Privacy Policy
Last updated: May 15, 2026
🔒 Plain English first: We collect the minimum data needed to run this service. We don't sell your data. We don't share it with advertisers. We delete trial user data 30 days after your trial expires.
1. Who We Are
DigiMoTech is an AI-powered competitive intelligence and SEO platform for small businesses. It is operated by Polsia, Inc. ("we," "us," or "our"). Our contact email is digimotech@polsia.app.
2. What Data We Collect
We collect the following categories of data:
- Account information: Your name, email address, and bcrypt-hashed password when you create an account.
- Trial verification data: Your IP address at the time of trial signup, used solely to prevent abuse (one trial per IP). This is stored for 37 days and then deleted.
- Usage data: Competitor URLs you add, SWOT analyses you generate, SEO audits, and briefing history — the content you create.
- Payment data: Stripe processes your payment. We store only your Stripe customer ID and subscription status — never card numbers or billing addresses.
- Session data: JWT tokens and session metadata (device type, last active) for security purposes.
- Analytics events: Page views, feature usage events (no PII beyond user ID). Used to improve the product.
- Support tickets: Messages you submit through the support form.
We do not collect phone numbers, social security numbers, or government IDs.
3. Why We Collect It
- Email: To send you your account confirmation, trial status updates, and support responses. We do not send marketing email unless you opt in.
- IP address (trial only): One free trial per IP. This prevents the free trial from being gamed with throwaway accounts. We do not use your IP for tracking, advertising, or any other purpose.
- Usage content: To deliver the features you paid for and generate your AI reports.
- Stripe customer ID: To manage your subscription and process refunds.
- Analytics events: To understand which features are used and where users run into problems.
4. How We Store It
- Data is stored in a PostgreSQL database hosted by Neon (US-based, SOC 2 compliant).
- Passwords are hashed with bcrypt (cost factor 12). We never store plaintext passwords.
- All connections use TLS in transit. Data at rest is encrypted at the infrastructure level.
- Trial IP addresses are stored in plain text until purge time, then permanently deleted.
- OAuth tokens (if applicable) are encrypted with AES-256-GCM before storage.
5. Data Retention
| Data Type | Retention Period | What Happens After |
|---|---|---|
| Trial user PII (email, IP, name) | 37 days from trial start (7-day trial + 30 days grace) |
Email replaced with irreversible hash. IP and name cleared. Anonymous usage record retained for analytics. |
| Active paying customer data | While subscription is active | Retained in full for service delivery |
| Cancelled subscriber PII | 90 days post-cancellation | Account anonymized; usage analytics retained |
| Support ticket content | 2 years | Deleted |
| Analytics events (no PII) | Indefinite | Used only in aggregate for product improvement |
| Stripe payment data | Controlled by Stripe | Subject to Stripe's Privacy Policy |
6. Third-Party Sharing
We do not sell, rent, or trade your personal data. The only third parties who receive any data are:
- Stripe: Processes payments. Receives only what is required to complete a transaction. Subject to Stripe's Privacy Policy.
- Neon (database host): Stores your data. Bound by their data processing agreement.
- Polsia (platform): Operates the AI proxy and email infrastructure used by this service. Your data does not leave Polsia's infrastructure for AI processing.
We do not use Google Analytics, Facebook conversion API, or any advertising networks that receive personal data.
7. Cookies
We use a single first-party cookie: csrf_token, a secure, HTTP-only CSRF protection token. It does not track you across sites and contains no personal information. It expires at the end of your browser session.
We do not use third-party tracking cookies. The Meta Pixel on some pages fires only page view and conversion events — it does not read or set cookies that identify you to Facebook outside of standard browser behavior.
8. Your Rights
You have the following rights over your data:
- Access: Request a copy of the data we hold about you.
- Correction: Ask us to correct inaccurate data.
- Deletion: Request deletion of your personal data. Trial users are automatically purged after 37 days. Active users can request deletion via the Account section of the dashboard — we'll process within 30 days.
- Portability: Request your SWOT analyses, briefings, and SEO audit results in JSON format.
- Withdraw consent: If your processing is based on consent, you may withdraw it at any time by contacting us.
To exercise any right, email digimotech@polsia.app or use the deletion request button in your account dashboard.
9. Security
We take security seriously:
- Passwords hashed with bcrypt (never stored in plain text)
- All connections encrypted with TLS
- Two-factor authentication (TOTP) available for all accounts
- Account lockout after 5 failed login attempts
- Session management — view and revoke active sessions from account security settings
- CSRF token protection on all state-changing endpoints
- Strict Content Security Policy headers on all pages
If you discover a security vulnerability, email digimotech@polsia.app immediately.
10. Children's Privacy
DigiMoTech is a business tool intended for adults 18 and older. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it.
11. Changes to This Policy
We will update this page if our data practices change and note the "Last updated" date above. Significant changes will be communicated by email if you have an active account.
Questions or Requests
Email us at digimotech@polsia.app for any privacy questions, data access requests, or deletion requests.
We aim to respond within 3 business days and process all deletion requests within 30 days.