We are committed to protecting your privacy and personal data.
đ Last updated: November 30, 2025
This Privacy Policy explains how ZII Ltd ("we", "us", or "our") collects, uses, discloses, and safeguards your information when you use our AutoSEO service and website.
Data Controller: ZII Ltd is a company registered in England and Wales (Company Number: [PENDING]). Our registered office is located at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.
We are committed to protecting your privacy and complying with applicable data protection laws, including the UK GDPR (General Data Protection Regulation) and the Data Protection Act 2018.
Your Rights Under UK GDPR:
This Policy explains your rights regarding your personal data and how we process it. If you have any questions, please contact our Data Protection Officer at [email protected].
We collect the following personal information:
We automatically collect certain information when you use our Service:
We process your personal data for the following purposes and on the following legal bases:
đ To Provide and Maintain Our Service
Legal Basis: Contract Performance (Article 6(1)(b) UK GDPR)
This includes generating AI content, publishing to WordPress, managing your account, and providing customer support.
đŗ To Process Payments and Manage Subscriptions
Legal Basis: Contract Performance (Article 6(1)(b) UK GDPR)
We process payment information through Stripe to fulfill our contractual obligations.
đ§ To Communicate About Your Account and Services
Legal Basis: Contract Performance (Article 6(1)(b) UK GDPR) and Legitimate Interests (Article 6(1)(f) UK GDPR)
We send service updates, billing notifications, and respond to your inquiries.
đ To Analyze and Improve Our Service
Legal Basis: Legitimate Interests (Article 6(1)(f) UK GDPR)
We have a legitimate interest in understanding how users interact with our Service to improve functionality and user experience.
đ¯ Marketing Communications (Optional)
Legal Basis: Consent (Article 6(1)(a) UK GDPR)
We only send marketing emails if you have explicitly opted in. You can withdraw consent anytime by clicking "unsubscribe" in any email.
âī¸ To Comply with Legal Obligations
Legal Basis: Legal Obligation (Article 6(1)(c) UK GDPR)
We process data where required by law, including tax and accounting requirements.
When we generate content for you using AI services, we process your website URL and business information. This processing is necessary to perform our contract with you and is done on the legal basis of contract performance.
Note: AI-generated content is owned by you. We retain copies only for service delivery and improvement purposes as described in our Terms and Conditions.
We use cookies and similar tracking technologies to enhance your experience and analyze usage patterns. Specifically, we use:
We use three main analytics tools to improve your experience
đ Global Analytics Platform
We use Google Analytics to understand how visitors interact with our website. This helps us improve our service and user experience.
Google Analytics collects information about:
đ Privacy-First Analytics
We use Matomo for website analytics and user behavior tracking. Unlike Google Analytics, Matomo is hosted on our own servers, giving us greater control over your data.
Matomo helps us understand:
đ User Experience Insights
We use Mouseflow to record and analyze user interactions on our website.
This includes:
Your Privacy Controls and Cookie Consent
Important: We will ask for your consent before activating non-essential tracking technologies like Mouseflow.
You can:
Mouseflow records user sessions including mouse movements, clicks, scrolling, and pages visited. This data helps us understand how users interact with our website.
What Mouseflow Does NOT Record:
You can opt out: We will only activate Mouseflow if you consent through our cookie banner, and you can withdraw consent anytime.
Essential Cookies (No Consent Required):
Non-Essential Cookies (Require Consent):
đ We Never Sell Your Data
We do not sell, trade, rent, or otherwise transfer your personal information to third parties for their marketing purposes.
We share your data with the following trusted third-party service providers who assist us in operating our Service. These providers act as data processors under UK GDPR and are contractually bound to protect your data:
đ¤ AI Content Generation
Providers: OpenAI (ChatGPT API) and Anthropic (Claude API)
Data Shared: Website URL, business information, content generation requests
Purpose: Generate SEO-optimized content for your website
Location: USA - Data may be processed outside UK/EEA (see Section 9 on International Transfers)
đŗ Payment Processing
Provider: Stripe, Inc.
