Privacy Policy
Last updated: 29-05-2026 · v2.2
Summary of Key Provisions
- We are LadyinTechverse, based in Singapore. We run the AI SEO Agent at
seoagent.ladyintechverse.com. - We collect the minimum data needed to run the service: your account email and password, the URLs you audit, and the audit results we generate for you.
- Paid Visibility Engine summaries are private account metadata and are not added to shared product RAG or training data.
- We never store your raw IP address. We hash it (SHA-256) to enforce free-tier limits and prevent abuse.
- We honour your rights under Singapore PDPA, EU GDPR and UK GDPR. You can access, correct, export or delete your data at any time.
- We use a default-denied cookie banner. Analytics, heatmaps and marketing trackers fire only after you consent.
1. Who we are
The controller of your personal data is LadyinTechverse, Singapore.
For all privacy matters, use the official contact form: LadyinTechverse contact form.
We do not publish a postal address. The form is the official channel for all data-protection enquiries, rights requests and complaints.
2. Data we collect
2.1 Account data
- Email address
- Password (stored as a one-way hash; we never see the plaintext)
- Name (if you provide one)
2.2 Audit data
- URLs you submit for SEO auditing
- Audit reports we generate for you (scores, signals, recommendations)
2.3 Visibility Engine data (paid users only)
- Source URLs, page titles, page types, short excerpts, content hashes, skill outputs, context tree data and executive summaries from up to 20 public same-origin pages connected to a completed audit
- We do not store raw HTML long term, and Visibility Engine outputs are not added to shared product RAG or model training data
2.4 Technical data
- A SHA-256 hash of your IP address (for rate limiting and abuse prevention; we never store the raw IP)
- Browser type and approximate region (for routing to the correct AI provider)
2.5 Payment data (Pro Monthly / Pro Annual only)
- Your email address and Gumroad license key
- We do not receive or store your card details. Payment is processed entirely by Gumroad.
2.6 Cookies and tracking
See section 9 (Cookies).
3. Why we collect it (lawful basis)
| Data | Purpose | Lawful basis (GDPR / PDPA) |
|---|---|---|
| Account email + password | Authenticate you, deliver the service | Contract (GDPR Art 6(1)(b)) / Consent (PDPA s.13) |
| Audit URLs + results | Run audits, deliver paid features | Contract |
| Visibility Engine summaries | Deliver private company context, dashboard chat explanations and Fix Pack strategy notes for paid users | Contract |
| Hashed IP | Enforce free-tier limit (3 audits/month/IP), prevent abuse | Legitimate interest (GDPR Art 6(1)(f)) |
| Email for billing | Process Gumroad payments, send receipts | Contract |
| Analytics, heatmaps, marketing tags | Understand product usage, improve service | Consent (GDPR Art 6(1)(a) + PECR) |
4. Data extracted during crawls
When you submit a URL, our crawler fetches public pages from that site. We respect robots.txt, identify ourselves with the user agent LITV-AISEOAgent/2.0 (+https://seoagent.ladyintechverse.com/bot), wait at least 2 seconds between requests, crawl no more than 10 pages for a standard audit, and crawl no more than 20 same-origin public pages for a paid Visibility Engine activation.
Visibility Engine detects external proof links but does not crawl external domains in v2.0. It skips login, dashboard, admin, checkout, cart, account, API and private paths.
If the crawled pages contain email addresses or names (for example in author bios or contact pages), those values are processed transiently to generate your audit and are not stored in our database. If you are the owner of a crawled site and want us to suppress your domain from future crawls, you may wish to block the bot via your robots.txt:
User-agent: LITV-AISEOAgent Disallow: /
Or contact the LadyinTechverse contact form.
Lawful basis: legitimate interest in providing an SEO auditing service on publicly accessible web content.
5. AI processing
To produce audit reports, we send the URLs you submit (and the public content of those pages) to AI providers:
- Global users: Google Gemini (Gemini 3.1 Flash-Lite), with Groq (llama-3.1-8b-instant) as a fallback when Gemini is unavailable.
- EU and UK users: Mistral (France-based, GDPR-native). EU and UK traffic does not leave the EU/UK for AI processing.
