Privacy Policy

1. Overview

This Privacy Policy explains how AYSA.ai collects, uses, stores and protects personal data when you visit our website, contact us, create an account, use our application, connect a website, or interact with our SEO execution workflows.

AYSA is an AI SEO execution product. It can analyze websites, connect to website and search performance data, prepare SEO, AEO, GEO and AI visibility actions, request approval, and execute approved changes inside supported website platforms.

This policy is written for transparency. It should be read together with our Terms, Cookie Policy and any data processing agreement that may apply to business customers.

2. Who We Are

AYSA.ai is the website and product brand operated by AYSA SEO SRL, an AI SEO execution company registered in Romania. For privacy questions, data requests or security concerns, you can contact us at contact@aysa.ai.

Where AYSA determines why and how personal data is processed, AYSA acts as a data controller. Where AYSA processes data on behalf of a business customer, AYSA may act as a processor under the customer’s instructions.

3. Personal Data We May Collect

Account and contact data: name, email address, company, role, billing details, support requests, contact form messages and communication history.

Website and business context: website URL, business profile, target market, SEO objectives, services, products, tone of voice, competitors, location details and information you provide to help AYSA understand your business.

Connected service data: when you authorize integrations, AYSA may process data from services such as Google Search Console, Google Analytics, Google Business Profile or website platform integrations, depending on the permissions you grant.

Website execution data: pages, titles, descriptions, content suggestions, technical issues, redirects, schema, internal links, approval status, action history and approved execution logs.

Usage and technical data: IP address, browser, device, pages viewed, timestamps, referral sources, error logs, security events, cookies and similar technologies.

Payment and subscription data: plan, credits, invoices, VAT or billing country details and payment status. Payment card details are normally processed by payment providers and are not stored directly by AYSA unless explicitly stated.

4. How We Collect Data

We collect data directly from you when you submit a form, create an account, configure a website, approve actions, contact support or communicate with us.

We collect data automatically when you use our website or application, including technical logs, cookies, device information and usage events.

We collect data from authorized integrations only when you connect or approve those integrations, and only within the permission scope required for the product workflow.

5. How We Use Personal Data

To provide AYSA services: onboarding websites, analyzing SEO opportunities, preparing recommendations, managing approvals, executing approved changes and maintaining action history.

To personalize SEO work: understanding your business, market, tone, content needs, competitors, technical context and search performance.

To improve the product: debugging, performance monitoring, product analytics, quality control, training internal workflows and improving user experience.

To communicate with you: responding to contact requests, support tickets, billing questions, partnership inquiries, product updates and service notices.

To protect the service: preventing abuse, spam, fraud, unauthorized access, security incidents and misuse of integrations.

To comply with legal obligations: tax, accounting, billing, dispute resolution, regulatory requirements and lawful requests.

6. Legal Bases for Processing

Where GDPR or similar privacy laws apply, we rely on legal bases such as performance of a contract, legitimate interests, consent, legal obligations and, where necessary, steps taken before entering into a contract.

Examples include processing account data to provide the service, using technical logs to secure the platform, relying on consent for certain cookies or marketing communications, and retaining invoice data for legal obligations.

7. GDPR Rights for EEA, UK and Swiss Users

If you are located in the European Economic Area, the United Kingdom or Switzerland, GDPR or similar data protection laws may give you specific rights over your personal data.

These rights may include the right to request access to your personal data, correction of inaccurate data, deletion of data, restriction of processing, portability of data, objection to certain processing, and withdrawal of consent where processing is based on consent.

You may also have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first at contact@aysa.ai so we can try to resolve the request directly.

When AYSA acts as a processor for a business customer, we may need to forward or refer your request to that customer because they determine the purpose and legal basis for processing.

8. AI and Automated Processing

AYSA uses AI-assisted systems to analyze websites, search data and business context, then prepare SEO actions, content suggestions, technical recommendations and execution workflows.

AYSA is designed around approval-first execution. Important website changes should be reviewed and approved before execution. We do not intend to publish sensitive changes without prior approval from an authorized user.

AI output may be reviewed, improved or corrected by users and, where appropriate, by AYSA team members or authorized service providers for quality, safety and product improvement.

9. EU AI Act and AI Governance

The European Union Artificial Intelligence Act entered into force on 1 August 2024, with most obligations becoming applicable from 2 August 2026 and some obligations applying earlier or later depending on the AI system and role involved.

AYSA monitors the development of AI regulation, including the EU AI Act, and aims to operate AI-assisted SEO execution in a transparent, controlled and accountable way.

AYSA is designed for business SEO workflows, not for prohibited AI practices, biometric identification, social scoring, employment decisions, credit scoring, law enforcement decisions, medical diagnosis or other high-risk decision systems unless a separate legal and technical assessment supports that use.

Our AI governance principles include human approval for important website changes, traceable action history, clear distinction between suggestions and approved execution, user control over connected websites, and monitoring of AI outputs for quality and safety.

Where legal obligations require transparency, documentation, risk management or additional notices, AYSA may update product flows, customer agreements, technical controls or this Privacy Policy to reflect those requirements.

10. Connected Services and Website Platforms

When you connect third-party services, such as analytics, search performance, business profile or website platform tools, AYSA processes the data needed to provide the selected functionality.

You are responsible for ensuring you have the rights and permissions required to connect a website or third-party account to AYSA.

You can disconnect integrations where supported. Some historical records may remain in logs, action history, billing records or backups for security, continuity and legal reasons.

11. Cookies and Similar Technologies

We may use cookies and similar technologies to operate the website, remember preferences, understand usage, improve performance, protect accounts and support marketing measurement.

Some cookies are necessary for the website or application to function. Other cookies, such as analytics or marketing cookies, may depend on your consent or browser settings.

You can manage cookies through your browser settings and, where available, through our cookie controls.

12. When We Share Data

We do not sell personal data. We may share data with trusted service providers that help us operate AYSA, such as hosting, infrastructure, analytics, email, payment, customer support, security and AI processing providers.

We may share data with integrations you authorize, with your team members or account users, with professional advisers, or where required by law, regulation, court order or legitimate legal process.

Where service providers process personal data on our behalf, we expect them to apply appropriate confidentiality, security and data protection obligations.

13. International Transfers

AYSA may use service providers located in countries other than your own. Where personal data is transferred internationally, we aim to use appropriate safeguards required by applicable law, such as contractual protections or adequacy mechanisms.

14. Data Retention

We keep personal data for as long as needed to provide the service, maintain account records, comply with legal obligations, resolve disputes, enforce agreements, secure the platform and maintain audit or action history.

Retention periods depend on the type of data. For example, billing records may be kept for tax and accounting requirements, while some technical logs may be kept for shorter operational periods.

15. Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration and disclosure. These measures may include access controls, encryption in transit, logging, monitoring, backups and limited internal access.

No online service can guarantee absolute security. If you believe your account or data has been compromised, contact us immediately at contact@aysa.ai.

16. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, request portability, withdraw consent, or lodge a complaint with a data protection authority.

To exercise privacy rights, contact us at contact@aysa.ai. We may need to verify your identity before responding to certain requests.

If AYSA processes data on behalf of one of our business customers, we may direct your request to that customer where they are the controller of the data.

17. Children’s Privacy

AYSA is intended for business and professional use. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us so we can review and take appropriate action.

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we may update the “Last updated” date, post a notice, or notify users through appropriate channels.

19. Contact

For privacy questions, data requests or security concerns, contact AYSA at contact@aysa.ai.