Outpacer.aiBack to Home

Privacy Policy

Effective Date: March 1, 2026 · Last Updated: March 31, 2026

Outpacer AI, Inc. (“Outpacer,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard your personal information when you visit our website at outpacer.ai and use our AI-powered SEO platform (collectively, the “Service”). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and sharing of your information as described herein.

If you do not agree with this Privacy Policy, you must not use the Service. We encourage you to review this Privacy Policy periodically, as we may update it from time to time.

1. Information We Collect

We collect information from and about you in several ways, depending on how you interact with the Service.

1.1 Account Information

When you create an account, we collect information you provide directly, including:

  • Full name
  • Email address
  • Password (stored in hashed form)
  • Company or organization name (if applicable)
  • Profile information and account preferences

1.2 Billing Information

When you subscribe to a paid plan, we collect billing-related information including your name, billing address, and payment method details. Payment card information is processed and stored directly by our payment processor, Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment card data on our servers. We retain a tokenized reference to your payment method, your billing address, and transaction history for record-keeping and invoicing purposes.

1.3 Website and CMS Data

When you connect your website or content management system (CMS) to the Service, we collect:

  • Website URLs and domain information
  • CMS API keys, authentication tokens, and connection credentials (stored encrypted)
  • Website content, including existing blog posts, pages, meta data, and media
  • Website analytics data and performance metrics you choose to share
  • Sitemap and site structure information

1.4 Content Data

We collect and process content you create, generate, or manage through the Service, including:

  • AI-generated articles, blog posts, meta descriptions, and other text content
  • AI-generated images
  • Content prompts, instructions, and configurations you provide to the AI
  • Keyword research queries and content plans
  • SEO audit results and competitor analysis data
  • Edits and revisions you make to generated content

1.5 Usage Data

We automatically collect information about how you interact with the Service, including:

  • Features and pages you access within the Service
  • Actions you take (e.g., generating content, running audits, publishing articles)
  • Frequency and duration of your sessions
  • Error logs and performance data
  • Referral source and navigation paths
  • Timestamps associated with your activities

1.6 Device and Technical Data

When you access the Service, we automatically collect certain technical information, including:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Screen resolution and viewport dimensions
  • Language and locale preferences
  • Time zone

1.7 Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies to operate the Service, remember your preferences, authenticate your sessions, and analyze usage patterns. For detailed information about the cookies we use and your choices regarding cookies, please see our Cookie Policy at /legal/cookies.

1.8 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Authentication providers if you sign in using a third-party identity provider (e.g., Google OAuth)
  • Payment processor (Stripe) regarding transaction status and billing information
  • SEO data providers (DataForSEO) regarding keyword and search engine results data
  • Analytics providers regarding aggregated and anonymized usage trends

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and operating the Service: To create and manage your account, process your subscriptions, generate AI content, connect to your CMS, publish content, perform SEO audits, and deliver all features of the platform.
  • Processing payments: To charge subscription fees, manage billing cycles, issue invoices, and handle refund requests through our payment processor, Stripe.
  • AI content generation: To transmit your prompts, instructions, and relevant website context to third-party AI model providers (Anthropic and OpenAI) in order to generate content on your behalf.
  • Communication: To send you transactional emails (account verification, password resets, billing receipts, subscription updates), service announcements, and, with your consent, marketing communications.
  • Product improvement: To analyze usage patterns, identify bugs, improve features, develop new capabilities, and enhance the overall user experience.
  • Security and fraud prevention: To detect, prevent, and respond to security incidents, unauthorized access, fraud, and other harmful activities.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Analytics: To measure the performance of the Service, understand how users engage with different features, and make data-driven product decisions.

Important: We do NOT use your data to train AI models.

We do not use your content, prompts, generated outputs, website data, or any other user-provided information to train, fine-tune, or improve any AI or machine learning models, whether our own or those of third parties. Your data is used exclusively to provide the Service to you. The third-party AI providers we use (Anthropic and OpenAI) are contractually bound through our enterprise agreements to not use data transmitted through our API calls for model training purposes.

