← Back

Privacy Policy

Last updated: March 28, 2026

1. Controller

sendepenDAO GmbH (“we”, “us”) operates the Kresko Content Suite at seo.kresko.agency. We are the controller responsible for your personal data under the Swiss Federal Act on Data Protection (DSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

Contact: privacy@kresko.agency

2. Data We Collect

  • Account data: Email address, display name, hashed password (managed by Supabase Auth).
  • Project data: Domain names, article content, SEO keywords, tone guidelines, and translation content you create or import.
  • Google Search Console data: Search queries, page URLs, clicks, impressions, and position data you authorize us to access via OAuth.
  • Usage data: Actions performed (e.g., articles generated, translations), timestamps, and estimated API costs for billing purposes.
  • Payment data: Managed entirely by Stripe. We store only your Stripe customer ID and subscription status, never card details.

3. How We Use Your Data

  • To provide and operate the Kresko Content Suite.
  • To generate, optimize, translate, and analyze content on your behalf.
  • To process billing and enforce subscription limits.
  • To improve service quality and fix issues.

4. Third-Party Processors

We share data with the following processors to deliver our service:

  • Supabase (database, authentication) — stores all account and project data.
  • Anthropic (Claude API) — receives article content for generation, optimization, translation, and linking. Content is processed per Anthropic's data policy and not used for model training.
  • OpenAI (Embeddings API) — receives article titles and excerpts for similarity matching.
  • Stripe (payments) — processes subscription payments.
  • Firecrawl (web scraping) — receives URLs you provide for article import and competitor research.
  • Google (Search Console API) — accesses your GSC data with your OAuth authorization.
  • SerpAPI (search results) — receives keywords for competitor research.
  • Railway (hosting) — hosts the application infrastructure.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data (projects, articles, translations, GSC data) is permanently deleted within 30 days.

6. Your Rights

Under the DSG and GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to certain processing activities.
  • Withdraw consent at any time (e.g., GSC access).

To exercise these rights, contact us at privacy@kresko.agency.

7. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), role-based access control, and rate limiting. Authentication is handled by Supabase with industry-standard security practices.

8. Cookies

We use only essential cookies required for authentication and session management. We do not use analytics or advertising cookies.

9. Changes

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice.