Legal
Privacy Policy
Last updated: 12 March 2026
KaizenSEO Ltd ("KaizenSEO", "we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the KaizenSEO platform and services, and sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
KaizenSEO is the data controller for the personal data we collect about you. If you have any questions about this policy or our data practices, please contact us at [email protected].
1. What Personal Data We Collect
We collect and process the following categories of personal data:
| Category | Examples | How Collected |
|---|---|---|
| Identity data | Name, username, profile picture | Account registration |
| Contact data | Email address | Account registration, support requests |
| Account data | Website URL, business name, industry, competitors | Onboarding wizard |
| Payment data | Billing name, last 4 digits of card, billing address | Stripe payment processor (we do not store full card numbers) |
| Usage data | Pages visited, features used, articles generated, session duration | Automatically via cookies and server logs |
| Technical data | IP address, browser type, device type, operating system | Automatically via server logs |
| Communications data | Support emails, feedback messages | When you contact us |
| Integration data | WordPress credentials (encrypted), Google Search Console tokens | When you connect integrations |
We do not collect any special category data (such as health, racial or ethnic origin, political opinions, or biometric data) and we do not knowingly collect personal data from children under the age of 18.
2. How We Use Your Personal Data
We use your personal data for the following purposes, relying on the legal bases indicated:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| To create and manage your Account | Performance of a contract (Art. 6(1)(b)) |
| To provide the Services, including AI article generation and SEO tools | Performance of a contract (Art. 6(1)(b)) |
| To process payments and manage your Subscription | Performance of a contract (Art. 6(1)(b)) |
| To send transactional emails (receipts, password resets, service notifications) | Performance of a contract (Art. 6(1)(b)) |
| To respond to support requests and enquiries | Legitimate interests (Art. 6(1)(f)) — providing customer service |
| To improve and develop the Services | Legitimate interests (Art. 6(1)(f)) — improving our product |
| To detect and prevent fraud, abuse, and security incidents | Legitimate interests (Art. 6(1)(f)) — protecting our business and users |
| To comply with legal obligations (e.g. tax records, regulatory requests) | Legal obligation (Art. 6(1)(c)) |
| To send marketing communications (with your consent) | Consent (Art. 6(1)(a)) — you may withdraw at any time |
| To conduct analytics and measure platform performance | Legitimate interests (Art. 6(1)(f)) — understanding usage patterns |
3. Cookies and Tracking Technologies
| Type | Purpose | Basis |
|---|---|---|
| Strictly necessary | Session authentication, security tokens, CSRF protection | Necessary for the service to function |
| Functional | Remembering your preferences and settings | Legitimate interests |
| Analytics | Understanding how users navigate the platform (anonymised) | Consent |
| Marketing | Tracking conversions and ad performance (where applicable) | Consent |
You can control non-essential cookies through your browser settings. Disabling strictly necessary cookies may prevent the Services from functioning correctly.
4. How We Share Your Personal Data
We do not sell your personal data. We share your data only in the following circumstances:
- Service providers: We share data with trusted third-party processors who assist us in operating the Services, including Stripe (payment processing), cloud hosting providers, and email delivery services. All processors are bound by data processing agreements and are required to process data only on our instructions.
- AI model providers: Content generation requires sending your website URL, business description, and target keywords to AI model APIs. We do not send personally identifiable information to AI providers beyond what is necessary to generate content.
- Legal requirements: We may disclose your data if required to do so by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect the rights, property, or safety of KaizenSEO, our users, or others.
- Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the acquiring entity, subject to the same protections described in this policy.
5. International Data Transfers
Some of our third-party service providers are located outside the UK. Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or adequacy decisions recognised by the UK Information Commissioner's Office (ICO). You may request details of the safeguards in place by contacting us at [email protected].
6. Data Retention
We retain your personal data for as long as your Account is active or as necessary to provide the Services. Specifically:
- Account and profile data is retained for the duration of your Account and for up to 7 years after closure for legal and tax compliance purposes.
- Payment records are retained for 7 years in accordance with HMRC requirements.
- Usage and analytics data is retained for up to 24 months in aggregated or anonymised form.
- Support communications are retained for up to 3 years.
When data is no longer required, we securely delete or anonymise it.
7. Your Rights Under UK GDPR
Under the UK GDPR, you have the following rights in relation to your personal data:
| Right | What it means |
|---|---|
| Right of access | You can request a copy of the personal data we hold about you (a Subject Access Request). |
| Right to rectification | You can ask us to correct inaccurate or incomplete personal data. |
| Right to erasure | You can ask us to delete your personal data in certain circumstances (the 'right to be forgotten'). |
| Right to restriction | You can ask us to restrict how we use your personal data in certain circumstances. |
| Right to data portability | You can ask us to provide your personal data in a structured, machine-readable format. |
| Right to object | You can object to our processing of your personal data based on legitimate interests, including for direct marketing. |
| Right to withdraw consent | Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing. |
| Rights related to automated decision-making | You have rights in relation to automated decisions that have a significant effect on you. |
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one calendar month. We may need to verify your identity before processing your request.
If you are not satisfied with our response or believe we are not processing your data lawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include encryption of data in transit (TLS), encrypted storage of sensitive credentials, access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach and, where required, notify affected individuals without undue delay.
9. Third-Party Links
The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before providing any personal data.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.
Contact Us
For any privacy-related questions, requests, or complaints, please contact our data protection team at:
You also have the right to complain to the ICO: ico.org.uk/make-a-complaint