Legal

Privacy Policy

Last updated: November 15, 2026

This Privacy Policy explains how Optymia AI("Optymia", "we", "us") collects, uses, stores, and shares information when you use our website, dashboard, APIs, and related services (the "Service"). By using the Service you agree to this policy.

1. Information We Collect

  • Account data: name, email, hashed password, workspace / business names, plan tier.
  • Business data you submit: website URLs, sitemaps, brand names, competitor lists, prompts, and any content pasted into the app for analysis.
  • Analysis outputs: scores (ASTRA, GEO, AEO, SEO), citation records, audit reports, run history.
  • Billing data: handled by our payment processor (Lemon Squeezy / Stripe). We store only masked identifiers, plan status, and invoice metadata — never full card numbers.
  • Usage & device: IP address, browser, OS, timestamps, and page interactions used for analytics, abuse prevention, and quota enforcement.
  • Cookies: essential auth cookies and, if you consent, product analytics cookies.

2. How We Use Your Information

  • Provide, operate, and improve the Service (audits, scoring, recommendations, agent runs).
  • Authenticate you, secure your account, and enforce plan limits.
  • Send transactional messages (billing, security, support replies) and, only with consent, product updates.
  • Detect abuse, fraud, and violations of our Terms.
  • Comply with legal obligations (tax, financial reporting, lawful requests).

3. AI Processing & Third-Party Engines

To score how your brand is represented across generative engines, we send queries to third-party LLM providers including OpenAI, Google (Gemini), Perplexity, Anthropic, and providers routed through OpenRouter. Prompts may contain your brand name, competitor names, and public URLs — never passwords, billing data, or personal identifiers of your customers unless you explicitly submit them.

We do not use your proprietary business data to train our own models.Third-party providers operate under their own privacy and retention policies. Where offered, we opt out of model-training on paid provider tiers.

4. How We Share Information

We share limited data only with:

  • Sub-processors: Supabase (database & auth), Vercel (hosting), Resend (transactional email), Lemon Squeezy / Stripe (payments), and the LLM providers listed above.
  • Legal & safety: when required by law, subpoena, or to protect users and the Service.
  • Business transfers: in a merger, acquisition, or asset sale, with notice to you.

We do not sell your personal information.

5. Data Retention

  • Account data is retained while your account is active and for up to 90 days after deletion for backup and audit purposes.
  • Scan and audit history is retained per your plan (Starter: 30 days, Pro: 12 months, Agency & higher: unlimited unless deleted).
  • Billing records are kept as required by applicable tax law (typically 7 years).

6. Security

We use TLS encryption in transit, encrypted storage at rest, row-level security on every database table, hashed passwords, signed webhooks, and least-privilege service roles. No system is 100% secure — please use a strong unique password and enable multi-factor authentication.

7. Your Rights (GDPR, UK-GDPR, CCPA, and equivalents)

You can request to:

  • Access, correct, export (in JSON), or delete your personal data.
  • Withdraw consent for optional processing (analytics, marketing).
  • Object to processing or restrict it.
  • Lodge a complaint with your local data protection authority.

Email ceo@optymia.xyz from the address on your account. We respond within 30 days.

8. International Transfers

Optymia is a remote-first team serving customers globally. Data may be processed in the US, EU, and UK by our sub-processors. Transfers rely on Standard Contractual Clauses or equivalent safeguards.

9. Children

The Service is not directed to children under 16. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to This Policy

We will post any changes here and update the "Last updated" date. Material changes will be emailed to active accounts.

11. Contact

Data controller: Optymia AI · Contact: ceo@optymia.xyz
See also: Terms of Service · Refund Policy · Contact form.