Privacy Policy

Learn how DraftSEO.ai protects your personal data in compliance with GDPR, CCPA, and international privacy laws.

Last updated: February 13, 2026

1. Data Controller Information

Legal Entity: Kliment Paskalev Limited
Trading Name: DraftSEO.ai
Website: draftseo.ai
Jurisdiction: United Kingdom
Registered Office: 197B Powerscourt Road, PO27JH, United Kingdom
Email: Loading...
Data Protection Officer: Not appointed (not required for our business)

2. Information We Collect

2.1 Personal Information You Provide

Account Information: Email address, name, password (encrypted)
Billing Information: Payment details processed through Paddle (not stored by us)
Content Data: Blog prompts, keywords, generated content
Communication Data: Support messages, feedback, preferences

2.2 Automatically Collected Information

We collect technical information for service functionality, analytics, and marketing optimization:

Session Data: Authentication tokens (JWT), session cookies
Network Data: IP address and user agent information for service delivery, security, and analytics
Location Data: Approximate geographic location derived from IP address
Analytics Data: Anonymized usage patterns via Google Tag Manager, Google Analytics, and Microsoft Clarity
Marketing Data: Interaction tracking via Meta Pixel (requires your explicit consent)

2.3 Information We Do NOT Collect

Device fingerprinting or cross-device tracking IDs
Detailed browsing history outside our platform
Precise location data (GPS coordinates)
Social media profile data beyond authentication
Biometric data or sensitive personal information

2.4 Third-Party Services Integration

YouTube API Services: This application uses YouTube API Services to provide video search and embedding functionality. For information about how Google collects and uses data, please review Google's Privacy Policy.

WordPress Auto-Publish Integration: When you enable WordPress Auto-Publish, we transmit your generated blog content and associated images directly to your WordPress website. WordPress credentials are stored encrypted and can be deleted anytime from your account settings.

Facebook Page Integration: When you connect your Facebook Page through our platform, we use the Meta (Facebook) Graph API to enable automatic publishing of your blog content to your Facebook Page. We collect and store the following data from Meta:

Facebook Page ID and Page Name: To identify which Page to publish to
Page Access Token: Stored encrypted (AES-256-CBC) to authorize publishing on your behalf
Facebook User ID: To associate the connection with your DraftSEO.ai account
Publication metadata: Post IDs and URLs of content published to your Page

We use Meta's pages_show_list, pages_read_engagement, and pages_manage_posts permissions solely to list your Pages, read engagement data for publishing verification, and publish content you have explicitly authorized. You can disconnect your Facebook Page and delete all associated data at any time from your Profile > Integrations settings. For more information on how Meta handles your data, please review Meta's Privacy Policy.

3. Legal Basis for Processing

Contract Performance (Art. 6(1)(b)): Account data, billing data, content generation, WordPress publishing, Facebook Page publishing
Consent (Art. 6(1)(a)): Marketing communications, Meta Pixel tracking, marketing tags
Legitimate Interest (Art. 6(1)(f)): Analytics and usage data for service improvement

4. Third-Party Data Sharing

We do not sell, rent, or trade your personal information. We share data only with essential service providers:

OpenAI (USA): AI content generation
Anthropic (USA): AI content generation (Claude models)
Paddle (UK/EU): Payment processing
SendGrid (USA): Transactional emails
Microsoft Clarity (USA): User experience analysis
Google Tag Manager (USA): Analytics and marketing
Meta Platforms (USA): Advertising measurement (with consent), Facebook Page auto-publishing (with authorization)
Nebius AI (EU): Image generation and CDN hosting

5. Your Rights

Under GDPR and CCPA, you have the right to:

Access your personal data
Rectify inaccurate data
Request erasure ("right to be forgotten")
Restrict processing
Data portability
Object to processing
Withdraw consent at any time
Lodge a complaint with a supervisory authority

To exercise these rights, contact us at Loading....

6. Data Retention

Account Data: Retained while account is active, deleted within 30 days of account deletion
Generated Content: Retained until you delete it or your account
Billing Records: 7 years for tax compliance
Analytics Data: Anonymized, retained for 26 months

7. Data Security

We implement industry-standard security measures including:

TLS 1.3 encryption for all data in transit
AES-256 encryption for sensitive data at rest
Secure password hashing (bcrypt)
Regular security audits
Access controls and monitoring

8. International Data Transfers

Your data may be transferred to and processed in the United States. We ensure adequate protection through Standard Contractual Clauses and compliance with the EU-U.S. Data Privacy Framework.

9. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our website.

11. Contact Us

For privacy-related inquiries:
Email: Loading...
Address: 197B Powerscourt Road, PO27JH, United Kingdom