Do not paste URLs containing tokens, passwords or personal data in query strings — we cannot redact them before processing.
6. Who we share data with
We share the minimum necessary data with the following processors:
| Processor | Purpose | What we share |
|---|---|---|
| Google (Gemini) | AI audit generation (global users) | Audited URL + public page content |
| Groq | AI audit generation (global users) | Audited URL + public page content |
| Mistral | AI audit generation (EU/UK users) | Audited URL + public page content |
| Gumroad | Payment processing | Email, license key |
| Email delivery provider | Transactional emails (receipts, password resets) | Email, message body |
| Google Analytics 4 | Aggregate usage analytics (consent-gated) | Hashed identifier, page views |
| Contentsquare | Heatmap and session insights (consent-gated) | Hashed identifier, interaction events |
| Hosting and database providers | Run the service | Account + audit data, encrypted in transit and at rest |
We do not sell your data. We do not share it with advertisers beyond consent-gated analytics tags.
7. International transfers
Singapore is our primary jurisdiction. We are mindful of cross-border transfer rules.
- EU / UK users: AI processing stays inside the EU (Mistral, France). Other processors (Google Analytics, Gumroad) are subject to Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework where applicable.
- PDPA s.26: All overseas transfers are made to processors that provide a comparable standard of protection through contract, certification or recognised frameworks.
8. Retention
| Data | Retention |
|---|---|
| Account data (email, password, name) | Until you delete your account |
| Audit results | 90 days from creation, then hard-deleted |
| Visibility Engine summaries | Deleted with the related audit or account deletion flow |
| Hashed IPs | 30 days rolling (for rate limiting) |
| Payment records | 7 years (Singapore tax law) |
| Email logs | 12 months |
If you delete your account, all audit results are hard-deleted immediately, regardless of the 90-day window.
9. Cookies
We use a default-denied cookie banner. Nothing fires until you accept.
| Category | Examples | Default |
|---|---|---|
| Strictly necessary | Session, CSRF, consent state | Always on (no consent needed under PDPA / PECR) |
| Analytics | Google Analytics 4 | Off until you consent |
| Heatmap | Contentsquare | Off until you consent |
| Marketing | Conversion tags | Off until you consent |
You can withdraw consent at any time via the cookie preferences link in our site footer.
We use Google Consent Mode v2 to ensure analytics tags respect your choice.
10. Your rights
You have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Delete your account and data (right to erasure)
- Export your data in a portable format
- Withdraw consent for analytics, heatmaps and marketing
- Object to processing based on legitimate interest
To exercise any right, use the LadyinTechverse contact form. We respond within 30 days (PDPA) or one calendar month (GDPR).
11. Children
This service is for users aged 16 and above. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, use the contact form above and we will delete the account and associated data.
12. Security
- Passwords are stored as one-way hashes (never plaintext).
- IP addresses are stored only as SHA-256 hashes.
- All data is encrypted in transit (TLS 1.2+) and at rest.
- Access to production systems is restricted to the controller, with multi-factor authentication.
- We do not name our internal infrastructure providers in this policy. Categories are: hosting, database, cache, email delivery, AI providers (named in section 6 because you have a right to know who processes your data).
13. Google API Services (Data Connectors)
If you connect Google Search Console or Google Analytics 4 via Settings → Data Connectors, we read your search performance and traffic metrics on a read-only basis to enrich your audit reports. Connecting a Google account is optional and limited to the Pro tier.
LadyinTechverse’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
- We do not transfer Google user data to third parties except as needed to provide the connected feature or as required by law.
- We do not use Google user data for advertising of any kind.
- We do not use Google user data to train or improve AI or machine learning models.
- We do not allow humans to read Google user data unless you give us specific consent, it is required for security or to comply with the law, or after the data has been aggregated and anonymised.
- We do not sell Google user data.
You can disconnect at any time from Settings → Data Connectors, or from myaccount.google.com/permissions. Disconnecting deletes your stored OAuth credentials immediately.
14. Changes to this policy
We will update this policy when our practices change. Material changes (new processors, new data categories, changed retention) will be updated here. The “Last updated” date at the top of this page reflects the latest version.