Privacy Policy — Infin8Content

1 Overview

Infin8Content, Inc. ("Infin8Content", "we", "us", or "our") operates an AI-powered content generation and SEO strategy platform accessible at infin8content.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

Our commitment: We never sell your personal data to third parties. Your content, keywords, and business information are yours — we only use them to provide and improve the Service.

2 Information We Collect

2.1 Information You Provide Directly

Account information: name, email address, password (hashed), and organization name when you register.
Billing information: payment card details processed and stored by Stripe; we never store raw card numbers.
Business profile: website URL, industry, target audience, competitors, and content preferences entered during onboarding.
Content inputs: keywords, instructions, and editorial guidance you submit when generating articles.
CMS credentials: connection credentials for WordPress, Ghost, Notion, Shopify, Webflow, or custom CMS integrations, stored encrypted with AES-256.
Team information: email addresses of team members you invite.
Communications: support requests, feedback, and correspondence with us.

2.2 Information Collected Automatically

Usage data: pages visited, features used, article generation events, publish events, and interaction sequences.
Log data: IP address, browser type, operating system, referring URLs, and timestamps.
Performance data: generation latency, error rates, and system health metrics.
Device data: device type, screen resolution, and language settings.

2.3 Information from Third Parties

Authentication providers: if you sign in via OAuth, we receive your name and email from that provider.
Payment processor: Stripe provides transaction status, subscription state, and billing history.
SEO data providers: DataForSEO provides keyword metrics associated with keywords you research.

3 How We Use Your Information

Purpose	Data Used	Legal Basis
Providing the Service	Account info, content inputs, CMS credentials	Contract performance
Article generation	Keywords, business profile, writing instructions	Contract performance
Billing & subscriptions	Email, payment tokens (via Stripe)	Contract performance
Security & fraud prevention	IP address, usage patterns, log data	Legitimate interest
Product improvement	Aggregated, anonymized usage data	Legitimate interest
Customer support	Communications, account info	Contract performance
Marketing (opt-in)	Email address	Consent
Legal compliance	As required by applicable law	Legal obligation

We do not use your content (generated articles, keywords, business strategy) to train our AI models or share it with model providers beyond what is necessary to generate your requested output.

4 Sharing & Disclosure

We do not sell, trade, or rent your personal information. We share data only in these limited circumstances:

4.1 Service Providers (Sub-processors)

Provider	Purpose	Data Shared
Supabase	Database, authentication, real-time	All user and content data
Stripe	Payment processing	Email, billing details
OpenRouter	AI content generation (LLM routing)	Content prompts only
Tavily	Web research for articles	Search queries (keywords)
DataForSEO	Keyword metrics & SERP data	Keyword queries
Brevo	Transactional email	Email address, name
Inngest	Background job orchestration	Job metadata (no PII)
Sentry	Error monitoring	Stack traces, anonymized context
Vercel	Application hosting	Request logs (IP, headers)

4.2 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

If Infin8Content is acquired or merges with another company, your information may be transferred. We will notify you via email or prominent notice within the Service prior to any such transfer.

4.4 With Your Consent

We may share your information with other parties when you have provided explicit consent to do so.

5 Data Retention

Account data: retained for the duration of your subscription plus 90 days after account closure, unless earlier deletion is requested.
Generated articles: retained indefinitely while your account is active; deleted within 30 days of account deletion.
Activity logs: retained for 12 months for security and compliance purposes.
Billing records: retained for 7 years as required by tax and financial regulations.
Research cache: keyword research results are cached for 24 hours and then purged.

You may request earlier deletion of your data at any time. See Your Rights below.

6 Security

We implement industry-standard security measures to protect your information:

AES-256 encryption for all CMS credentials at rest
TLS 1.3 for all data in transit
Row-Level Security (RLS) in our database ensuring strict tenant isolation — your data is never accessible to other organizations
Multi-factor authentication support via OTP
API key hashing and rotation mechanisms
Rate limiting and abuse detection on all endpoints
Regular security audits and dependency scanning

While we implement strong security measures, no method of transmission over the Internet is 100% secure. If you discover a security vulnerability, please disclose it responsibly to security@infin8content.com.

7 Cookies & Tracking

We use cookies and similar technologies to:

Session cookies: maintain your authenticated session (required for the Service to function)
Preference cookies: remember your UI preferences
Analytics: understand how users interact with the Service (aggregated, not sold)

You can control cookies through your browser settings. Disabling essential cookies will prevent you from using the authenticated portions of the Service.

We do not use third-party advertising cookies or cross-site tracking.

8 Your Rights

Depending on your jurisdiction, you may have the following rights:

Access: request a copy of the personal data we hold about you
Correction: request correction of inaccurate or incomplete data
Deletion: request deletion of your personal data ("right to be forgotten")
Portability: receive your data in a machine-readable format (available via GET /api/user/export)
Restriction: restrict processing of your data in certain circumstances
Objection: object to processing based on legitimate interests
Opt-out of marketing: unsubscribe from marketing emails at any time via the unsubscribe link

To exercise any of these rights, contact us at privacy@infin8content.com. We will respond within 30 days. For GDPR requests, we will respond within 30 days (extendable by 60 days with notice).

CCPA: California residents may also submit requests through our in-app data export and deletion tools.

9 Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it promptly.

10 International Data Transfers

Infin8Content is based in the United States. If you access our Service from outside the US, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate.

For transfers of data from the European Economic Area (EEA) or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and ensure all sub-processors maintain appropriate safeguards.

11 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new policy on this page with an updated "Last Updated" date
Sending an email notification to the address on file
Displaying an in-app announcement banner

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12 Contact Us

For privacy-related questions, requests, or concerns:

Privacy Team — Infin8Content

We aim to respond to all privacy inquiries within 5 business days.

privacy@infin8content.com