Privacy Policy

1. Introduction

Copylabs ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you use our AI content generation service.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Copylabs is the data controller responsible for your personal data. For any questions about this policy or your data, contact us at: hello@copylabs.app

3. Data We Collect

3.1 Account Information

• Email address: Used for account creation, authentication, and communication
• Full name: Optional, used for personalisation
• Company name: Optional, used for brand voice configuration

3.2 Payment Information

• Billing details: Processed securely by Stripe. We do not store your full credit card number.
• Transaction history: Records of purchases and credit usage

3.3 Content Data

• Input data: Topics, keywords, and instructions you provide for content generation
• Generated content: Articles and other content created for you
• Brand voice settings: Your configured tone, style, and terminology preferences

3.4 Technical Data

• Usage data: How you interact with our service
• Device information: Browser type, operating system (for support purposes)
• Log data: IP addresses, access times (for security and debugging)

3.5 Website Analysis Data

When you use our site analysis feature to get content topic suggestions:

• URLs submitted: The website addresses you provide for analysis
• Page content: Publicly available text content fetched from the URLs you submit. This content is processed in memory only and is not stored or retained after analysis is complete
• Generated suggestions: The topic suggestions produced from the analysis

We only fetch publicly accessible web pages and respect robots.txt directives. We do not access password-protected content, private pages, or any content not freely available on the public internet.

4. How We Use Your Data

We use your personal data for:

• Service delivery: Generating content based on your inputs, and analysing websites you submit to provide topic suggestions
• Account management: Authentication and account administration
• Billing: Processing payments and managing subscriptions
• Communication: Service updates, support responses, and important notices
• Improvement: Analysing usage patterns to improve our service
• Security: Detecting and preventing fraud or abuse

5. Legal Basis for Processing (GDPR)

We process your data based on:

• Contract: Processing necessary to provide the service you signed up for, including analysing websites you submit for content suggestions
• Legitimate interests: Improving our service, security, and fraud prevention
• Consent: Where you have given explicit consent (e.g., marketing emails)
• Legal obligation: Compliance with applicable laws

6. Third-Party Services

We share data with the following third parties to provide our service:

These providers are contractually bound to protect your data and only use it for the specified purposes. We do not sell your personal data to third parties.

7. Data Retention

• Account data: Retained while your account is active, then deleted within 30 days of account deletion
• Generated content: Retained until you delete it or close your account
• Payment records: Retained for 7 years for legal and tax compliance
• Technical logs: Retained for 90 days for security and debugging
• Website analysis data: Fetched page content is processed in memory only and not retained. URLs you submit are logged as part of standard request logs (retained for 90 days)

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Request your data in a machine-readable format
• Restriction: Request limited processing of your data
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at hello@copylabs.app. We will respond within 30 days.

9. Cookies

We use essential cookies for:

• Authentication: Keeping you logged in (Supabase auth cookies)
• Session management: Maintaining your session state

These cookies are strictly necessary for the service to function and cannot be disabled. We do not use tracking or advertising cookies.

10. Data Security

We protect your data through:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest (database encryption)
• Access controls and authentication
• Regular security audits
• Secure payment processing via Stripe (PCI DSS compliant)

11. International Transfers

Your data may be processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, such as:

• EU-approved Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Certification schemes (e.g., EU-US Data Privacy Framework)

12. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

14. Complaints

If you have concerns about how we handle your data, please contact us first at hello@copylabs.app. You also have the right to lodge a complaint with your local data protection authority. In Ireland, this is the Data Protection Commission (DPC).

15. Contact Us

For any privacy-related questions or to exercise your rights, contact us at: