Privacy Policy

Effective date: 2025-08-12

This Privacy Policy explains how Sica AI (“we,” “us,” “our”) collects, uses, and protects information when you use the Sica Content AI for WordPress plugin and the services at api.sica.ai (together, the “Service”). If you do not agree with this Policy, do not use the Service.

1) Summary

• We collect only what we need to operate the Service (site URL, admin email for verification, and operational metadata).

• We do not sell or “share” personal data for cross-context behavioral advertising.

• We do not store full prompts or full AI outputs in production logs by default.

• You can uninstall the plugin at any time and contact us to request data deletion.

2) Information we collect

We aim for data minimization. Depending on how you use the Service, we may collect:

Account & site details

• Site URL/domain (to bind your per-site API token)

• Administrator email (for 2FA verification and service communications)

• Optional marketing preferences (only if you explicitly opt in)

Operational data (to provide the Service)

• API token (per-site)

• Plan/limits and usage counters (e.g., generations this billing period)

• Generation metadata (e.g., content type, model used, tokens consumed, post title)

• Scheduling settings (e.g., cadence, start date/time)

Logs & device data (security/reliability)

• IP address and user agent during verification and security events

• Timestamps, error codes, request and rate-limit counters

• Debug logs only if you enable debug mode

Payments (if you buy)

• Payments are processed by Stripe. We receive limited billing metadata (e.g., customer ID, status), not full card details.

We do not place cookies in the plugin. Our website sica.ai may use cookies/analytics; see the site’s cookie/analytics notice if applicable.

3) How we use information

We use information to:

• Operate and improve the Service

• Authenticate plugin requests (per-site token) and enforce limits/quotas

• Provide support and operational messages (verification codes, receipts, critical notices)

• Measure performance, prevent fraud/abuse, and secure the Service

• Comply with legal obligations

We do not use your inputs/outputs to train our own AI models.

4) AI, payments, and other providers

We use third-party processors to run parts of the Service. These providers process data solely to deliver their portion of the Service and under their own terms/privacy policies. Typical categories include:

• AI generation: e.g., OpenAI (processing prompts/parameters to generate outputs)

• Payments: Stripe (billing, invoices, Customer Portal)

• Email delivery: e.g., Postmark/Mailgun (verification codes, receipts)

• Hosting & security: web hosting, CDN, DDoS protection

We do not control third-party providers and are not responsible for their practices, but we select reputable vendors and limit data shared to what’s necessary.

5) Legal bases for processing (EEA/UK users)

Where applicable, we rely on:

• Contract: to provide the Service you request

• Legitimate interests: to secure/improve the Service and prevent abuse

• Consent: for optional marketing communications

• Legal obligation: to comply with law

6) Data retention

We keep data only as long as needed to operate the Service, resolve disputes, enforce agreements, and meet legal requirements. Examples:

• Verification/security logs: short retention to prevent abuse

• Usage/plan records: for current and recent billing cycles

• Debug logs: short-lived and only if you enable debug mode

  When no longer needed, we delete or anonymize data within a reasonable time.

7) Security

We use reasonable safeguards (TLS, per-site tokens, rate limits, access controls). No method is 100% secure. You must keep WordPress and plugins updated and keep your token confidential.

8) International transfers

We may process data in Canada, the United States, or other countries where we or our providers operate. Where required, we use appropriate transfer mechanisms (e.g., standard contractual clauses).

9) Your choices & rights

Your options include:

• Uninstall the plugin (stops new data flow from your site)

• Disable debug logging (reduces log data)

• Request access, correction, deletion, or portability of your personal data

• Withdraw marketing consent at any time (unsubscribe link in every marketing email)

• Object to or restrict certain processing where allowed by law

CASL (Canada): We send operational emails without marketing content. Marketing emails are sent only with express consent and always include unsubscribe.

GDPR (EEA/UK): You may have rights to access/erase/rectify/port data and to object/restrict processing.

CPRA (California): You may have rights to know, access, delete, correct, and to opt-out of “sale”/“sharing.” We do not sell or share personal information as defined by CPRA, and we do not use sensitive personal information for additional purposes.

To exercise rights, contact us (see Section 12). We may need to verify your request.

10) Children’s privacy

The Service is not directed to children under 16 (or the age set by local law). We do not knowingly collect data from children. If you believe a child has provided data, contact us to delete it.

11) Disclosures

We may disclose information:

• To vendors/service providers as described above

• To comply with law, legal process, or lawful requests

• To protect the rights, property, or safety of users or the public

• In a merger, acquisition, financing, or asset sale (your data may transfer as part of the transaction and remain protected under this Policy or a successor policy with materially similar protections)

12) Changes to this Policy

We may update this Policy. If changes are material, we will take reasonable steps to notify you (e.g., posting the new date and an in-app/website notice). Continued use after changes take effect constitutes acceptance.

13) Contact us

Privacy questions or requests:

• Email: team@sicamarketing.com

• Website: https://sica.ai

Controller location: Saskatoon, Saskatchewan, Canada.

By using the Service, you acknowledge this Policy and consent to the practices described where consent is the lawful basis.