Privacy Policy
Last updated: February 2026
Summary: We collect only the data necessary to provide our AI-powered SEO content generation service. We do not sell your personal information. Authentication is handled by Clerk, our database is hosted on Supabase, and content generation is powered by Anthropic's Claude API.
This Privacy Policy describes how serp.systems ("we", "us", or "our") collects, uses, and shares information about you when you use our website and services at serp.systems.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you create an account, authentication is handled by Clerk, a third-party authentication provider. Clerk collects and manages your email address, name, and authentication credentials on our behalf. We do not directly store passwords or authentication tokens — Clerk handles all credential management securely.
- Content: We store the articles you generate, including prompts, keywords, and generated output, in our database hosted on Supabase (PostgreSQL).
- Contact Form Submissions: When you contact us through our website, we collect your name, email address, subject, and message content.
- Communications: If you correspond with us via email or other channels, we retain the content of those communications.
1.2 Information Collected Automatically
- Usage Data: We track information about how you use our services, including the number of API calls made, tokens consumed, and articles generated. This data is used for enforcing plan limits and improving our service.
- Device Information: Browser type, operating system, IP address, and device identifiers.
- Cookies: We use essential cookies for authentication (set by Clerk) and session management. We also use Umami, a privacy-focused, open-source analytics tool, to understand how visitors use our site. Umami does not use cookies for tracking and does not collect any personal data. Analytics data is only loaded if you accept analytics via our cookie consent banner.
2. How We Use Your Information
- Provide, maintain, and improve our AI content generation services
- Authenticate your identity and manage your account (via Clerk)
- Process your content generation requests using the Anthropic Claude API
- Track usage metrics (API calls, tokens used, articles generated) to enforce plan limits
- Send technical notices, updates, and security alerts
- Send product updates, tips, and promotional emails only if you opted in during registration. You can withdraw consent at any time from your account settings or by clicking "Unsubscribe" in any marketing email.
- Respond to your comments, questions, and support requests submitted through our contact form
- Monitor and analyze trends, usage patterns, and activities to improve the service
- Detect, investigate, and prevent fraudulent transactions and abuse
- Comply with legal obligations
3. Information Sharing
We do not sell your personal information. We may share information in the following circumstances:
- Service Providers: With companies that provide services on our behalf, including authentication (Clerk), database hosting (Supabase), AI content generation (Anthropic), AI image generation (Runware), AI text humanization (StealthGPT), and email delivery.
- Legal Requirements: To comply with applicable law, regulation, or valid legal process.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
- With Your Consent: When you explicitly direct us to share your information.
4. Third-Party Services
Our service relies on the following third-party services that may process your data:
| Service |
Purpose |
Privacy Policy |
| Clerk |
User authentication & identity management |
Link |
| Supabase |
Database hosting (PostgreSQL) |
Link |
| Anthropic |
AI content generation (Claude API) |
Link |
| Stripe |
Payment processing & subscription billing |
Link |
| Runware |
AI image generation for articles |
Link |
| StealthGPT |
AI text humanization (optional, when “Humanize Text” is enabled) |
Link |
Payment Processing
We use Stripe to process subscription payments. When you upgrade to a paid plan, Stripe collects and processes your payment card details directly — we never see or store your full card number. Stripe may store your:
- Name and billing address
- Card last four digits and expiration date
- Transaction history related to your subscription
We store only your Stripe Customer ID and Subscription ID to manage your account tier. Stripe processes payments in accordance with PCI DSS Level 1 standards. See Stripe's Privacy Policy for details.
5. Data Retention
We retain your information for as long as your account is active or as needed to provide our services. Specifically:
- Account Data: Retained while your account is active. Authentication data is managed by Clerk according to their retention policies.
- Generated Content: Stored in Supabase for the duration of your account unless you delete it.
- Generated Images: AI-generated images are stored in Supabase Storage and associated with your account. Images are permanently deleted when your account is purged (30 days after account deletion request).
- Usage Data: API call logs, token counts, and generation history are retained for service operation and may be aggregated for analytics.
- Contact Form Submissions: Retained for as long as necessary to respond to and resolve your inquiry.
You can request deletion of your data at any time by contacting us at [email protected].
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data.
- Portability: Request your data in a structured, commonly used, machine-readable format.
- Objection: Object to certain types of processing of your data.
- Restriction: Request restriction of processing in certain circumstances.
- Withdrawal of Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption in transit (TLS/SSL) for all data transmitted between your browser and our servers
- Secure authentication managed by Clerk, which handles credential storage, password hashing, and session management
- Database hosted on Supabase with row-level security and encrypted storage
- Access controls and role-based permissions
- Regular security reviews of our application code and infrastructure
8. International Transfers
Your information may be transferred to and processed in countries other than your own, including the United States, where our service providers (Clerk, Supabase, Anthropic, Runware, StealthGPT) operate. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
9. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.
10. Cookies & Analytics
We use the following types of cookies and tracking technologies:
- Essential / Authentication: Set by Clerk for authentication and session management. These are required for the service to function and cannot be disabled.
- Functional: Used to remember your preferences and settings within the application.
- Analytics (Umami): We use Umami, a privacy-focused, open-source analytics platform. Umami does not use cookies for tracking, does not collect personal data, and does not track users across websites. It collects anonymous page-view and event data only. The Umami analytics script is loaded only after you accept analytics via the cookie consent banner shown on your first visit. Your choice is stored in your browser's localStorage. If you reject analytics, no analytics script is loaded and no usage data is collected.
We do not use advertising cookies or any third-party tracking tools beyond Umami.
You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using authenticated features of the service. You can also clear your cookie consent preference by deleting the cookie_consent key from your browser's localStorage.
11. AI Content Generation & Data Processing
When you use our content generation features:
- Your input prompts and keywords are sent to the Anthropic Claude API for processing.
- Anthropic processes this data according to their privacy policy and API data usage policy. As of the time of writing, Anthropic does not use API inputs/outputs to train their models.
- If you enable AI image generation, text prompts derived from your article content are sent to the Runware API to generate images. Runware processes these prompts according to their privacy policy. Generated images are stored securely in our Supabase Storage infrastructure — not on Runware's servers long-term. All stored images are permanently deleted when your account is purged.
- If you enable the “Humanize Text” option, your generated article text is sent to the StealthGPT API for rephrasing. StealthGPT processes this text according to their privacy policy. Only the article body text is sent — no personal information, account data, or metadata is transmitted.
- Generated content is stored in our Supabase database and associated with your account.
- We track the number of tokens consumed and articles generated for usage metering purposes.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes by email or through a prominent notice on our service. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.
13. GDPR Compliance (EU/EEA Users)
For users in the European Union or European Economic Area:
- Legal Basis: We process your data based on:
- Contract performance: To provide our content generation service to you.
- Legitimate interests: To improve our service, prevent fraud, and ensure security.
- Consent: Where you have given explicit consent (e.g., for marketing communications). You can opt in during registration and withdraw consent at any time via your account settings or by clicking "Unsubscribe" in any marketing email.
- Legal obligations: To comply with applicable laws.
- Data Controller: serp.systems is the data controller for your personal information.
- Data Processors: Clerk (authentication), Supabase (database), Anthropic (AI text generation), and Runware (AI image generation) act as data processors on our behalf.
- Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe your data is being processed unlawfully.
14. CCPA Compliance (California Residents)
California residents have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request details about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out: You have the right to opt out of the "sale" of personal information. We do not sell your personal data.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise your CCPA rights, contact us at [email protected].
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: