Privacy Policy

This Privacy Policy explains how IvaBot ("we", "our", "us") collects, uses, stores, and protects personal data when you use our website, application, or related services.

By accessing or using IvaBot, you agree to the practices described in this Privacy Policy.

1. Data We Collect

We collect the following categories of data when you interact with our service:

1.1. Account & Authentication Data

Provided by you during registration or through third-party authentication (e.g., Google OAuth):

• Name
• Email address
• Country
• Login credentials (encrypted)
• Account plan and credit balance

1.2. Payment Data

Processed securely by our payment partner (Stripe):

• Cardholder name
• Billing address
• Country
• Last 4 digits of the card

We never see or store full card numbers. All payment data is handled by Stripe.

1.3. Usage & Interaction Data

• Pages you audit or analyze
• Inputs you provide within the application
• Number of sessions used per instrument
• Usage tracking for quota management
• Logs required for troubleshooting and service monitoring

1.4. Generated Content

• SEO audit reports
• Content drafts and AI-generated text
• Keyword analysis and coverage reports
• PDF exports

All generated content belongs to you.

1.5. Automatic Technical Data

• Cookies
• IP address
• Browser and device type
• Timezone
• Analytics data (e.g., Google Analytics)

1.6. SERP Data

We fetch and display search results, keywords, and ranking signals via third-party SERP data providers (e.g., DataForSEO).

We do not permanently store SERP data — it is displayed only during your session.

2. How We Use Your Data

We use your data to:

• Provide access to the IvaBot platform and its instruments (Core Audit, Content Builder, Content Coverage)
• Authenticate your account
• Track session quotas and usage limits
• Process one-time payments and manage purchased session credits
• Generate SEO audits, content, and reports
• Export documents (PDF reports)
• Improve product performance and reliability
• Comply with legal obligations

We do not sell personal data.

We do not use personal data to train AI models.

AI outputs are generated using third-party AI systems (OpenAI), which process prompts only for generating responses and do not retain your data for training.

3. Third-Party Processors

We rely on third-party processors for authentication, payments, database hosting, analytics, and AI content generation.

Main processors include:

• Stripe — payment processing
• Supabase — authentication and database
• Google — OAuth authentication and analytics
• OpenAI — AI content generation
• DataForSEO — search engine data
• Make — workflow automation

Each processor handles data under its own Privacy Policy and applicable data protection standards. We never share more data than required for the service to function.

4. Cookies

We use cookies for:

• Authentication and session management
• Analytics (Google Analytics)
• Service performance monitoring

You may disable cookies in your browser settings, but some features may not work properly.

5. Your Rights

You may request at any time:

5.1. Access

Receive a copy of your stored personal data.

5.2. Correction

Update or edit your account details through your Dashboard settings.

5.3. Deletion

Request removal of your account and all associated data from our systems. Contact us at the email below to initiate deletion.

5.4. Account & Credit Management

You may stop using the service at any time. Purchased session credits are non-refundable unless required by applicable law. You may request account deletion as described above.

5.5. Data Export

Upon request, you may receive your personal account data in a standard format (JSON or CSV).

We may require identity verification to process sensitive requests.

6. Data Retention

We keep your data only as long as necessary to:

• Provide the service
• Maintain accurate billing records
• Comply with legal and accounting requirements

When you request deletion, your personal data is removed from active systems.

7. Security

We use industry-standard protections to secure your data, including:

• Encrypted connections (HTTPS)
• Secure payment handling through Stripe
• Row-level security policies on database tables
• Limited internal access to production data
• Regular monitoring and security reviews

However, no system is 100% secure. Use the service at your discretion.

8. International Data Transfers

Some processors may store data outside your country. All transfers comply with GDPR and other applicable regulations through approved safeguards.

9. Contact

For privacy questions, data requests, or complaints, contact:

hello@ivabot.xyz

We aim to respond within 30 days.

10. Changes to This Policy

We may update this Privacy Policy when required. The "Last updated" date at the top will reflect the most recent version.