — no third-party tracking cookies, no analytics cookies, no advertising cookies.
9. Children
SEOSparrows is not directed at children under 18. We don't knowingly collect data from minors.
10. Changes
We'll notify you of material changes by email. The "Last updated" date above always reflects the current version.
11. Contact
Data Protection Officer: privacy@aisparrows.com
AISparrows Technologies · Mumbai, India