Data Shared: Email, name, payment card details (directly to Stripe), billing address
Purpose: Process subscription payments and manage billing
Note: We never store your payment card details - they go directly to Stripe's secure servers
Location: USA - Stripe maintains UK GDPR-compliant data processing agreements
đ Analytics Services
Providers: Google Analytics, Matomo (self-hosted)
Data Shared: IP address (anonymized), pages visited, browser info, device info
Purpose: Understand website usage and improve user experience
Location: Google Analytics (USA), Matomo (UK - self-hosted)
đ Session Recording
Provider: Mouseflow
Data Shared: Mouse movements, clicks, scrolling behavior, page navigation (sensitive fields masked)
Purpose: Understand user interaction patterns to improve website design
Legal Basis: Consent (only activated if you consent via cookie banner)
Location: Denmark/EU - GDPR compliant
We may disclose your personal information if required to do so by law or in response to:
In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
We retain your personal information only for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods are:
đ¤ Account Information
Retention Period: While your account is active + 30 days after account closure
After 30 days, account data is permanently deleted unless retention is required by law (e.g., tax, accounting, or legal requirements which may extend retention to 7 years)
đ Generated Content
Retention Period: While your account is active + 90 days after account closure
You own the generated content. After account closure, we retain a copy for 90 days to allow reactivation, then permanently delete unless you request earlier deletion
đŗ Payment and Billing Information
Retention Period: Handled by Stripe - we do not store payment card details
Billing Records: 7 years (required by UK tax law)
We retain transaction records, invoices, and billing addresses as required by HMRC regulations
đ Analytics and Cookie Data
Google Analytics: 26 months (configured setting)
Matomo: 24 months
Mouseflow: 6 months
After these periods, data is automatically deleted or aggregated and anonymized
đ§ Communication Records
Retention Period: 3 years from last communication
Includes customer support tickets, emails, and chat logs to maintain service quality and resolve disputes
đ Logs and Security Data
Retention Period: 90 days
Server logs, security logs, and access logs retained for security and fraud prevention purposes
Legal Hold Exception
If we receive a legal request, are involved in litigation, or have reason to believe data relates to illegal activity, we may retain data beyond normal retention periods as required or permitted by law.
Request Early Deletion
You can request deletion of your data at any time by contacting us at [email protected]. We will comply with your request within 30 days, subject to legal retention requirements.
Under applicable data protection laws, you have the following rights:
đ Where Your Data Is Stored
As a UK-based company, your data is primarily stored and processed within the United Kingdom. However, some of our service providers operate in other countries, including outside the UK and European Economic Area (EEA).
We ensure appropriate safeguards are in place when data is transferred internationally, as required by UK GDPR.
Some of our key service providers are located in the United States:
đ¤ OpenAI and Anthropic (AI Content Generation)
Safeguards:
đŗ Stripe (Payment Processing)
Safeguards:
đ Google Analytics
Safeguards:
đ Mouseflow (Denmark)
Location: Denmark (within EEA)
Safeguards: No additional safeguards required - Denmark is subject to UK GDPR adequacy decision (EEA country)
You have the right to:
To exercise these rights or for more information, contact our Data Protection Officer at [email protected]
Important Note on US Data Transfers
Following the Schrems II decision, we rely on Standard Contractual Clauses and additional safeguards for transfers to the United States. We regularly review and update our data transfer mechanisms to ensure compliance with evolving UK and EU data protection requirements.
Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.
If you have any questions about this Privacy Policy or our data practices, please contact us:
If you are not satisfied with how we handle your personal information, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK data protection regulator. You can contact the ICO at:
If you have any questions about this Privacy Policy or our data practices, please contact us:
If you are not satisfied with how we handle your personal information, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK data protection regulator.
đ This Privacy Policy was last updated on November 30, 2025.