Privacy Policy

1. Introduction

Digimeri OÜ ("we", "our", or "us") operates Soro, an AI-powered SEO content generation platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly when using our Service:

• Account Information: Name, email address, password, company name
• Billing Information: Payment details, billing address (processed securely through third-party payment processors)
• Profile Information: Brand preferences, style guides, target audience details
• Website Information: Your website URL, content, and integration credentials
• Communications: Messages, support requests, and feedback you send us

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

• Usage Data: Features used, time spent, actions taken, content generated
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, errors, and other system activity
• Cookies and Similar Technologies: See Section 6 for details

2.3 Content and Files

• Brand assets and images you upload
• Content from your website that we analyze
• Keywords and topics you specify
• Generated articles and their performance data

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 To Provide the Service

• Generate AI-powered content tailored to your brand
• Conduct keyword research and SEO optimization
• Publish content to your integrated platforms
• Create AI-generated images for your content
• Provide customer support and respond to inquiries

3.2 To Improve and Develop the Service

• Analyze usage patterns to improve features
• Train and improve our AI models
• Develop new features and functionality
• Conduct research and testing

3.3 For Business Operations

• Process payments and prevent fraud
• Send service updates and important notices
• Comply with legal obligations
• Enforce our Terms of Service

3.4 Marketing (with your consent)

• Send promotional emails about new features
• Provide information about updates and offerings
• You can opt-out of marketing communications at any time

Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract: To fulfill our agreement to provide the Service
• Legitimate Interest: To improve our Service and conduct business operations
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws and regulations

4. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who help us operate the Service:

• Cloud Hosting: AWS, Google Cloud, or similar providers
• Payment Processing: Stripe, PayPal, or other payment processors
• AI Services: OpenAI, Anthropic, or other AI providers for content generation
• Analytics: Services that help us understand usage patterns
• Customer Support: Help desk and communication tools

All service providers are bound by confidentiality agreements and data protection obligations.

4.2 Integration Partners

When you connect third-party platforms (WordPress, Shopify, etc.), we share data necessary to publish content to those platforms, as directed by you.

4.3 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our Terms of Service

4.4 Business Transfers

If we merge with, are acquired by, or sell assets to another company, your information may be transferred as part of that transaction.

5. International Data Transfers

We are based in Estonia (EU). Your data may be processed in the EU and other countries where our service providers operate.

When we transfer data outside the EU, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for the Service to function (login sessions, security)
• Performance Cookies: Help us understand how the Service is used
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Provide insights into usage patterns

You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality.

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide the Service while your account is active
• Comply with legal obligations (e.g., tax records for 7 years)
• Resolve disputes and enforce our agreements

When you close your account, we will delete or anonymize your personal data within 90 days, except where we must retain it for legal compliance.

8. Your Rights (GDPR & Data Protection)

Under GDPR and applicable data protection laws, you have the following rights:

8.1 Right to Access

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can update or correct inaccurate personal data through your account settings or by contacting us.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.

8.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

8.5 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at info@trysoro.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Limited access to personal data on a need-to-know basis
• Incident response procedures

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. AI and Content Generation

We use AI technologies to generate content. Please note:

• Your content and brand information may be used to train and improve our AI models
• We implement safeguards to prevent your proprietary information from being shared with other users
• Generated content is created using AI and should be reviewed before publication
• We use third-party AI services (e.g., OpenAI) subject to their privacy policies

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending an email notification to your registered address
• Displaying a prominent notice on our website

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. EU Representative

As we are established in the EU (Estonia), we do not require a separate EU representative under GDPR.