3. How We Share Your Information

We do not sell your personal information. We share your information with the following categories of third-party service providers, strictly as necessary to operate the Service:

3.1 AI Model Providers

  • Anthropic (Claude) — We transmit content prompts, instructions, and relevant context to Anthropic's API to generate text content. Anthropic processes this data in accordance with their enterprise data processing terms and does not use API inputs or outputs for model training.
  • OpenAI (GPT, DALL-E) — We transmit content prompts, instructions, and image generation requests to OpenAI's API. OpenAI processes this data in accordance with their enterprise API data usage policy, which states that API data is not used for model training.

3.2 Payment Processing

  • Stripe — We share your billing information (name, email, billing address, payment method) with Stripe to process subscription payments, manage billing, and prevent fraud. Stripe is a PCI-DSS Level 1 certified payment processor. See Stripe's privacy policy at stripe.com/privacy.

3.3 Infrastructure and Hosting

  • Supabase — Our primary database and authentication provider. Your account data, content, and application data are stored in Supabase-hosted PostgreSQL databases. Supabase stores data in AWS data centers.
  • Vercel — Our application hosting and deployment platform. Vercel processes HTTP requests and may temporarily log request metadata (IP addresses, request paths) for performance and security purposes.
  • Railway — We use Railway to host background processing services, job queues, and worker processes that handle content generation, publishing, and other asynchronous tasks.
  • Upstash — We use Upstash for serverless Redis caching and rate limiting. Upstash may temporarily store session data, cached responses, and rate limit counters.

3.4 Email and Communications

  • Resend — We use Resend to send transactional emails (account verification, password resets, billing receipts, notifications). We share your email address and name with Resend for this purpose.

3.5 Analytics and Product Intelligence

  • PostHog — We use PostHog for product analytics, including feature usage tracking, session recording (with sensitive fields excluded), funnel analysis, and A/B testing. PostHog receives usage data, device information, and anonymized user identifiers.

3.6 Customer Support

  • Crisp — We use Crisp for live chat and customer support. When you interact with our support chat, Crisp may collect your name, email address, browser information, and the content of your support conversations.

3.7 SEO Data Providers

  • DataForSEO — We use DataForSEO to provide keyword research, SERP analysis, competitor data, and other SEO intelligence. We transmit domain names, keywords, and search queries to DataForSEO's API to retrieve relevant SEO data.

3.8 Other Disclosures

We may also share your information in the following circumstances:

  • Legal requirements: When required by law, regulation, legal process, subpoena, court order, or governmental request.
  • Safety and protection: To protect the rights, property, or safety of Outpacer AI, our users, or others, including to detect and prevent fraud or security incidents.
  • Business transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets. In such event, your information may be transferred as part of the transaction, and we will notify you of any change in ownership or use of your personal information.
  • With your consent: We may share your information with third parties when you have given us explicit consent to do so.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specific retention periods include:

  • Account data: Retained for the duration of your account and for up to thirty (30) days after account deletion to allow for recovery.
  • Generated content: Retained for the duration of your account. Upon account deletion, generated content is permanently deleted within ninety (90) days.
  • Billing records: Retained for a minimum of seven (7) years to comply with tax and financial reporting obligations.
  • Usage and analytics data: Retained in identifiable form for up to twenty-four (24) months, after which it is aggregated and anonymized.
  • Server logs: Retained for up to ninety (90) days for security and debugging purposes.
  • Support conversations: Retained for up to thirty-six (36) months to maintain service quality and context for ongoing support.

When data is no longer required, we securely delete or anonymize it using industry-standard methods. Some data may persist in encrypted backups for a limited period after deletion from our primary systems.

5. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. We are committed to honoring these rights regardless of your location, to the extent practicable.

5.1 Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR and equivalent local laws:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request that we correct inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): You have the right to request the deletion of your personal data, subject to certain legal exceptions.
  • Right to restriction of processing: You have the right to request that we limit how we process your personal data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to object: You have the right to object to our processing of your personal data, including for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

Our legal bases for processing personal data under the GDPR include: performance of our contract with you (to provide the Service), our legitimate interests (to improve and secure the Service), your consent (for marketing communications and non-essential cookies), and compliance with legal obligations.

