SMB-DMSign in

Privacy Policy

Last updated: February 7, 2026

1. Introduction

SMB Digital Marketing (“SMB-DM,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information when you use our AI-powered website platform.

2. Data We Collect

We collect the following types of information:

  • Email address: Provided when you start a demo, create an account, or sign in.
  • Business information: Business name, industry, services, location, and other details you provide to generate your website.
  • Website URL: The URL of your existing website, used to perform our free audit.
  • Payment information: Credit card and billing details are collected and processed securely by Stripe. We do not store your full card number on our servers.
  • Usage data: Pages visited, features used, and interactions with the platform, collected through analytics.
  • Device and browser information: IP address, browser type, operating system, and referring URLs, collected automatically when you visit our site.

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and improve the SMB-DM service
  • Generate AI-powered website redesigns based on your business information
  • Perform website audits and deliver audit results
  • Process payments and manage your subscription
  • Send transactional emails (account confirmations, password resets, weekly reports)
  • Create and publish automated blog content for your website
  • Analyze usage patterns to improve our platform and user experience
  • Respond to support requests and change requests
  • Detect and prevent fraud, abuse, or security incidents

4. Third-Party Services

We use the following third-party services to operate our platform. Each has its own privacy policy governing data handling:

Stripe

Payment processing. Handles credit card data securely under PCI DSS compliance.

Resend

Transactional email delivery. Sends account emails, magic login links, and performance reports.

PostHog

Product analytics. Tracks anonymous usage patterns to help us improve the platform.

Vercel

Website hosting and deployment. Hosts both the SMB-DM platform and your generated website.

Anthropic

AI services. Powers website generation and content creation. Your business information is sent to Anthropic's API to generate your site and blog content.

5. Cookies

We use a limited number of cookies to operate the service:

  • Session cookie (NextAuth): Required for authentication. Keeps you signed in to your account. This is a strictly necessary cookie.
  • Analytics cookies (PostHog): Used to understand how visitors interact with our platform. These cookies collect anonymous usage data.

We do not use advertising cookies or sell data to ad networks. You can disable cookies through your browser settings, but this may affect the functionality of the service.

6. Data Retention

We retain your data according to the following schedule:

  • Active accounts: Your data is retained for as long as your subscription is active.
  • Canceled accounts: After cancellation, your website files, analytics data, and account information are retained for 90 days to allow for reactivation. After 90 days, all data is permanently deleted.
  • Demo sessions: Data from free audit and demo sessions (website URL, audit results, generated previews) is retained for 24 hours and then automatically purged.
  • Payment records: Transaction history may be retained longer as required by law or for accounting purposes.

7. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data and account. We will comply within 30 days, subject to legal retention requirements.
  • Data portability: Request your data in a structured, machine-readable format.

To exercise any of these rights, contact us at support@smbpro.io.

8. Security

We take reasonable measures to protect your personal data:

  • All data is encrypted in transit using TLS/SSL
  • Our database is hosted on Supabase with encrypted storage and access controls
  • Payment data is handled by Stripe, a PCI DSS Level 1 certified processor
  • Access to production systems is restricted to authorized personnel only
  • We use rate limiting and monitoring to detect and prevent unauthorized access

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

SMB-DM is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children under 13. If we learn that we have collected data from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us at support@smbpro.io.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. For material changes that affect how we handle your personal data, we will notify active subscribers by email. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

11. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at support@smbpro.io.

See also our Terms of Service