Semly Pro

Privacy Policy

Last updated: June 17, 2026

Effective date: June 17, 2026

Summary: Semly Pro processes your SEO data, generated content, and analytics to provide our Services. We do not sell your data or use it to train AI models. You control your data and can export or delete it at any time. This policy explains our practices in detail.

1. Who We Are

Semly Pro (Amsterdam, Netherlands) provides an AI-powered SEO content optimization platform. This Privacy Policy covers data processed through:

Data Controller: Semly Pro acts as the data controller for your account data and as a data processor for personal data you process through our Services (see our Data Processing Agreement).

Contact: For privacy questions, contact our Data Protection Officer at privacy@semlypro.com or dpo@semlypro.com.

2. Information We Collect

2.1 Account Information (Controller)

When you create an account, we collect:

2.2 SEO Workspace Data (Mixed Controller/Processor)

When you use our Services, we process:

Note: For SEO workspace data that includes personal data about your end-users (e.g., analytics data with IP addresses), you act as the controller and we act as your processor under our Data Processing Agreement.

2.3 CMS Integration Data (Processor)

When you connect CMS platforms, we collect:

Supported CMS: WordPress, Sanity, Contentful, Ghost, Webflow, Shopify, HubSpot, Strapi, Storyblok, Hygraph, DatoCMS, Prismic, Framer.

2.4 MCP Connector Data (Processor)

When you connect AI assistants (Claude, ChatGPT) via our MCP server, we collect:

Important: Data you share with AI assistants is also processed by their providers (Anthropic, OpenAI) under their privacy policies.

2.5 Usage and Technical Data (Legitimate Interest)

We automatically collect:

2.6 Cookies and Tracking (Consent/Legitimate Interest)

We use cookies for:

See our Cookie Policy for details. Manage your cookie preferences through our consent banner.

2.7 Free Demo and Preview Pages (Legitimate Interest / Consent)

When you generate or view a free demo article on our public pages (e.g. content-pro-trial, try, and shared demo/preview links, which need no account), we collect:

We process this on the basis of legitimate interest, and rely on your consent for marketing emails. You can withdraw consent or request deletion at any time, see Section 7 and our GDPR rights page.

3. How We Use Information

3.1 To Provide the Services (Contractual Necessity)

3.2 To Improve and Secure the Services (Legitimate Interest)

3.3 To Communicate with You (Contractual Necessity / Legitimate Interest)

3.4 To Comply with Legal Obligations (Legal Requirement)

3.5 What We Do NOT Do

We do NOT:

4. How We Share Information

4.1 Sub-processors (Necessary for Service Provision)

We share data with the following categories of sub-processors:

CategoryProvidersPurpose
InfrastructureVercel, Supabase, UpstashHosting, database, caching
AI ProvidersAnthropic, OpenAI, Microsoft, GoogleContent generation
AnalyticsGoogle (GA4, GSC, Ads)SEO data integration
PaymentsStripe, RazorpayPayment processing
MonitoringSentry, AxiomError tracking, security logs
CommunicationsResendTransactional emails

See our complete Sub-processors List with data locations and data protection measures. We provide 30 days advance notice before adding new sub-processors.

4.2 CMS Publishing (Your Instruction)

We send content to your connected CMS platforms only when you explicitly confirm publication. You control which CMS to use and what to publish.

4.3 Legal Requirements

We may disclose data when required by law or to:

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you and ensure the recipient honors this Privacy Policy.

5. International Data Transfers

5.1 Data Storage Location

Personal data is primarily stored in ap-south-1 (Mumbai, India) on Supabase PostgreSQL infrastructure. Some sub-processors store data in other regions (see Sub-processors List).

5.2 Transfer Safeguards

For transfers from the EU/EEA, UK, or Switzerland to third countries, we use:

See our Data Processing Agreement Section 4 for full details on international transfer mechanisms.

6. Data Storage and Security

6.1 Security Measures

We implement industry-standard security measures:

See our Security Practices page for more details.

6.2 Data Breach Notification

In the event of a data breach, we will notify affected users and supervisory authorities within 72 hours as required by GDPR Article 33. Notifications will be sent to your registered email address.

7. Data Retention

7.1 Account Data

We retain account data for:

7.2 SEO Workspace Data

Workspace data is retained according to your plan:

7.3 Logs and Analytics

7.4 Legal Holds

We may retain data longer if required by legal hold, litigation, investigation, or regulatory requirement. We will notify you if such retention applies to your data.

8. Your Rights

8.1 GDPR Rights (EU/EEA/UK Residents)

Under GDPR and UK GDPR, you have the right to:

Exercise your rights through our GDPR Rights Request Form or by emailing privacy@semlypro.com.

8.2 CCPA Rights (California Residents)

Under California Consumer Privacy Act (CCPA), you have the right to:

California residents can submit requests at privacy@semlypro.com or through our rights request form.

8.3 Response Timeframe

We will respond to rights requests within 30 days as required by GDPR Article 12(3). For complex requests, we may extend by an additional 30 days with notice.

9. Children's Privacy

Our Services are not directed to children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us at privacy@semlypro.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Changes take effect 30 days after notice. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

11. Contact and Supervisory Authority

11.1 Contact Us

Semly Pro Privacy Team

Privacy: privacy@semlypro.com

DPO: dpo@semlypro.com

Address: Amsterdam, Netherlands

11.2 Supervisory Authority

If you are in the EU/EEA, you have the right to lodge a complaint with your data protection authority. For Netherlands:

Autoriteit Persoonsgegevens (Dutch DPA)
Website: autoriteitpersoonsgegevens.nl
Phone: (+31) - (0)70 - 888 85 00


Related legal documents:
Terms of Service | Data Processing Agreement | Cookie Policy | Sub-processors List | Exercise Your Rights