Privacy Policy

Last updated: November 18, 2025

Updated: This privacy policy has been customized for Sruhlon Enterprise Platform's specific data practices and technical implementation.

1. Information We Collect

1.1 Personal Information

We collect the following personal information when you use Sruhlon:

  • Account Data: Full name, email address, encrypted passwords (bcrypt hashing)
  • Subscription Information: Plan type, billing status, Stripe customer ID
  • Domain Information: Domain names, DNS verification tokens, ownership records
  • Usage Data: AI credits consumed, feature usage logs, notification preferences
  • Authentication Data: JWT tokens, session cookies, IP addresses, user agents
  • Agreement Records: Builder agreement acknowledgment with timestamps

1.2 AI-Generated Content

We process content you generate using our AI features, including:

  • Blog posts, product descriptions, and marketing content
  • Social media posts and automated campaigns
  • Website optimization recommendations

1.3 Integration Data

When you connect third-party services, we may collect:

  • WordPress/Shopify site URLs and API credentials
  • Social media platform access tokens
  • Google Analytics tracking data
  • Email automation preferences and templates

1.4 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Authentication, security, session management (required)
  • Analytics Cookies: Usage statistics, feature adoption, performance metrics (optional)
  • Marketing Cookies: Personalized content, advertising attribution (optional)

You can manage cookie preferences through our Privacy Dashboard or the cookie consent banner that appears on your first visit. Your preferences are saved to your account and synced across devices.

2. How We Use Your Information

2.1 Service Delivery

  • AI Content Generation: Process your content requests using OpenAI GPT-4o
  • Domain Management: Verify domain ownership through DNS TXT records
  • Automation Workflows: Execute multi-site content publishing and optimization
  • Integration Management: Connect and synchronize with WordPress, Shopify, and social platforms

2.2 Billing and Subscription Management

  • Process payments through Stripe with automatic tax calculation
  • Manage subscription tiers (Launch $149/mo, Scale $499/mo, Enterprise $1,299/mo)
  • Track usage against plan limits and credits
  • Send billing notifications and subscription updates

2.3 Legal Basis for Processing (GDPR)

  • Contract Performance: Service delivery and subscription management
  • Legitimate Interest: Security, fraud prevention, service improvement
  • Consent: Marketing communications and optional features
  • Legal Compliance: Tax obligations and financial record keeping

3. Information Sharing and Third-Party Integrations

3.1 Service Providers

  • Stripe: Payment processing and subscription billing
  • OpenAI: AI content generation (no training data usage)
  • Gmail/SMTP: Email delivery and automated responses
  • Replit: Application hosting and infrastructure

3.2 Connected Platforms (Your Choice)

  • WordPress/Shopify: Content publishing and e-commerce integration
  • Social Media: Facebook, Instagram, LinkedIn automation
  • Google Analytics: Website performance tracking
  • Custom Webhooks: Real-time data synchronization

3.3 Data Sharing Principles

We do not sell your personal information. We share data only:

  • With your explicit consent for platform integrations
  • To provide requested services and features
  • When required by law or legal process
  • To protect our rights and prevent fraud

4. Data Security and Storage

4.1 Security Measures

  • Encryption: Data encrypted in transit (TLS) and at rest
  • Authentication: JWT tokens with 30-minute expiration, bcrypt password hashing (14 rounds)
  • Session Security: HTTP-only cookies with IP validation
  • Input Validation: XSS and injection prevention, CSRF protection
  • Access Controls: Admin privileges restricted to environment-verified emails

4.2 Data Storage and Retention

  • Primary Database: PostgreSQL hosted in US (Virginia region)
  • Backup Systems: Automated daily/weekly backups with timestamp retention
  • Log Storage: Structured JSON logs with sensitive data filtering
  • Monitoring: Prometheus/Grafana metrics for security and performance
  • Retention Period: Account data retained for 7 years for legal and tax compliance, unless you request deletion earlier
  • Deletion Grace Period: 30 days after account cancellation before permanent deletion

5. Your Data Rights (GDPR & US Privacy Laws)

5.1 Access and Portability

  • Data Export: Download your complete data in JSON or CSV format via Privacy Dashboard
  • Includes: Account info, consent preferences, privacy settings, marketplace listings, audit logs
  • Formats: Machine-readable JSON and human-readable CSV with metadata
  • Instant Download: No waiting period, immediate access to your data

5.2 Correction and Deletion

  • Profile Updates: Real-time account information correction via profile settings
  • Data Deletion: Complete account deletion via Privacy Dashboard
  • Field-Level Privacy: Granular control over email, phone, and address visibility in marketplace listings
  • Anonymization: User records anonymized for billing and legal compliance after deletion
  • Confirmation Required: Type confirmation phrase to prevent accidental deletion

5.3 Consent and Objection

  • Notification Preferences: Granular email/SMS/in-app controls
  • Marketing Opt-out: Unsubscribe links in all communications
  • Data Processing Objection: Contact privacy@sruhlon.com

5.4 US State Privacy Rights

California, Virginia, and other state residents have additional rights including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we don't sell personal information)
  • Right to non-discrimination for exercising privacy rights

Exercise Your Rights

Self-Service Privacy Dashboard:

  • Privacy Dashboard - Complete privacy control center
  • View your personal data and privacy settings
  • Export your data in JSON or CSV format
  • Manage cookie and tracking consent preferences
  • Control field-level privacy for marketplace listings
  • Delete your account and all associated data
  • View complete audit trail of privacy changes

Additional Resources:

Contact: privacy@sruhlon.com | We respond within 30 days per GDPR/CCPA requirements

6. International Transfers and Geographic Scope

6.1 Service Regions

  • Primary Infrastructure: United States (Virginia region)
  • CDN Coverage: Global content delivery
  • Testing Regions: Dublin (IE), Singapore (SG), Ashburn (US)
  • Legal Jurisdiction: United States federal and state law

6.2 GDPR Safeguards

For EU data subjects, we provide adequate protection through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Technical and organizational measures (TOMs)
  • Data minimization and purpose limitation
  • Regular compliance audits and assessments

7. Updates and Contact Information

7.1 Policy Updates

We will notify you of material changes to this Privacy Policy:

  • 30-day advance notice via email
  • Prominent website notification
  • Updated "Last Modified" date

7.2 Contact Information

  • Privacy Officer: privacy@sruhlon.com
  • Data Protection: dpo@sruhlon.com
  • General Support: support@sruhlon.com
  • Legal Inquiries: legal@sruhlon.com
  • Business Address: Sruhlon Enterprise Platform, Legal Department