Privacy Policy

Last updated: May 10, 2026

UpSailor AI operates the website upsailor.ai and the related platform that helps online businesses grow with AI agents, search, SEO automation, lead management, and analytics (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using the Service, you agree to the practices described here.

1. Information we collect

1.1 Account information

When you sign up we collect your name, email address, company name, website URL, and (optionally) phone number. If you sign in with Google, we receive your name, email address, and Google profile picture from Google through the OpenID Connect openid email profile scopes.

1.2 Google Search Console data

If you connect Google Search Console (GSC), we request the https://www.googleapis.com/auth/webmasters.readonly scope. With your explicit consent we read aggregated search-performance metrics for the property you select impressions, clicks, average position, queries, and the URLs that appear in search results. We do not request, read, or store the contents of your website, your sitemaps for modification, or any other Google data.

1.3 Service data

When you use the Service we store the websites, product collections, chat sessions, leads, SEO posts, and configuration you create. Visitors who interact with chat widgets you embed on your sites may submit messages and contact details, which are stored as leads in your account.

1.4 Technical data

We log standard request metadata (IP address, user agent, timestamps, endpoints called) for security, abuse prevention, and debugging. We use Google Analytics and Google Ads tags on the marketing site to measure traffic and campaign performance.

2. How we use information

• To provide, operate, and improve the Service.
• To authenticate you and keep your account secure.
• To display Search Console performance inside the SEO module so you can see which of your published posts are indexed and ranking.
• To respond to support requests and send service-related emails.
• To detect, prevent, and respond to fraud, abuse, or security incidents.
• To analyze anonymized and aggregated usage data so we can improve the Service over time.
• To comply with legal obligations.

We retain anonymized and aggregated data for example, query patterns, feature-usage counts, response latency, and error rates that cannot reasonably be linked back to an individual or account and use it to measure quality, prioritize improvements, and refine the Service. This data does not identify you.

We do not use Google user data, including data obtained through the webmasters.readonly scope, to train generalized AI/ML models. Your Google data is used solely to provide the analytics and post-performance features inside your own UpSailor account.

3. Google API Services User Data Policy

UpSailor's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. How we share information

We do not sell personal data. We share data only as follows:

• Service providers (sub-processors): hosting (Railway, Amazon Web Services), database (Amazon RDS), vector search (Milvus / Zilliz), AI inference (Together AI), email delivery, and the Polar billing platform. These providers process data only on our instructions and under written agreements.
• Legal: if required by law, court order, or to protect the rights, safety, and property of UpSailor, our users, or the public.
• Business transfers: in connection with a merger, acquisition, or asset sale, in which case we will provide notice before your data is transferred.

5. Data retention and deletion

We retain your account data for as long as your account is active. You can disconnect Google Search Console at any time from the SEO settings inside the product, which deletes the stored OAuth refresh token and stops further data collection. You can request deletion of your account and associated data by emailing support@upsailor.ai; we will action the request within 30 days, except where retention is required by law (for example, billing records).

6. Security

We use HTTPS in transit, encrypted credentials at rest, scoped database users, and short-lived signed tokens for OAuth flows. No system is perfectly secure; we will notify affected users without undue delay if we become aware of a breach affecting your personal data.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise any of these rights, email support@upsailor.ai. You can also revoke UpSailor's access to your Google account at any time at myaccount.google.com/permissions.

8. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

9. International transfers

We may process and store data in countries outside your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

10. Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with a new "Last updated" date and, where appropriate, notified by email.

11. Contact us

Questions or requests about this policy can be sent to support@upsailor.ai or ruth@upsailor.ai.