5.2 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
  • Right to correct: You have the right to request the correction of inaccurate personal information.
  • Right to opt out of sale/sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
  • Right to limit use of sensitive personal information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary to provide the Service.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

In the preceding twelve (12) months, we have collected the following categories of personal information: identifiers (name, email, IP address), commercial information (subscription and billing records), internet or electronic network activity (usage data), and professional or employment-related information (company name). We do not collect or process sensitive personal information as defined by the CPRA beyond what is necessary to provide the Service.

5.3 Exercising Your Rights

To exercise any of the rights described above, please contact us at legal@outpacer.ai. We will verify your identity before processing your request and will respond within the timeframes required by applicable law (typically thirty (30) days for GDPR requests and forty-five (45) days for CCPA requests). You may also designate an authorized agent to make a request on your behalf.

6. International Data Transfers

Outpacer AI is based in the United States. If you access the Service from outside the United States, your personal data will be transferred to, processed, and stored in the United States and potentially in other jurisdictions where our service providers operate.

For transfers of personal data from the EEA, United Kingdom, or Switzerland to the United States or other countries not deemed to provide an adequate level of data protection, we rely on the following transfer mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with our sub-processors that include appropriate safeguards
  • The EU-U.S. Data Privacy Framework, where applicable

You may request a copy of the applicable transfer mechanisms by contacting us at legal@outpacer.ai. For further details, please refer to our Data Processing Agreement at /legal/dpa.

7. Security

We implement industry-standard technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher for all communications
  • Encryption of data at rest using AES-256 for sensitive data stored in our databases
  • Encryption of CMS credentials, API keys, and authentication tokens using application-level encryption
  • Row-level security (RLS) policies in our database to ensure data isolation between users
  • Regular security assessments and vulnerability scanning
  • Access controls and least-privilege principles for internal access to production data
  • Secure password hashing using bcrypt with appropriate salt rounds
  • Rate limiting and DDoS protection on all public-facing endpoints
  • Automated monitoring and alerting for suspicious activity

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, and you acknowledge that you transmit data to us at your own risk. If you become aware of a security vulnerability or suspect unauthorized access to your account, please contact us immediately at security@outpacer.ai.

8. Children's Privacy

The Service is not intended for use by children under the age of 18 (or the age of legal majority in the applicable jurisdiction). We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at legal@outpacer.ai, and we will take steps to delete that information from our systems. If we become aware that we have inadvertently collected personal information from a child under 13, we will promptly delete such information.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide, secure, and improve the Service. Cookies are small text files stored on your device by your browser that allow us to recognize you and remember your preferences across sessions.

We use the following categories of cookies:

  • Strictly necessary cookies: Essential for the operation of the Service, including authentication, session management, and security. These cookies cannot be disabled.
  • Functional cookies: Used to remember your preferences and settings (e.g., language, theme, layout preferences).
  • Analytics cookies: Used to collect information about how you use the Service, including which pages you visit and how long you spend on them. We use PostHog for analytics.
  • Support cookies: Used by our customer support widget (Crisp) to maintain your support conversation context and preferences.

You can manage your cookie preferences through the cookie consent banner displayed on your first visit, or at any time through your browser settings. Note that disabling certain cookies may affect the functionality of the Service. For a complete list of cookies we use and their purposes, please refer to our Cookie Policy at /legal/cookies.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this page
  • Notify you by email (sent to the email address associated with your account) or through a prominent notice within the Service
  • For material changes that significantly affect how we process your personal data, provide at least thirty (30) days' advance notice

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the revised policy, you should discontinue your use of the Service and contact us to delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Company: Outpacer AI, Inc.
  • Email: legal@outpacer.ai
  • Privacy-specific inquiries: privacy@outpacer.ai
  • Security concerns: security@outpacer.ai
  • Website: outpacer.ai
  • Jurisdiction: State of Delaware, United States of America

For GDPR-related inquiries, if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

By using Outpacer AI, you acknowledge that you have read this Privacy Policy in its entirety, that you understand it, and that you agree to the collection, use, and sharing of your information as described herein.