Privacy Policy

AISeen ("we", "us", "our") is an AI-powered SEO, GEO, and Security audit platform operated by Roman Kravets (ФОП Кравець Роман Васильович). This Privacy Policy explains what data we collect, why we collect it, how it is used and protected, and what rights you have.

1. Who We Are

• Product: AISeen — AI SEO + GEO + Security audit platform
• Website: aiseen.app
• Operator: ФОП Кравець Роман Васильович
• Contact: support@aiseen.app

2. Data We Collect

2.1 Account Data (via OAuth)

When you sign in with Google or GitHub (via NextAuth.js), we receive and store:

• Name and email address
• Profile picture URL (avatar)
• OAuth provider ID (not your password — we never see it)

2.2 Audit Data

• Website URLs you submit for analysis
• Audit results: SEO, GEO, Security, Speed, Pentest, Privacy scores
• AI fix history (prompts and generated recommendations)
• Audit timestamps

2.3 Billing Data

• Plan type (Free / Starter / Pro / Agency)
• Payment status and transaction ID from WayForPay
• We never store full card numbers — only masked values provided by WayForPay

2.4 Technical Data

• IP address and browser User-Agent (for security and abuse prevention)
• Session tokens stored in HTTP-only cookies (NextAuth.js)
• Locale preference stored in cookies

3. Why We Collect This Data

4. Third-Party Services

We share data only with service providers necessary to operate AISeen:

• Google / GitHub OAuth — Authentication. Governed by their own privacy policies.
• MongoDB Atlas — Cloud database for user accounts and audit results (AWS EU region).
• Vercel — Hosting and serverless functions.
• WayForPay — Payment processing. Full card data is processed by WayForPay; we receive only transaction status and masked card number.
• Anthropic Claude API — AI-powered fix generation. Your site URL and audit data may be sent to Claude to generate recommendations.
• Cloudflare — CDN and DDoS protection.
• Playwright / Browserbase — Site crawling for audit purposes.

We do not sell your personal data to any third party.

5. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Audit history: Retained for the duration of your subscription + 90 days after cancellation.
• Payment records: 3 years (legal obligation).
• Session tokens: Expire per NextAuth.js session settings (typically 30 days).

6. Cookies

We use the following cookies:

• next-auth.session-token — HTTP-only session cookie. Required for authentication.
• NEXT_LOCALE — Stores your language preference.

We do not use advertising or tracking cookies. Third-party services (Google, GitHub, Cloudflare) may set their own cookies per their policies.

7. Your Rights (GDPR / Ukrainian Law)

You have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion ("right to be forgotten")
• Restriction — limit how we process your data
• Portability — receive your data in machine-readable format
• Objection — object to processing based on legitimate interest

To exercise any right, email us at support@aiseen.app. We will respond within 30 days.

8. Security

• All data is transmitted over TLS 1.2+
• MongoDB Atlas provides encryption at rest
• API keys are stored as environment variables (never in code)
• Session cookies are HTTP-only and Secure
• Access to production data is restricted to the operator

9. International Transfers

Data may be processed by our service providers on servers outside Ukraine and the EU (e.g., Vercel, MongoDB Atlas, Anthropic). We take appropriate steps to ensure adequate protection for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Continued use of AISeen after changes constitutes acceptance.

11. Contact

• Email: support@aiseen.app
• Website: aiseen.app
• Operator: ФОП Кравець Роман Васильович