Privacy Policy
Last updated: June 11, 2026
This Privacy Policy explains what personal data Serpon ("we", "us") collects, why we collect it, and the choices you have. It applies to serpon.com and the Serpon application.
1. Data we collect
- Account data — name, email address, password (hashed), and team/role membership.
- Billing data — handled by our merchant of record, Paddle. We store your plan, billing email, and a Paddle customer reference; we never see or store full payment-card details.
- Content data — article briefs, keywords, generated articles and their version history, workflow configurations, and research material produced for you.
- Integration credentials — API keys/passwords for platforms you connect (WordPress, Ghost, webhooks), stored encrypted at rest and used only to publish on your instruction.
- Usage data — word-usage counters, API request logs, and activity logs (who invited whom, role changes, publishing events) kept for security and audit.
2. How we use data
To provide and improve the service, enforce plan limits, secure accounts, send transactional email (invitations, billing and quota notices), and comply with legal obligations. We do not sell personal data.
3. AI processing
Content you submit for generation is processed by third-party AI model providers (such as OpenAI and Anthropic) under data processing agreements. Optional checks (such as originality scoring) send article text to the respective provider. We do not use your content to train models.
4. Sharing
We share data only with processors needed to run the service: hosting and CDN providers, Paddle (payments), AI model providers, email delivery, and error monitoring. Each processor is bound by contract to use data only on our instructions.
5. Retention
Account and content data are retained while your account is active. Raw usage records are pruned after 90 days; aggregated statistics may be kept longer. When you delete your account, personal data is deleted or anonymized within 30 days except where law requires longer retention (e.g. invoices).
6. Your rights
Depending on your jurisdiction (including the GDPR and CCPA), you may have the right to access, correct, export, restrict, or delete your personal data, and to object to processing. Email [email protected] to exercise these rights; we respond within 30 days. You may also lodge a complaint with your supervisory authority.
7. Security
Data is encrypted in transit (TLS) and sensitive fields (integration credentials, two-factor secrets) are encrypted at rest. Access to production data is restricted and logged.
8. Cookies
We use strictly necessary cookies for sessions, CSRF protection, and remembering preferences (such as theme and sidebar state). We do not use third-party advertising cookies.
9. Changes & contact
We will notify you of material changes to this policy. Contact: [email protected].