Privacy Policy
Algoist ("Algoist," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform at intelligence.algoist.com and our corporate website at algoist.com (collectively, the "Service"). Please read this policy carefully.
This policy is governed by and compliant with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario and Canadian provincial privacy legislation. It also includes disclosures for residents of the European Economic Area (EEA) under the General Data Protection Regulation (GDPR) and for California residents under the California Consumer Privacy Act (CCPA).
1. Who We Are
Algoist
550 Buckingham Blvd
Waterloo, ON N2T 2T8
Canada
Phone: (519) 930-7081
Email: [email protected]
Website: algoist.com
2. Information We Collect
2.1 Account and Registration Information. When you create an account, we collect:
- Name and email address
- Password (stored in encrypted form — we do not store plaintext passwords)
- Company or organization name
- Role within your organization
- Profile preferences (theme, notification settings)
2.2 Billing and Payment Information. When you purchase a subscription, we collect:
- Billing name and email address
- Billing address
- Payment method information
Payment details are processed and stored by our payment processor, Stripe, Inc. We do not store full card numbers on our servers. We store only the last four digits and card type provided by Stripe. By using the Service, you are also subject to Stripe's Privacy Policy.
2.3 Google Data (via OAuth). When you connect your Google accounts, we may request access to:
- Google Search Console (GSC): Search performance data (queries, pages, clicks, impressions, CTR, average position) for your connected properties
- Google Analytics 4 (GA4): Website traffic and engagement metrics for your connected properties
- Google Ads: Campaign performance and spend data for connected accounts
- Google Tag Manager (GTM): Tag configuration data for connected containers, used for analytics and tracking setup assistance
We access this data solely to provide the Service to you. Access and refresh tokens are stored in encrypted form. You can disconnect your Google accounts at any time through the platform's account settings.
2.4 Usage Data. We automatically collect information about your use of the Service, including:
- Pages visited and features used within the platform
- AI feature interactions and token consumption
- Date, time, and duration of activity
- Browser type and version
- IP address and approximate geographic location
- Error reports and diagnostic data
2.5 Content You Create. We store content you create within the platform, including:
- Articles, briefs, and content generated using our AI tools
- Task notes, comments, and team communications
- SEO optimization notes and analysis
- Uploaded images and files
- Keyword research, cannibalization analyses, and site structure data
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Provide, operate, and improve the Service | Contract performance / Consent |
| Process subscription payments and manage billing | Contract performance |
| Send transactional emails (account, billing, security) | Contract performance |
| Analyze usage to improve features and performance | Legitimate interest |
| Detect and prevent fraud or abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Send product updates and marketing communications | Consent (opt-out available) |
| Power AI-driven features by transmitting relevant context to third-party AI providers | Consent (see Section 6) |
4. How We Share Your Information
We do not sell your personal data. We may share information in the following circumstances:
- Service Providers: We share data with trusted third-party vendors necessary to operate the Service. See Section 5 for our primary providers.
- AI Providers: Certain features send relevant portions of your data to third-party AI APIs for processing. See Section 6 for full disclosure.
- Business Transfers: If Algoist is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
- Legal Requirements: We may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of Algoist, our users, or the public.
- With Your Consent: We may share your information for any other purpose with your explicit consent.
5. Third-Party Service Providers
The following third-party providers may process your data as part of delivering the Service:
| Provider | Purpose | Data Involved |
|---|---|---|
| Stripe, Inc. | Payment processing | Billing info, payment method |
| Amazon Web Services (AWS) | Image CDN and file storage (S3 + CloudFront) | Uploaded and AI-generated images |
| GSC, GA4, Ads, GTM platform integrations | OAuth tokens, search/analytics/ads data | |
| Google BigQuery | Advanced analytics data warehousing (where configured) | Aggregated analytics and performance data |
| OpenAI | AI content generation and analysis | Keywords, article topics, site context (see §6) |
| Anthropic (Claude) | AI content analysis and recommendations | Keywords, article topics, site context (see §6) |
| Google (Gemini) | AI features where applicable | Keywords, article topics, site context (see §6) |
| Cloudways | Application hosting and server infrastructure | All application data |
6. AI Processing — Full Disclosure
Algoist uses multiple third-party artificial intelligence APIs to power features such as content generation, keyword analysis, cannibalization detection, SEO recommendations, and optimization assessments. When you use these AI-powered features, relevant data from your account — including but not limited to keywords, article topics, domain information, search performance data, and client site content — may be transmitted to one or more of the following AI providers for processing:
- OpenAI (GPT-4o) — API Data Usage Policy
- Anthropic (Claude) — Privacy Policy
- Google (Gemini) — Privacy Policy
We take the following steps to minimize exposure:
- We do not send personal identifiers (names, email addresses, billing information) to AI providers unless they are directly part of the content you are asking the AI to process
- We do not send raw OAuth tokens, payment information, or Google Analytics personal-level data to AI providers
- Data sent to AI providers is limited to the minimum context required for the feature being used
By using AI-powered features of the Service, you acknowledge and consent to the transmission of relevant data to these providers as described above. To opt out or inquire about available options, contact [email protected].
