Last updated: 1 April 2026. This policy explains how AI-My-Site collects, uses, and protects your personal data.

1. Who We Are

AI-My-Site (“we“, “us“, “our“) is operated by AI-My-Site Ltd, registered in England and Wales. Our registered office is at [Address]. We are the data controller for personal data collected through our website at ai-my-site.com and through our WordPress plugin and API services.

If you have any questions about this policy or our data practices, please contact us at privacy@ai-my-site.com.

2. What Data We Collect

We collect the following categories of personal data:

• Account data — name, email address, password (hashed), and billing information when you register for a paid plan.
• Usage data — IP address, browser type, pages visited, referral source, and session duration collected via server logs and analytics.
• API and plugin data — API tokens, request logs (model identity, endpoint accessed, timestamp, response codes), and configuration settings you store in our dashboard.
• Payment data — handled directly by our payment processor (Stripe). We do not store card numbers on our servers.
• Communications — emails and support messages you send us.

3. How We Use Your Data

We use your personal data to:

• Provide, operate, and improve the AI-My-Site service.
• Process payments and manage your subscription.
• Send transactional emails (account creation, invoices, password resets).
• Send product updates and marketing communications, where you have opted in.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

4. Legal Basis for Processing

Where GDPR applies, we process your data on the following legal bases:

• Contract performance — to provide the services you have signed up for.
• Legitimate interests — for product analytics, security monitoring, and service improvements.
• Consent — for marketing emails and optional cookies.
• Legal obligation — where required by law.

5. Cookies and Tracking

We use essential cookies to keep you logged in and to remember your preferences. We also use analytics cookies (e.g. Plausible Analytics, a privacy-respecting analytics tool) to understand how visitors use our site. These analytics cookies do not track you across other websites and do not use fingerprinting.

You can manage your cookie preferences at any time via your browser settings. Disabling essential cookies may affect the functionality of the service.

6. Data Sharing and Third Parties

We do not sell your personal data. We share data only with:

• Stripe — payment processing.
• AWS / Cloudflare — infrastructure and CDN hosting.
• Postmark — transactional email delivery.
• Plausible Analytics — privacy-first website analytics.
• Legal authorities — where required by law or a valid court order.

All third-party processors are bound by data processing agreements that restrict how they may use your data.

7. International Data Transfers

Our infrastructure is hosted primarily in the European Economic Area (EEA). Where data is transferred outside the EEA (e.g. to US-based sub-processors), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Data Retention

We retain your account data for as long as your account is active. API request logs are retained according to your plan (7 days on Starter, 90 days on Growth, unlimited on Pro). When you delete your account, we delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory reasons.

9. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (“right to be forgotten”).
• Restrict or object to certain processing.
• Port your data to another service.
• Withdraw consent at any time for consent-based processing.

To exercise any of these rights, please email privacy@ai-my-site.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, access controls, and regular security audits. API tokens are hashed before storage. Despite these measures, no system is perfectly secure and we encourage you to use a strong, unique password and to keep your API tokens confidential.

11. Children’s Privacy

Our service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice on our website. The date at the top of this page indicates when the policy was last revised. Continued use of the service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions or requests, please contact:
AI-My-Site
Email: privacy@ai-my-site.com
Website: ai-my-site.com

Who we are

Our website address is: http://www.ai-my-site.com.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.