SEMANTYX
Back to Semantyx

Privacy Policy

Last updated May 30, 2026

This Privacy Policy explains what data Semantyx collects, how we use it, who we share it with, and the rights you have over your information. We try to write this plainly — if anything here is unclear, email privacy@semantyxintel.com and we'll clarify.

1. Who we are

Semantyx (“Semantyx,” “we,” “us”) provides an AI-powered SEO audit and remediation platform at semantyxintel.com. We are the data controller for personal information we collect about visitors to our site and registered users of our service.

2. Data we collect

2.1 Information you give us directly

  • Account info: name, email address, and password when you sign up. We use Clerk as our authentication provider; see Section 6 for what Clerk processes on our behalf.
  • Billing info: card details, billing address, and tax information. We do not store card numbers ourselves — Stripe processes and stores them. We retain only the last four digits and card brand for display.
  • Project info: the URLs of websites you ask us to audit, and any GitHub repository, owner, branch, and personal access token you provide to enable Apply-Fix PR creation.
  • Affiliate info: if you join our affiliate program, PayPal email address and any other payment details you give us so we can pay you commissions.
  • Support correspondence: emails and chat messages you send us, including attachments. We keep these so we can provide continuity of support.

2.2 Information we collect automatically

  • Crawl data: when you audit a website, our crawler fetches public pages on that site and stores the HTML, headers, status codes, and extracted SEO signals. We treat this as your data, scoped to your organization.
  • Usage data: features you use, how often, basic performance metrics (page load times, errors). Used to fix bugs and prioritize what to build next.
  • Device data: browser type, OS, IP address (first three octets only — last octet truncated to zero), screen size.
  • Referral data: if you arrived via an affiliate link, we store a cookie with the affiliate code for 60 days so the referring affiliate gets credit if you eventually sign up.

2.3 What we do NOT collect

  • Full payment card numbers (Stripe handles those)
  • Social security numbers, government IDs, or biometric data
  • Sensitive personal data (race, religion, health, political views)
  • Voice recordings or video

3. How we use your data

We use your data for these specific purposes only:

  • To run the service. Crawl the URLs you submit, generate audits, run AI fixes, open GitHub Pull Requests on your repos when you initiate Apply Fix.
  • To bill you. Send Stripe the charge details when you subscribe, cancel, or update your card.
  • To support you. Respond to support emails, debug your reported issues, send transactional emails (welcome, receipts, password resets).
  • To improve the product. Aggregate usage data (with PII stripped) to understand what features matter.
  • To pay affiliates. Match incoming subscriptions to referral cookies and accrue commissions.
  • To prevent abuse. Detect spammers, prevent fraudulent payments, throttle malicious crawls.

We do not sell your data, share it with advertisers, or use it to train external AI models. The crawls you run are private to your organization.

4. AI processing of your data

Semantyx uses Anthropic's Claude API to generate fix suggestions and Copilot replies. When you trigger an AI fix or Copilot conversation, we send to Anthropic:

  • The relevant page HTML or extracted content (the “input”)
  • The specific issue context (rule, title, description)
  • For Apply Fix only: the contents of the source file being patched

Per Anthropic's API terms, this data is not used to train their models and is retained for a limited time for abuse-prevention only.

5. Cookies

We use the following first-party cookies. We do not use third-party advertising cookies.

  • __session — Clerk auth session. Required to keep you signed in.
  • smx_ref — affiliate referral attribution. Stores a partner code if you arrived via an affiliate link; expires after 60 days.
  • smx_vid — opaque visitor id for affiliate click dedupe; expires after 60 days.

6. Sub-processors

We rely on a small set of vendors to run the service. Each is bound by a Data Processing Agreement and processes data only on our instructions:

  • Clerk — user authentication (email, hashed password, sign-in metadata). United States.
  • Stripe — payment processing. PCI Level 1 certified. United States, Ireland.
  • Anthropic — Claude AI for generating fix suggestions and Copilot replies. United States.
  • Railway — application + database hosting. United States.
  • Cloudflare — DNS, CDN, security. Global.
  • GitHub — only when you connect a repo for Apply Fix. The PAT you provide is scoped to that purpose.
  • Resend — transactional email delivery (welcome, receipts). United States.

7. Data retention

  • Account data is kept for as long as your account is active, plus 30 days after you close it (for recovery in case of accident).
  • Crawl data is kept for 90 days, then auto-deleted.
  • Stripe invoices and billing records are retained for 7 years for tax compliance.
  • Support correspondence is kept for 2 years.
  • Aggregated, anonymized usage statistics are retained indefinitely.

8. Your rights

Depending on where you live, you have rights over your personal data. We honor these for all users regardless of location:

  • Access. Request a copy of the data we hold about you.
  • Correction. Ask us to fix inaccurate data.
  • Deletion. Ask us to delete your data (subject to legal retention requirements for billing records).
  • Portability. Request your data in a machine-readable format.
  • Objection. Tell us to stop processing your data for any purpose other than running your account.

To exercise any of these rights, email privacy@semantyxintel.com. We respond within 30 days.

9. International transfers

Semantyx operates from the United States. By using our service, you consent to your data being transferred to and processed in the United States. For EU/UK users, we rely on the Standard Contractual Clauses (SCCs) as our transfer mechanism with our sub-processors.

10. Security

We take security seriously and implement industry-standard protections:

  • HTTPS / TLS 1.3 for all data in transit
  • Encryption at rest for our database
  • Role-based access control inside Semantyx — engineers access customer data only when necessary for support, with audit logs
  • Quarterly internal access reviews
  • Vendor security reviews before adding new sub-processors

No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours of discovery and explain what happened.

11. Children

Semantyx is not intended for use by anyone under 16. We do not knowingly collect data from children. If you believe we've collected data from a child, email us and we will delete it.

12. Changes to this policy

We may update this policy when our practices change. We'll notify active users by email at least 14 days before material changes take effect, and update the “Last updated” date at the top of this page.

13. Contact

Questions, concerns, or rights requests: privacy@semantyxintel.com.