7. Google API Data — Limited Use Disclosure
Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google data only to provide or improve the features described in this policy and our Terms of Service
- We do not use Google data for advertising or to train AI models beyond improving features directly visible to you
- We do not sell, rent, or transfer Google user data to third parties
- We do not use Google data to build user profiles for purposes unrelated to the Service
- Google user data is never transmitted to AI providers in identifiable, user-linked form
8. Amazon Web Services (AWS) — Image Storage
Images generated by our AI tools and images you upload manually are stored in Amazon Web Services S3 buckets and served via Amazon CloudFront CDN with Origin Access Control (OAC). Your images are stored in a private bucket accessible only through CloudFront. AWS's data processing is governed by the AWS Privacy Notice.
9. Google BigQuery
Where clients have BigQuery enabled, aggregated analytics and performance data may be exported to Google BigQuery for advanced reporting. Personal data is not exported to BigQuery except where explicitly required for a reporting function you have configured and consented to.
10. Cookies and Tracking
We use essential session cookies to maintain your login state and preferences. We use Google Tag Manager (GTM) to manage analytics and tracking tags on our properties. Through GTM we may deploy:
- Google Analytics 4 (GA4): For understanding how users interact with our websites. Data is collected in aggregated and anonymized form where possible.
- Google Ads Conversion Tags: To measure the effectiveness of our advertising campaigns.
You may opt out of analytics tracking through your browser settings or by using the Google Analytics Opt-out Browser Add-on. We do not use third-party advertising cookies beyond Google's ecosystem.
11. Data Retention
We retain your personal information for as long as your account is active or as necessary to provide the Service. If you close your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal or compliance purposes, or to resolve disputes or enforce our agreements.
Billing records may be retained for up to 7 years for tax and accounting purposes in accordance with applicable Canadian law.
12. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encrypted data transmission (HTTPS/TLS)
- Encrypted storage of sensitive credentials (API tokens, OAuth refresh tokens)
- Encrypted password storage (bcrypt hashing)
- Private S3 bucket configuration with CloudFront OAC access control
- Role-based access controls within the platform
- Regular security monitoring and logging
No system is completely secure. We cannot guarantee absolute security of information transmitted to or stored on our systems.
13. Your Privacy Rights
🇨🇦 Canadian Residents — PIPEDA
Under PIPEDA and applicable provincial legislation, you have the right to access, correct, and withdraw consent to processing of your personal data. You may also lodge a complaint with the Office of the Privacy Commissioner of Canada.
🇪🇺 EEA / EU / UK Residents — GDPR
If you are located in the European Economic Area, the European Union, or the United Kingdom, you have the following rights under the GDPR:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data ("Right to be Forgotten")
- Right to Restriction: Request we limit processing of your data
- Right to Data Portability: Request transfer of your data to another service
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Where processing is based on consent
- Right to Complain: Lodge a complaint with your local Data Protection Authority
Our legal bases for processing under GDPR are: contractual necessity, legitimate interests, legal obligation, and consent (for marketing and AI processing).
🇺🇸 California Residents — CCPA
If you are a California resident, you have the following rights under the CCPA:
- Right to Know: Request disclosure of what personal information we collect and share
- Right to Delete: Request deletion of personal information collected from you
- Right to Opt-Out of Sale/Sharing: We do not sell your personal data. You may opt out of the "sharing" of personal data for cross-context behavioral advertising
- Right to Correction: Request correction of inaccurate personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To submit a CCPA request, contact us at [email protected]. We will verify your identity before processing the request.
To exercise any of the rights above, contact us at [email protected] or (519) 930-7081. We will respond within 30 days.
14. Canadian Anti-Spam Legislation (CASL)
We comply with Canada's Anti-Spam Legislation (CASL). We only send commercial electronic messages (CEM) to you where we have your express or implied consent. Every commercial email includes a clear and working unsubscribe mechanism. To withdraw consent to receive marketing communications, click "Unsubscribe" in any marketing email or contact us directly.
15. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.
16. International Data Transfers
As a Canadian company, our primary data processing occurs within Canada and the United States. Some data may be processed by our third-party providers (including OpenAI, Anthropic, AWS, and Stripe) in servers located in the United States or other jurisdictions. For transfers from the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards. By using the Service, you acknowledge that your data may be processed outside of Canada.
17. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party sites you visit.
18. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
19. Contact — Privacy Officer
Algoist
550 Buckingham Blvd
Waterloo, ON N2T 2T8
Canada
Phone: (519) 930-7081
Email: [email protected]
Website: algoist.com