sernix
Join waitlist

Privacy Policy

We respect your data.

Last updated: April 2026

TL;DR

We collect what we need to run the service and nothing more. We don’t sell your data, we don’t share it with advertisers, and you can delete everything at any time. That’s it.

01.

What we collect

We collect your email, your site’s URL, and crawl data from your website. That’s the core of it.

When you create an account, we collect your name, email address, and a hashed password. We never store your password in plain text.

When you connect a site, we collect and store: the site’s URL, page-level crawl snapshots (HTML structure, meta tags, heading hierarchy, link graph), detected SEO issues, and AI-generated fix content you’ve approved.

We collect usage signals strictly for debugging and improving the product. We do not build behavioral profiles.

Payment is handled entirely by Stripe. We never see, store, or touch your card number, CVV, or banking details.

What we do not collect:

  • Browsing history outside your own connected site
  • Personal data belonging to your website’s visitors
  • Device fingerprints or advertising identifiers
  • Your site’s source code — we read rendered HTML, not your repository
02.

How we use it

Your data runs the product. That’s the only reason we have it.

We use your data to:

  • Power the crawl → analyze → fix → deploy → monitor pipeline
  • Send you alerts when SEO drift is detected or a deployment fails
  • Manage your account, subscription, and billing
  • Respond to support requests and troubleshoot issues

We may use anonymized, aggregated crawl data to improve our AI models. When we do this, all site identity is stripped before any model training. You can opt out in Settings.

We do not use your data for advertising, retargeting, or sale to third parties. Ever.

03.

Storage & security

Your data lives on ISO 27001-certified infrastructure behind TLS 1.3 and row-level access controls.

All data is stored in the United States. Infrastructure breakdown:

  • Database: Timescale Cloud (PostgreSQL 17) — encrypted at rest, TLS 1.3 in transit
  • Cache / Queue: Upstash Redis — in-transit encryption enforced
  • API: Railway — HTTPS only, no plaintext endpoints
  • Frontend: Vercel edge network — HTTPS

Secrets and credentials are never logged, never committed to source control, and are rotated on any suspected exposure. Production access is limited to essential personnel behind multi-factor authentication.

In the event of a data breach, we will notify affected users within 72 hours of discovery.

04.

Third-party services

We use four services: Stripe (billing), Vercel (CDN), Timescale (database), Upstash (cache). Each has its own privacy policy.

We share data with third parties only to the extent required to operate the service:

  • Stripe — processes payments. Receives your billing name, email, and card data directly. We never see card details.
  • Vercel — hosts the frontend and provides cookieless, privacy-first analytics (page views only, no fingerprinting).
  • Timescale Cloud — stores your site and crawl data. SOC 2 Type II certified.
  • Upstash — manages our Redis cache and job queues. Data is ephemeral with no long-term retention.

We do not sell, rent, or trade your data to any third party for commercial purposes.

05.

Cookies

One session cookie. No tracking pixels. No advertising cookies.

Sernix uses a single cookie: an authentication session token. Set on login, cleared on logout.

  • Flags: HttpOnly, Secure, SameSite=Strict
  • Duration: session — expires on logout or after 30 days of inactivity
  • Purpose: keep you authenticated — nothing else

Our analytics (Vercel Analytics) are server-side and cookieless. No third-party tracking pixels, no advertising cookies, and no cookie consent banner — because we do not need one.

Our WordPress bridge plugin does not inject cookies, scripts, or pixels into your visitors’ browsers. It communicates exclusively with our API over server-to-server HTTPS.

06.

Your rights

Access, export, correct, or delete — email us and we act within 7 days.

Regardless of where you are located, you have the following rights over your data:

  • Access: Request a full export of your account data. Delivered as structured JSON within 7 days.
  • Correction: Update your name, email, or site details directly in account settings.
  • Deletion: Delete your account from settings. All data purged within 30 days, except what we’re legally required to retain.
  • Portability: Export all crawl snapshots, issue records, and generated content as structured JSON.
  • Opt-out of model training: Disable your contribution to AI model improvement in Settings.

To exercise any right, email privacy@getsernix.com. We respond within 7 days and act within 30.

07.

Children

Sernix is not directed at children under 16. We do not knowingly collect personal information from minors. If you believe a minor has created an account, contact privacy@getsernix.com and we will delete it promptly.

08.

Changes to this policy

We may update this policy as the product evolves. For material changes, we will email you at least 14 days before the change takes effect.

Continued use of Sernix after the effective date constitutes acceptance. If you disagree, you may delete your account before it takes effect.

09.

Contact

Privacy questions, data requests, or concerns — reach us at:

privacy@getsernix.com

We will always respond. No ticket queues, no bots.