Savvyeo← Back to Home

Privacy Policy

Last updated: April 21, 2026

Savvyeo ("we," "us," or "our") operates the Savvyeo platform accessible at savvyeo.com and app.savvyeo.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Account Information: When you create an account, we collect your email address and a hashed password. We do not store plaintext passwords.

WordPress Site Data: When you connect a WordPress site, we receive and store your WordPress site URL, username, and an Application Password (encrypted with AES-256-GCM at rest). We use these credentials solely to read page content and deploy SEO optimizations via the WordPress REST API.

Google Search Console Data: If you connect Google Search Console, we receive read-only OAuth access to your search performance data (keywords, rankings, impressions, clicks). We request only the webmasters.readonly scope — we cannot modify your search data.

Page Content: When running SEO optimization or content generation, we temporarily process your WordPress page content (text, images) through AI models to generate optimized metadata. We do not permanently store full page content.

Usage Data: We log API usage (token counts, model used, cost) per user and site for billing enforcement and internal margin monitoring.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Generate AI-powered SEO optimizations (meta titles, descriptions, schema markup, image alt text, articles)
  • Display keyword ranking data from Google Search Console
  • Deploy approved optimizations to your WordPress sites
  • Enforce subscription tier usage limits
  • Send transactional emails (account confirmation, password reset)
  • Respond to support inquiries

3. Data Security

We implement industry-standard security measures to protect your data:

  • All WordPress Application Passwords are encrypted at rest using AES-256-GCM
  • Google Search Console OAuth tokens are encrypted at rest using AES-256-GCM
  • Database access is protected by Supabase Row-Level Security (RLS) — each user can only access their own data
  • All data in transit is encrypted via HTTPS/TLS
  • Authentication uses secure, httpOnly cookies with Supabase SSR

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account or request data deletion, we will remove your personal data within 30 days. Anonymized, aggregated usage statistics may be retained for internal analytics.

5. Your Rights

You have the right to:

  • Access your personal data — request a copy of the data we hold about you
  • Correct inaccurate data — update your profile information at any time
  • Delete your data — request complete deletion of your account and all associated data
  • Export your data — request a machine-readable export of your data
  • Disconnect services — revoke Google Search Console access or disconnect WordPress sites at any time from your dashboard

6. Cookies

We use the following cookies:

  • Authentication cookies — Session cookies set by Supabase to maintain your login state. These are essential for the Service to function.
  • Cloudflare security cookies — Set by Cloudflare for DDoS protection and security. These are essential cookies.

We do not use advertising cookies or third-party tracking cookies.

7. Children

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

9. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: support@savvyeo.com