Privacy Policy

Last updated: April 22, 2026

This policy applies to AutoSync AI, SEO Handoff, Computer Spy AI, Pristine Site, and AccessGuard — products operated by Computer Spy AI LLC. We're going to keep this short and in plain language. Lawyers may grumble; that's fine.

1. What we collect

Different products collect different things. Specifically:

If you use any product (account-level)

• Your email address
• Your business name + domain
• Stripe customer ID + last-4 of payment card (Stripe holds the full number, not us)
• Login timestamps + IP addresses (90-day retention)

If you use AutoSync AI (cloud automations via Google OAuth)

• Read access to your Google Calendar (free/busy slots only — we don't read event subjects)
• Send-only access to your Gmail (we never read incoming mail)
• Create-only access to Google Docs and Sheets we generate (file-scoped — we can't see your other Drive files)
• Your Google account email + name (so we know who connected)

If you use Computer Spy AI (desktop agent)

• Active window app name (e.g., "Outlook", "Chrome")
• Window title — or "[REDACTED-HIPAA]" if your account is HIPAA-flagged
• Browser URL host (e.g., "https://gmail.com") — full path only for non-HIPAA accounts
• Active vs. idle time per window
• Heartbeat timestamps (we know your agent is online)
• NOTHING ELSE: no keystrokes, no screenshots (unless you explicitly enable that feature), no microphone, no camera, no clipboard, no file contents

2. Why we collect it

• To deliver the service you paid for. Auto-replying to leads needs Gmail send. Booking pages need calendar free/busy. Activity tracking needs window data.
• To support you. If you email us "the auto-reply isn't firing," we look at logs.
• To improve the product. Aggregated, anonymized usage patterns. Never individual identifiable data.

3. Who sees it

• You. Always — every dashboard shows everything we have.
• Computer Spy AI LLC employees who need to see it to support you. Today that's 1 person (the founder). We log every access.
• Sub-processors who run our infrastructure: Vercel (web hosting), Supabase (database), Firebase (Computer Spy data), Stripe (payments), Resend (transactional email), Anthropic + Google + OpenAI (the AI models that draft your auto-replies). Each has their own privacy policy and Data Processing Agreement with us.
• Nobody else. We don't sell data. We don't share with advertisers. We don't do "business intelligence" deals.

4. Where it's stored

• United States (Vercel, Supabase, Firebase US-Central regions)
• Encrypted at rest (AES-256) and in transit (TLS 1.3)
• Backed up daily, 30-day retention on backups

5. How long we keep it

• Active customer: as long as your account is active
• 30 days after cancellation: we delete everything (you have 30 days to export or change your mind)
• Activity logs (Computer Spy): 90 days by default, or whatever retention your plan specifies
• Stripe billing records: 7 years, as required by US tax law

6. Your rights

You can — at any time, no questions, no friction:

• See everything we have on you — email hello@seohandoff.com with subject "Data export". We send a JSON file within 7 days.
• Delete everything — email with subject "Delete my data". We wipe within 7 days and confirm.
• Correct anything wrong — same email, subject "Fix my data".
• Stop us from using your data for AI training (we don't train on your data anyway, but if you want it in writing, we'll write it).
• Take your data with you to a competitor — we provide it in standard JSON.

7. HIPAA

If you're a Covered Entity under HIPAA, we will sign a Business Associate Agreement (BAA) with you before any of your data flows through us. Email hello@seohandoff.com with subject "BAA request" and we send our standard BAA (mirrors the HHS-published model BAA) within 24 hours.

For HIPAA-flagged accounts, our Computer Spy agent automatically redacts window titles and URL paths before upload. Your activity is reduced to app name + duration only. PHI never leaves your machine.

8. Cookies

We use one essential cookie (session ID) for keeping you logged in. We do not use tracking cookies, advertising cookies, third-party analytics that profile users, or social media trackers.

9. Children

Our products are not directed at anyone under 18. We don't knowingly collect data from children. If you believe we have, email us and we delete it.

10. Changes

If we materially change this policy, we email every active customer at least 30 days before the change takes effect. The current version always lives at this URL.

11. Contact

Computer Spy AI LLC
Email: hello@seohandoff.com

We wrote this in plain English on purpose. If anything is unclear or sounds like legalese fluff that doesn't mean what it should, email us and we'll fix it.