Privacy Policy
Last updated: 8 June 2026
This Privacy Policy explains how [LEGAL ENTITY — e.g. Verbo Ltd / sole trader name](“Verbo”, “we”, “us”) collects, uses, and protects your personal data when you use our Service. We are the data controller for the personal data described here. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data We Collect
Information you provide
- Account data: name, email address, and a password (stored only as a salted hash) when you register. If you sign in with Google, we receive your name, email, and Google account identifier.
- Site & brand data: the website URLs, brand profiles, keywords, and content preferences you enter.
- Payment data: when you subscribe, payment is handled by Stripe. We receive billing status and limited card metadata (e.g. last four digits, expiry) but never your full card number.
- Support data: information you provide when you contact us.
Information from connected services
- Google Search Console: if you connect GSC, we store encrypted OAuth tokens and retrieve search performance data (clicks, impressions, queries, pages) for the properties you authorise. We request read-only access (
webmasters.readonly) and do not modify your Search Console account. - Publishing targets: credentials for CMS or WordPress sites you connect, so we can publish content at your instruction. These are stored encrypted.
Information collected automatically
- Usage data: we record events such as feature usage and content generation activity to operate, secure, and improve the Service.
- Essential cookies: we use a session cookie to keep you signed in. See our Cookie Policy.
2. How We Use Your Data & Legal Bases
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Creating and managing your account | Performance of a contract |
| Generating content and providing Service features | Performance of a contract |
| Processing payments and managing subscriptions | Performance of a contract; legal obligation |
| Securing the Service and preventing abuse | Legitimate interests |
| Improving and developing the Service | Legitimate interests |
| Sending service and transactional emails | Performance of a contract; legitimate interests |
| Complying with legal and tax obligations | Legal obligation |
3. AI Processing
To generate content we send the inputs you provide (such as topics, keywords, and brand details) to our AI provider, OpenAI. We do not deliberately send special-category personal data for AI processing, and you should not enter such data. OpenAI processes this data as our sub-processor to return the generated Output.
4. Sharing & Sub-processors
We do not sell your personal data. We share it only with service providers that help us run the Service:
| Provider | Purpose |
|---|---|
| OpenAI | AI content generation |
| Authentication (OAuth) and Search Console data | |
| Stripe | Payment processing and subscription billing |
| Hosting & infrastructure | Application hosting, database, and queue infrastructure |
We may also disclose data where required by law, to enforce our Terms, or in connection with a merger or sale of our business.
5. International Transfers
Some providers (such as OpenAI and Stripe) may process data outside the UK. Where data is transferred internationally, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement / Standard Contractual Clauses.
6. Retention
We keep personal data for as long as your account is active and as needed to provide the Service. After account closure we delete or anonymise personal data within a reasonable period, except where we must retain records to meet legal, tax, or accounting obligations or to resolve disputes.
7. Security
We use technical and organisational measures to protect your data, including encryption of third-party credentials and OAuth tokens at rest, hashed passwords, and access controls. No system is completely secure, so we cannot guarantee absolute security.
8. Your Rights
Under UK GDPR you have the right to:
- access a copy of your personal data;
- request correction of inaccurate data;
- request erasure of your data;
- restrict or object to certain processing;
- data portability;
- withdraw consent where processing is based on consent.
To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
9. Children
The Service is not directed to anyone under 18, and we do not knowingly collect data from children.
10. Changes
We may update this Privacy Policy from time to time. Material changes will be notified through the Service or by email. The “last updated” date above reflects the latest revision.
11. Contact
For privacy questions or requests, contact us at [email protected]. This Policy is governed by the laws of England and Wales.