Privacy Policy

1. Introduction

SeoTo.social ("we", "our", or "us") operates the SeoTo.social web application and the SeoTo.social – PublisherChrome extension (collectively, "the Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use either product. By using the Service, you agree to the practices described here.

2. Information We Collect

2.1 Account Information

• Name, email address, and profile picture from your Google account (via Google Sign-In).

2.2 Google Search Console Data

• Search performance metrics (queries, impressions, clicks, CTR, and position) for websites you own and have explicitly authorized us to access through the Google Search Console API.
• This data is used solely to generate social media content on your behalf.

2.3 Generated Content

• AI-generated posts (X/Twitter and LinkedIn) created from your Search Console data, stored in your account history so you can review, edit, and re-use them.

2.4 Chrome Extension — Local Storage

The SeoTo.social – Publisher extension uses the Chrome storage API to save the following data locally on your device:

• Authentication token – a session token obtained after you log in through the web app, used to authenticate API requests to seoto.social without requiring you to log in again each time.
• User preferences – settings you configure within the extension (e.g., default network selection).

This data is stored only in your browser's local extension storage and is not shared with third parties.

2.5 Chrome Extension — Tab Access

The extension uses the Chrome tabs permission exclusively to read the URL of your currently active tab. This URL is used to identify which of your connected websites you are browsing so the extension can display relevant, pre-generated content for that site. We do not track your browsing history, record visited URLs beyond the active tab, or transmit tab data to any third party.

2.6 Data Transmitted to Our Servers

When you use the extension, the following data is sent to seoto.social servers (covered by the host permission https://seoto.social/*):

• Your authentication token (to verify your identity).
• The current page URL (to match content to your website).
• Actions you take (e.g., publishing a post, requesting new content generation).

No other data is transmitted from your browser to our servers.

2.7 Usage and Technical Data

• Aggregated, anonymized analytics (page views, feature usage) collected via Vercel Analytics to help us improve the Service.
• Standard server logs (IP address, browser type, request timestamps) for security and debugging.

3. How We Use Your Information

• To provide, operate, and maintain the Service (web app and Chrome extension).
• To generate AI-powered X/Twitter and LinkedIn posts based on your Google Search Console data.
• To authenticate you and manage your account and subscription.
• To send transactional emails (e.g., billing confirmations, account notices) via Resend.
• To improve and develop new features using anonymized, aggregated analytics.
• To comply with legal obligations and enforce our Terms of Service.

4. Google API Services — Limited Use Disclosure

SeoTo.social's use and transfer of information received from Google APIs to any other application will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• Google Search Console API: We access search performance data (queries, impressions, clicks, CTR, position) only for websites you have explicitly authorized. This data is used solely to generate social media content for you and for no other purpose.
• Google Sign-In: Used exclusively for authentication. We do not use Google OAuth tokens for any purpose beyond providing the Service to you.
• We do not share, sell, rent, or transfer your Google user data to third parties for advertising, marketing, or any purpose unrelated to the Service.
• We do not use Google user data to train machine learning models or for any purpose not directly related to operating the Service.
• You may revoke our access to your Google account at any time through your Google Account permissions page.

5. Third-Party Services

• OpenAI:We send anonymized search query data (no personally identifiable information) to OpenAI's API to generate social media posts. OpenAI's use of this data is governed by OpenAI's Privacy Policy.
• LemonSqueezy: Our payment processor. When you subscribe, your billing information is handled by LemonSqueezy and subject to their privacy policy. We do not store your credit card details.
• Vercel: We host the web application on Vercel, which may collect standard server logs and anonymized analytics.
• MongoDB: Your account data and generated content are stored in encrypted MongoDB databases hosted in the cloud.
• Resend: Used to send transactional emails. Only your email address is shared for this purpose.

6. Data Storage and Security

Your data is stored in encrypted databases using industry-standard security measures. Authentication tokens (Google OAuth tokens and session tokens) are stored encrypted at rest and are used only to communicate with Google's APIs and our own API on your behalf.

We implement access controls, TLS encryption in transit, and regular security reviews. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your account data for as long as your account is active. Generated posts and Search Console data snapshots are retained for up to 12 months and then deleted automatically.

You may request deletion of your account and all associated data at any time by emailing privacy@seoto.social. Upon deletion, all your personal data — including OAuth tokens, generated content, and Search Console data — will be permanently removed from our systems within 30 days.

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your account and all associated personal data.
• Portability: Request a machine-readable export of your data where technically feasible.
• Restriction / Objection: Request that we restrict processing of your data in certain circumstances.
• Revoke Google access: Revoke our access to your Google account at any time via your Google Account settings.

To exercise any of these rights, contact us at privacy@seoto.social. We will respond within 30 days.

9. Cookies and Local Storage

The web application uses cookies and browser local storage for the following purposes:

• Session cookies: To keep you authenticated while you use the web app. These expire when you close your browser or log out.
• Persistent cookies:To remember your login session across browser sessions (only if you enable "Remember me").

We do not use cookies for advertising or behavioral tracking.

10. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at privacy@seoto.social and we will delete it promptly.

11. International Data Transfers

Our servers are located in the United States. If you are accessing the Service from the European Union, United Kingdom, or other regions with data protection laws, please note that your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take appropriate safeguards to ensure your data is treated securely and in accordance with applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you via email or a prominent notice in the application. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, requests, or complaints about this Privacy Policy or our data practices, please contact us: