Privacy Policy

1. Introduction

OptimizeGenius ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our AI-powered content optimization platform available at optimizegenius.com (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. We will not use or share your information with anyone except as described in this Privacy Policy.

2. Information We Collect

2.1 Account Information

• Email address (for account creation and communication)
• Name (provided through OAuth providers like Google or Microsoft)
• Profile picture (if provided by OAuth provider)
• Authentication tokens (securely stored and encrypted)

2.2 Content Data (Zero-Knowledge)

• Your original content (encrypted with AES-256-GCM before transmission)
• AI optimization results (encrypted and only decryptable by you)
• Content metadata (word count, content type, optimization scores - anonymized)
• Business niche selections (for optimization tailoring)

2.3 Usage Information

• Service usage statistics (anonymized and aggregated)
• Feature interaction data (which tools you use most)
• Performance metrics (response times, error rates)
• Subscription and billing information

2.4 Technical Information

• IP address (for security and rate limiting)
• Browser type and version
• Device information (operating system, screen resolution)
• Access logs (for security monitoring and debugging)

3. How We Use Your Information

3.1 Service Provision

• Provide AI-powered content optimization services
• Process your content through Google's Gemini AI (in encrypted form)
• Generate personalized optimization recommendations
• Maintain your account and subscription status

3.2 Communication

• Send account-related notifications (security alerts, billing updates)
• Provide customer support and respond to inquiries
• Send optional product updates and feature announcements (opt-out available)

3.3 Security and Compliance

• Detect and prevent fraud, abuse, and security violations
• Monitor for unauthorized access and suspicious activity
• Comply with legal obligations and law enforcement requests
• Maintain audit logs for security and compliance purposes

3.4 Service Improvement

• Analyze aggregated, anonymized usage patterns
• Improve AI optimization algorithms and user experience
• Develop new features and services
• Conduct security research and testing

4. Zero-Knowledge Architecture

This architecture ensures that even if our servers were compromised, your content would remain completely unreadable. We have mathematically eliminated our ability to access your sensitive content.

5. Information Sharing and Disclosure

5.1 Service Providers

We may share limited information with trusted service providers who assist in operating our service:

• Google (Gemini AI): Encrypted content for AI processing (zero-knowledge)
• Firebase/Google Cloud: Authentication and encrypted data storage
• Stripe: Payment processing (minimal billing information only)
• Vercel: Application hosting and performance monitoring

5.2 Legal Requirements

We may disclose information when required by law or to protect our rights, but due to our zero-knowledge architecture, we cannot provide access to your encrypted content even under legal compulsion.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred, but content encryption ensures your data remains protected under the same zero-knowledge principles.

6. Data Security

6.1 Encryption

• AES-256-GCM encryption for all content data
• TLS 1.3 encryption for data transmission
• End-to-end encryption with client-side key derivation
• Encrypted data storage in Firebase Firestore

6.2 Access Controls

• Multi-factor authentication for administrative access
• Role-based access control (RBAC) with principle of least privilege
• Regular security audits and penetration testing
• Automated threat detection and response

6.3 Infrastructure Security

• Google Cloud Platform enterprise security controls
• Regular security updates and vulnerability patching
• Comprehensive logging and monitoring
• DDoS protection and rate limiting

7. Your Rights and Choices

7.1 Access and Control

• View and export your account information and optimization history
• Update your profile information and communication preferences
• Delete specific content or optimization results
• Download your data in a portable format

7.2 Account Deletion

• Delete your account and all associated data at any time
• 30-day grace period for account recovery (data remains encrypted)
• Permanent deletion after grace period (irreversible due to encryption)
• Retention of anonymized usage statistics for service improvement

7.3 Communication Preferences

• Opt out of marketing communications (account security notifications cannot be disabled)
• Choose notification frequency and types
• Unsubscribe from emails with one-click links

8. Data Retention

8.1 Active Accounts

• Account information: Retained while account is active
• Content and optimization results: Retained per your subscription plan
• Usage analytics: Aggregated and anonymized, retained for service improvement

8.2 Inactive Accounts

• Accounts inactive for 2+ years may be deleted with 60-day notice
• Critical account data backed up in encrypted form for recovery
• Users can extend retention by logging in or contacting support

8.3 Legal Compliance

• Security logs retained for 13 months for compliance and investigation
• Billing records retained per tax and financial regulations (7 years)
• Anonymized analytics may be retained indefinitely for research

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

However, our zero-knowledge encryption ensures that your content remains protected regardless of where it is processed. We use Google Cloud Platform, which provides enterprise-grade security and compliance with international data protection standards including GDPR and CCPA.

10. Children's Privacy

OptimizeGenius is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately, and we will take steps to remove such information and delete the child's account.

11. Third-Party Services

11.1 Authentication Providers

We use Google and Microsoft OAuth for authentication. Their privacy policies govern how they handle your information during the authentication process. We only receive basic profile information (name, email, profile picture) that you consent to share.

11.2 AI Processing

Content optimization is powered by Google's Gemini AI. Your content is encrypted before being sent to Google's servers, ensuring Google cannot read your actual content. Google's AI Terms of Service and Privacy Policy apply to the processing of encrypted data.

11.3 Payment Processing

Stripe processes all payments. We do not store your credit card information. Stripe's privacy policy governs how they handle your payment information.

12. Privacy Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to your registered email address
• Displaying a prominent notice in our application
• For significant changes, requesting your explicit consent

Changes become effective 30 days after notification, except for changes that enhance privacy protection, which may take effect immediately.

13. Regional Privacy Rights

13.1 European Union (GDPR)

If you are in the EU, you have additional rights under GDPR:

• Right to access your personal data
• Right to rectification of incorrect data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge complaints with supervisory authorities

13.2 California (CCPA)

If you are a California resident, you have rights under CCPA:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (note: we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

14. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact us: