Privacy Policy
How we collect, use, and protect your information
Effective Date: March 7, 2026 • Last Updated: March 7, 2026
SEMalytics, Inc. ("SEMalytics," "we," "us," or "our") operates the COS (Communications Optimization System) platform and the semalytics.com website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
1. Information We Collect
Information You Provide
- Account Information: Name, email address, and company name when you create an account.
- Payment Information: Billing details processed securely through Stripe. We do not store credit card numbers on our servers.
- Content You Submit: Text, URLs, and files you submit for analysis. See Section 3 for how we handle your content.
Information Collected Automatically
- Usage Data: Pages visited, features used, analysis counts, and export formats selected.
- Device Information: Browser type, operating system, and screen resolution.
- Analytics: We use Google Analytics 4 (GA4) to understand how our site is used. GA4 data is aggregated and does not include personally identifiable information.
Cookies and Tracking
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management | Session |
| Analytics (GA4) | Site usage, feature adoption | Up to 14 months |
| Marketing (LinkedIn Insight) | Ad measurement and retargeting | Up to 180 days |
2. How We Use Your Information
- Provide, maintain, and improve the COS platform
- Process transactions and send billing-related communications
- Send product updates and feature announcements (you can opt out at any time)
- Analyze usage patterns to improve our service (aggregated, non-personal data only)
- Respond to support requests and customer inquiries
- Detect and prevent fraud, abuse, and security incidents
3. Your Content — Privacy by Design
Your content stays private. When you submit text, URLs, or files for analysis:
- Content is processed in real-time and is not stored after your analysis is complete, unless you explicitly save a conversation.
- Saved conversations are stored in your private account and are never shared with other users.
- We never use your content to train AI models.
- We never share your content with third parties.
- Analysis is performed via the Anthropic API. Anthropic's enterprise terms prohibit use of API inputs for model training. See Anthropic's Privacy Policy.
4. Data Sharing and Disclosure
We do not sell your personal information. We may share information only in these limited circumstances:
- Service Providers: Stripe (payments), Supabase (database hosting), Anthropic (AI analysis), Google (analytics), LinkedIn (ad measurement). Each provider is contractually bound to protect your data.
- Legal Requirements: When required by law, subpoena, or court order.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to you.
5. Data Security
- All data transmitted over HTTPS/TLS encryption
- Authentication managed via Supabase Auth with JWT tokens
- Row-Level Security (RLS) ensures users can only access their own data
- API keys and secrets stored in encrypted environment variables, never in client-side code
- Regular security reviews and dependency updates
6. Data Retention
- Account data: Retained while your account is active and for 30 days after deletion.
- Saved conversations: Retained until you delete them or close your account.
- Unsaved analyses: Not stored beyond the active session.
- Analytics data: Aggregated analytics retained for up to 14 months (GA4 default).
- Payment records: Retained as required by tax and financial regulations.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Update or correct inaccurate information.
- Deletion: Request deletion of your account and associated data.
- Export: Receive your data in a portable format.
- Opt Out: Unsubscribe from marketing emails at any time.
- Do Not Sell: We do not sell personal information. No opt-out action is required.
To exercise any of these rights, email privacy@semalytics.com.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To submit a request, email privacy@semalytics.com.
9. International Data Transfers
Our services are hosted in the United States. If you access our services from outside the United States, your information may be transferred to and processed in the United States. We rely on standard contractual clauses and service provider agreements to protect data transferred internationally.
10. Children's Privacy
COS is a B2B service not directed at individuals under 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices:
- Email: privacy@semalytics.com
- Company: SEMalytics, Inc.