Privacy Policy
Last Updated: March 14, 2025
1. Introduction
ArticleBot ("ArticleBot," "we," "us," or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at articlebot.io (the "Site") and use our software-as-a-service platform (the "Service").
Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.
This policy applies to all information collected through our website, platform, and any related services, sales, marketing, or events.
2. Who We Are
ArticleBot is operated by ArticleBot inc. ("the Company"), a corporation registered in Canada.
Contact:
- Email: privacy@articlebot.io
- Mailing Address: 35 Stone Church Rd W
If you are located in the European Economic Area (EEA) or the United Kingdom, the Company acts as the data controller of your personal information.
3. Information We Collect
3.1 Information You Provide Directly
When you register for or use ArticleBot, we collect:
- Account information: Full name, email address, password (stored as a bcrypt hash — we never store your plaintext password)
- Billing information: Payment method details processed by our payment processor (we do not store raw card numbers)
- Website configuration: Domain names, website names, brand settings, target audiences, publishing credentials, and content restrictions you enter into the platform
- Content: Article drafts, titles, SEO metadata, keyword lists, and any other content you create or generate using the Service
- Third-party API credentials: DataForSEO API keys and other integration credentials you optionally connect (stored encrypted at rest using AES-256-GCM)
- Communications: Any messages you send us via email, support tickets, or contact forms
3.2 Information Collected Automatically
When you access the Site or Service, we automatically collect:
- Log data: IP address, browser type and version, operating system, referring URLs, pages visited, time and date of access, and time spent on pages
- Device information: Device type, unique device identifiers, and mobile network information
- Usage data: Features used, actions taken within the platform, content generation activity, and publishing events
- Cookies and tracking technologies: See Section 9 (Cookies) below
3.3 Information from Third Parties
We may receive information about you from:
- Authentication providers if you sign in using a third-party service
- Payment processors (e.g., Stripe) — confirmation of payment status, billing country, and fraud signals
- Marketing platforms — if you interact with our ads or sign up via a partner referral
4. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Creating and managing your account | Performance of a contract |
| Providing and operating the Service | Performance of a contract |
| Processing payments | Performance of a contract |
| Sending transactional emails | Performance of a contract |
| Improving and developing the Service | Legitimate interests |
| Monitoring for fraud, abuse, and security threats | Legitimate interests |
| Complying with legal obligations | Legal obligation |
| Sending marketing communications (with your consent) | Consent |
| Analysing usage to understand how features are used | Legitimate interests |
We do not sell your personal information to third parties. We do not use your content (articles, keywords, brand settings) to train AI models.
5. AI and Third-Party Processing
ArticleBot uses third-party AI and data services to power the Service. When you request content generation or keyword data, your inputs (such as website niche, keywords, or content briefs) are transmitted to these providers:
5.1 xAI (Grok)
We use xAI's Grok API to generate article content, topic ideas, SEO briefs, and metadata. Inputs sent to xAI may include your website niche, target audience, keywords, and content parameters. xAI's use of this data is governed by xAI's Privacy Policy and Terms of Service. We do not transmit personal identifiers to xAI.
5.2 DataForSEO
We use DataForSEO to retrieve keyword search volumes, competition data, and SEO difficulty scores. Search queries (keywords and niche terms) are sent to DataForSEO's API. DataForSEO's use of data is governed by their Privacy Policy. No personal information is included in keyword queries.
5.3 Resend
We use Resend to deliver transactional emails (account confirmations, team invitations, password resets). Resend processes your email address solely to deliver these emails. Resend's privacy practices are governed by their Privacy Policy.
5.4 Hosting Infrastructure
The Service is hosted on Replit Inc.'s cloud infrastructure. Data at rest is encrypted. Replit's privacy practices are governed by the Replit Privacy Policy.
6. Sharing of Your Information
We do not sell, trade, or otherwise transfer your personal information to outside parties except in the following circumstances:
- Service providers: Trusted vendors who assist in operating our platform (payment processors, email providers, hosting providers, analytics tools) under confidentiality obligations
- Team members: If you invite team members to your ArticleBot account, they will have access to the websites, content, and settings you grant them access to under the permissions you configure
- Business transfers: In connection with a merger, acquisition, financing, or sale of all or a portion of our assets, your information may be transferred as part of that transaction
- Legal requirements: We may disclose your information if required to do so by law, court order, or governmental authority
- With your consent: We may share your information with third parties when you have given us explicit consent to do so
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Account data: Retained for the duration of your account, plus 90 days after account deletion
- Content and articles: Retained for the duration of your account. Deleted content is removed within 30 days from our backup systems
- Billing records: Retained for 7 years as required by applicable tax and accounting laws
- Log and usage data: Retained for up to 12 months
- API credentials: Deleted immediately upon account deletion
8. Data Security
We implement appropriate technical and organisational measures to protect your personal information, including:
- All passwords are hashed using bcrypt with a cost factor of 12 — we never store or transmit plaintext passwords
- Third-party API keys are encrypted at rest using AES-256-GCM with a derived key
- All data in transit is protected using TLS 1.2 or higher
- Database access is restricted to application servers only; no public access is permitted
- We conduct periodic security reviews of our infrastructure
However, no method of transmission over the Internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your information, we cannot guarantee absolute security.
9. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Service.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Session management, authentication, CSRF protection | Session |
| Functional | Remembering your preferences | 30 days |
| Analytics | Understanding how users interact with the Service | Up to 12 months |
| Marketing | Tracking conversions from ads | Up to 12 months |
10. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
10.1 All Users
- Access: Request a copy of the personal information we hold about you
- Correction: Request that we correct inaccurate or incomplete data
- Deletion: Request that we delete your personal information ("right to be forgotten")
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Where processing is based on consent, withdraw it at any time
How to Exercise Your Rights
To exercise any of the rights above, contact us at privacy@articlebot.io. We will respond within 30 days.
11. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@articlebot.io and we will delete such information promptly.
12. International Data Transfers
ArticleBot is operated from Canada. If you are located in the EEA, UK, or another jurisdiction with data transfer restrictions, your information may be transferred to and processed in countries that may not have the same data protection laws as your home country.
13. Third-Party Links
The Site and Service may contain links to third-party websites. We are not responsible for the content or privacy practices of any third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and notify you by email if the changes are material.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:
- Email: privacy@articlebot.io
- Subject line: Privacy Inquiry
- Response time: Within 5 business days