SEOrganiq logo

Legal documents

Privacy Policy

Effective from: May 8, 2026

This policy describes what personal data SEOrganiq processes, for what purpose, how long we keep it, and your rights as a data subject under EU Regulation 2016/679 (GDPR) and Slovak Act No. 18/2018 Coll.

1. Controller

The controller within the meaning of Art. 4(7) GDPR is:

  • Company name: WebiSfer s. r. o.
  • Registered office: Talinská 2388/9, 040 12 Košice – mestská časť Nad jazerom, Slovak Republic
  • Company ID (IČO): 57475687
  • Privacy contact: privacy@seorganiq.com

2. What data we process

a) Registration and account use

  • email address, first and last name (if provided),
  • password (stored as a security hash only, never in clear text),
  • data about websites you connect to the Service (URL, domain),
  • content you generate (articles, topics, keywords).

b) Billing data

  • billing address, company ID, VAT ID (for businesses),
  • order data (amount, date, invoice).

SEOrganiq does not store payment-card details. They are processed solely by Stripe under PCI-DSS.

c) Technical data

  • IP address, browser, OS, language,
  • access logs and error reports (security and diagnostics),
  • cookies and similar — see our Cookies policy.

3. Purpose and legal basis

PurposeLegal basis (GDPR)
Providing the Service (account, content generation)Art. 6(1)(b) — performance of a contract
Billing and accountingArt. 6(1)(c) — legal obligation (Slovak Accounting Act 431/2002)
Security, fraud and abuse preventionArt. 6(1)(f) — legitimate interest
Product improvement, anonymized analyticsArt. 6(1)(f) — legitimate interest
Marketing emailsArt. 6(1)(a) — consent (revocable any time)
Cookies (analytics, marketing)Art. 6(1)(a) — consent via cookie banner

4. Recipients (third parties)

We may share your data with these processors only to the extent necessary:

  • Stripe Payments Europe, Ltd. (Ireland) — payments and invoicing.
  • Supabase, Inc. (US, EU regions) — database hosting and authentication.
  • OpenAI Ireland Ltd. and Anthropic PBC — AI text generation; prompts are sent via API and per their terms not used to train models.
  • Resend, Inc. — transactional email (confirmations, invoices).
  • Google Ireland Ltd. — Google Analytics and PageSpeed Insights (only with your analytics-cookie consent).
  • Accountant / tax advisor — only billing data, under a processing agreement.

For transfers outside the EU/EEA we rely on EU Standard Contractual Clauses or adequacy decisions (Data Privacy Framework for the US).

5. Retention

  • Account data — for the duration of the contract and 12 months after termination (or until deletion request, whichever comes first).
  • Invoices and accounting records — 10 years (statutory under § 35 of Slovak Act 431/2002).
  • Security logs — 90 days.
  • Marketing consent — until revoked.
  • Generated content (articles) — while the account exists; deleted within 30 days after account closure (you can export at any time).

6. Your rights

As a data subject, you have under GDPR the right to:

  • access your data (Art. 15),
  • rectification of inaccurate data (Art. 16),
  • erasure (“right to be forgotten”, Art. 17),
  • restriction of processing (Art. 18),
  • data portability (Art. 20) — exported as JSON/CSV,
  • object to processing based on legitimate interest (Art. 21),
  • withdraw consent at any time without affecting prior processing,
  • lodge a complaint with the Slovak Data Protection Authority — Hraničná 12, 820 07 Bratislava, dataprotection.gov.sk.

Submit your request by email to privacy@seorganiq.com. We respond promptly, no later than 30 days.

7. Security

We protect your data with reasonable technical and organizational measures:

  • encrypted transport over HTTPS (TLS 1.2+),
  • at-rest database encryption (AES-256) at the hosting layer,
  • password hashing (bcrypt/argon2),
  • role separation, two-factor authentication for admins,
  • regular backups and security event monitoring.

8. Automated decision-making and profiling

The Service does not use automated decision-making with legal effects on the Customer within the meaning of Art. 22 GDPR. AI text generation is a tool used by the Customer, not automated decision-making about them.

9. AI and generated content

Texts, images and other outputs are produced via third-party language models (OpenAI, Anthropic, Google). The following applies:

  • Your prompts and content sent to AI models are not used for training — we have agreements with all providers that explicitly exclude training on customer data.
  • We use technical safeguards (separate projects, encryption, retention 0) to prevent leakage between accounts.
  • AI may produce factually incorrect output. Always review before publishing — see Terms, section 6.

10. Protection of minors

The Service is intended exclusively for persons over 16. We do not knowingly collect personal data of children under 16. If we learn we have processed data of a person under the age limit without parental consent, we will delete it without delay. Parents/guardians who believe their child has provided personal data should contact privacy@seorganiq.com.

11. Changes to this policy

We may update this policy. Material changes will be announced by email and the updated effective date will appear at the top.