Privacy Policy

At Epicurus One, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at epicurus.one and our AI-powered SEO content platform. Please read this policy carefully. By using Epicurus One, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address - used for authentication, communication, and account recovery. Email verification is required for all new accounts.
• Password - securely hashed using bcrypt with 12 salt rounds. We never store your password in plain text and cannot recover it.

Website & Business Data

To provide our SEO services, we collect information about the websites you add to our platform:

• Domain URL - your website address used to identify your site within our system.
• Site content - we crawl your publicly accessible website pages to analyze content for SEO optimization purposes.
• Business profile information - niche, target audience, brand tone, and products/services. This helps our AI generate relevant, on-brand content.

Generated Content

As part of our service, we generate and store:

• AI-generated articles and blog posts
• Keyword research data and content strategies
• AI-generated images for your articles

Payment Information

All payment processing is handled entirely by Stripe. We never receive, store, or have access to your full credit card number, debit card number, or bank account details. Stripe collects and processes your payment information directly in accordance with their Privacy Policy. We only store your subscription status, plan tier, and Stripe customer/subscription identifiers.

Usage Data

We automatically collect certain information when you interact with our platform:

• Session data (server-side sessions)
• Login timestamps
• Subscription status and billing cycle

Google Search Console Data

If you choose to connect your Google Search Console account via OAuth2, we access analytics data such as search queries, click-through rates, impressions, and average positions for your connected properties. This data is used solely to provide SEO performance insights and improve content strategy within your dashboard.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery - to crawl your website, research keywords, generate AI-powered SEO content, create images, and publish articles to your WordPress site.
• Account management - to create, maintain, and secure your account, process subscriptions, and handle authentication.
• Communication - to send transactional emails such as account verification, password resets, subscription confirmations, and important service updates.
• Analytics & optimization - to provide you with SEO performance dashboards, keyword rankings, and content strategy recommendations based on your Google Search Console data.
• Platform improvement - to understand how our service is used and improve our AI models, user experience, and overall product quality.
• Security - to detect and prevent fraud, abuse, and unauthorized access to our platform.

3. Third-Party Services

We work with trusted third-party services to operate our platform. Each service receives only the minimum data necessary to perform its function:

AI & Content Generation

• OpenAI (GPT-5.2 and GPT-5 mini) - we send your website content, business profile, and keyword data to OpenAI's API to generate articles, analyze content, and build content strategies. OpenAI processes this data in accordance with their Privacy Policy.

SEO Data Providers

• DataForSEO - we query keyword volume, search difficulty, and competitive data for the keywords relevant to your website.
• SerpAPI - we analyze Google search results and discover relevant YouTube videos for content enrichment.

Google APIs

• Google Search Console API - when you connect your account via OAuth2, we read your search performance data to provide analytics and insights.
• Google Indexing API - we submit your published articles to Google for faster indexing.
• YouTube Data API - we search for relevant YouTube videos to embed within generated articles.

Payments

• Stripe - handles all payment processing, subscription management, billing, and invoicing. Your financial data is processed directly by Stripe and never touches our servers.

Email & CRM

• Brevo (formerly Sendinblue) - we use Brevo for transactional emails (account verification, password resets, subscription updates) and contact management. Contact attributes such as your email, subscription status, plan tier, and usage metrics are synced with Brevo's CRM for communication purposes.

WordPress Integration

• WordPress REST API - if you enable auto-publishing, we connect to your WordPress site using credentials you provide to publish articles directly. Your WordPress credentials are stored securely on our servers, encrypted at rest, and are never exposed in API responses or logs.

4. Cookies & Tracking

We use a minimal set of cookies that are strictly necessary for the operation and security of our platform:

• Session cookie (express-session) - an httpOnly, sameSite: lax cookie that maintains your authenticated session. It does not contain any personal information and expires when you log out or after the session timeout.
• CSRF cookie (_csrf) - a security cookie used to protect against cross-site request forgery attacks using the double-submit cookie pattern.

We do not use any advertising cookies, tracking pixels, or third-party analytics cookies. We do not track you across other websites, and we do not serve targeted advertisements.

5. Data Storage & Security

We take the security of your data seriously and implement industry-standard measures to protect it:

• Database - all account and website data is stored in a PostgreSQL database hosted on Railway, a secure cloud infrastructure provider.
• Sessions - session data is stored server-side in file-based storage, not in the browser.
• Images - AI-generated images are stored on Railway's persistent volume storage.
• Passwords - hashed with bcrypt using 12 salt rounds. We cannot reverse or view your password.
• WordPress credentials - stored securely and never exposed in API responses. All API responses pass through error sanitization to prevent leaking of internal details.
• Transport security - all data in transit is encrypted via HTTPS/TLS.

While we implement robust security practices, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your personal information.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data - retained until you delete your account.
• Generated content - articles, keywords, and strategies are retained for the lifetime of your account to maintain your content history and SEO strategy.
• Payment records - subscription history and billing references are retained as required for accounting and legal purposes, even after account deletion.
• Session data - automatically purged after session expiry.

When you delete your account, we will remove your personal data from our active systems. Some information may be retained in backups for a limited period consistent with our backup retention schedule.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access - you can access your account information, generated content, and connected website data directly through your Epicurus One dashboard at any time.
• Correction - you can update your email, password, business profile, and website information through your account settings.
• Deletion - you can permanently delete your account using the "Danger Zone" section in your account settings. This action removes your account and associated data from our active systems.
• Data portability - your generated articles are published directly to your WordPress site, giving you full ownership and portability of your content.
• Withdrawal of consent - you can disconnect third-party integrations (such as Google Search Console) at any time through your settings.
• Objection - you may object to certain data processing activities by contacting us.

To exercise any of these rights, you can use the self-service options in your account settings or contact us at [email protected].

8. Data Sharing & Selling

We do not sell, rent, or trade your personal information to third parties - ever.

We only share data with the third-party service providers listed in Section 3 above, and only to the extent necessary for them to perform their designated functions. These providers are contractually obligated to protect your data and may not use it for their own purposes.

We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Epicurus One, our users, or the public.

9. Children's Privacy

Epicurus One is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our third-party service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. By using Epicurus One, you consent to the transfer of your information to these countries. We take reasonable steps to ensure your data remains protected in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of Epicurus One after any changes to this Privacy Policy constitutes your acceptance of those changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Website: epicurus.one

We will respond to your inquiry as soon as reasonably possible.