Privacy Policy

Last updated: May 10, 2026

1. Plain-language summary

Denzo is a multi-tenant SEO platform. We store the data you give us (your business info, keywords, generated pages) and the data your Google account chooses to share with us when you click "Connect" (your Search Console reports, your Business Profile reviews and locations). We use it only to operate your dashboard. We do not sell it. We do not show it to other clients. You can delete it at any time.

2. Who we are

Denzo SEO ("Denzo", "we") is operated by Denzo Studios. Contact: hello@denzostudios.com.

3. Data we collect

Account data

• Email address (login + billing notifications)
• Hashed password
• Subscription plan + Stripe customer ID
• Login timestamps and IP address (for fraud / security audit)

Tenant data (the SEO data you fill in)

• Business name, services, certifications, service area
• Keywords you research, competitors you track
• Generated pages and their published URLs
• API keys for third-party services you opt into (GitHub, WordPress, Apify, Anthropic) — encrypted at rest

4. Google user data (OAuth)

When you click Connect Google Business Profile or Connect Search Console, you authorize Denzo to read specific data on your behalf. We request only the scopes we need:

• https://www.googleapis.com/auth/business.manage — to read your GBP locations, reviews, posts, and Q&A.
• https://www.googleapis.com/auth/webmasters.readonly — to read your Search Console clicks, impressions, queries, and pages.

We store the access and refresh tokens encrypted in our database, scoped to the specific tenant you connected them to. Tokens are not shared across tenants. You can revoke access at any time from Settings → Google Integrations or from your Google account at myaccount.google.com/permissions.

Limited Use disclosure: Denzo's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to third parties except as needed to provide the service or comply with law, and we do not use Google user data to serve advertisements.

5. How we use the data

• To run the agent pipeline (research, draft, optimize, publish, track) for your tenants.
• To show you dashboards, reports, and Mission Control.
• To process payments via Stripe.
• To improve Denzo, in aggregate and anonymized form (no per-customer data, no Google user data).
• To send you product and security notifications.

6. Who we share data with

We share data only with the processors required to deliver the service:

• Stripe (payment processing)
• Anthropic (AI model API for content generation)
• Apify (SERP scraping, when you provide your own Apify key)
• Google (Business Profile + Search Console APIs, on your authorization)
• Mailgun or similar (transactional email)
• Hosting provider (server infrastructure)

We do not sell, rent, or trade personal data to advertisers or data brokers.

7. How long we keep data

• While your account is active: as long as you use Denzo.
• After you cancel: 30 days, then automatic deletion (you can request immediate deletion).
• Stripe billing records: retained per Stripe's policy and tax law requirements (typically 7 years).

8. Your rights (GDPR, CCPA)

You can:

• Request a copy of your data (GET /me/export or email us)
• Correct inaccurate data via your Settings page
• Delete your account and all associated data via Settings → Danger Zone, or by emailing hello@denzostudios.com
• Withdraw OAuth consent at any time from Google or from Settings → Google Integrations
• Object to processing or request portability
• File a complaint with your local data protection authority (e.g. AEPD in Spain, CNIL in France, ICO in the UK, your state AG in the US)

9. Security

We use industry-standard encryption (TLS 1.2+ in transit, AES-256 at rest where applicable), hashed passwords (bcrypt/Werkzeug), per-tenant data isolation, and OAuth refresh-token rotation. We do not have plaintext access to your passwords. Stripe and Google credentials are stored separately from application data. We will notify affected users within 72 hours of confirming any breach involving personal data.

10. Contact

Questions, deletion requests, or complaints: hello@denzostudios.com.