Privacy Policy

1. Who we are

The Inspector AI ("we", "us", "our") operates the website and the Inspector AI service ("Service"). Our contact details are in Section 12.

2. What data we collect

• Account data: name, email, organization, password (hashed).
• Site connection data: WordPress site URL, site info snapshots (plugins, theme, PHP/WP versions), HMAC signing secret (stored hashed).
• Content the agent processes: post titles, content, metadata, images, SEO fields — processed transiently to generate suggestions. We do not retain your content for training.
• Billing data: processed by our payment providers (Stripe, Green Invoice). We never store full card numbers.
• Usage data: pages visited, buttons clicked, feature usage, error logs.
• Cookies: see our separate Cookie Policy.

3. Legal bases (GDPR Article 6)

• Contract: to provide the Service you signed up for.
• Legitimate interest: to improve the Service, prevent abuse, and market to prospective customers (unsubscribe anytime).
• Consent: for non-essential cookies and marketing email.
• Legal obligation: tax records, law enforcement requests.

4. How we use your data

To operate the Service (process AI SEO suggestions, deliver reports, bill you), to support you (respond to tickets), to secure the Service (detect abuse, prevent fraud), and to improve it (analytics, bug fixes). We do not sell your data. We do not train AI models on your content.

5. Who we share it with

• Google Gemini API (United States) — to generate SEO suggestions from your content.
• Stripe, Inc. (United States) — to process card payments.
• Green Invoice (Israel) — to issue VAT-compliant invoices to Israeli customers.
• Hetzner Online GmbH (Germany) — infrastructure hosting (EU).
• Cloudflare, Inc. (United States) — CDN and security.
• Law enforcement — when required by valid legal process.

6. International transfers

Some of our processors are located outside the European Economic Area or Israel. Transfers are safeguarded by the EU Standard Contractual Clauses or the EU–US Data Privacy Framework where applicable.

7. Retention

Account and content data: retained for the life of your account + 30 days. Billing records: 7 years (tax obligation). Server logs: 90 days. Snapshots (on your WordPress site, not on our servers): 30 days by default.

8. Your rights under GDPR (EU visitors)

You may request access, correction, deletion, restriction, portability, or objection regarding your personal data. Contact us at [email protected]. You may also lodge a complaint with your national supervisory authority.

9. Your rights under Israeli Privacy Protection Law

Under the Privacy Protection Law 5741-1981 and Regulation 13 of the Privacy Protection Regulations (Data Security) 2017, Israeli residents have the right to inspect the personal data we hold about them, request correction or deletion, and receive a response within 30 days. Contact [email protected].

10. Your rights under CCPA (California residents)

You have the right to know what personal information we collect, to request deletion, to opt out of any "sale" of personal information (we do not sell data), and not to be discriminated against for exercising these rights.

11. Security

All data in transit is encrypted with TLS 1.2+. Passwords are hashed with bcrypt. Database backups are encrypted at rest. Plugin-to-server communication is HMAC-SHA256 signed with rotatable per-site secrets. Security incidents are disclosed to affected customers within 72 hours and to supervisory authorities where required.

12. Contact

The Inspector AI
Israel
Privacy inquiries: [email protected]
General contact: [email protected]

13. Changes

We will post any changes to this policy on this page and update the Effective Date. Material changes will be notified by email to account holders.