1Data Controller
AI Schema Gen ("we", "us", "our") is the data controller for personal data collected through the AI Schema Gen website (aischemagen.com) and the AI Schema Gen WordPress plugin. This notice explains what data we collect, why we collect it, how long we keep it, and what rights you have under UK GDPR and EU GDPR.
2Data We Collect
Account Data
Provided directly by you when registering
- ·Email address
- ·Name (if provided at registration)
- ·Password (hashed — never stored in plain text)
- ·Account creation date and plan tier
Payment Data
Provided when subscribing to a paid plan via Stripe
- ·Billing name and email
- ·Payment method details (card number, expiry, CVV) — processed and stored by Stripe, never by us
- ·Transaction history and subscription status
Usage Data
Automatically collected when you use the service
- ·Number of schema generations performed
- ·Schema types generated
- ·WordPress plugin API key activity
- ·Feature usage (bulk generation, schema audit, analytics)
- ·Google Search Console integration data (if connected)
Technical Data
Automatically collected via server logs and analytics
- ·IP address
- ·Browser type and version
- ·Operating system
- ·Referring URL
- ·Pages visited and time spent on site
Communications Data
Provided when you contact us
- ·Support emails and tickets submitted to us
- ·Responses to any surveys or feedback requests
Cookie Data
Set by our website — see Section 9 for full cookie details
- ·Session cookies (authentication)
- ·Preference cookies (cookie consent status)
- ·Analytics cookies (if accepted)
3Legal Basis for Processing
Under UK GDPR and EU GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:
Contract (Article 6(1)(b))
Processing necessary to provide the AI Schema Gen service you have signed up for — account management, schema generation, API access, and billing.
Legitimate Interests (Article 6(1)(f))
Fraud prevention, security monitoring, product analytics to improve the service, and sending transactional service emails. Our interests do not override your fundamental rights.
Consent (Article 6(1)(a))
Non-essential cookies (analytics, marketing). Marketing emails (if you opt in separately). You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal Obligation (Article 6(1)(c))
Retaining transaction records for tax and financial reporting purposes as required by UK law.
4How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the AI schema generation service | Account data, usage data, API key activity | Contract |
| Processing payments and managing subscriptions | Payment data (via Stripe) | Contract |
| Sending transactional emails (receipts, plan changes) | Email address | Contract / Legitimate interest |
| Providing customer support | Account data, communications data | Contract / Legitimate interest |
| Detecting fraud and preventing abuse | Technical data, usage data | Legitimate interest |
| Improving the product and understanding feature usage | Usage data (anonymised where possible) | Legitimate interest |
| Complying with tax and financial record obligations | Payment data, account data | Legal obligation |
| Analytics cookies (with your consent) | Cookie data, technical data | Consent |
5Data Retention
We retain personal data only for as long as necessary for the purpose it was collected, or as required by law.
Account data
Duration of your account + 30 days after deletion request
To fulfil the contract and allow account reactivation within the grace period
Payment and billing records
7 years from the transaction date
UK tax law (HMRC) requires retention of financial records for 6 years; we retain for 7 for safety
Schema generation history
Duration of your account
Required to provide the service and display your generation history in the dashboard
Support communications
3 years from last contact
To maintain context for ongoing support relationships and resolve disputes
Server and access logs
90 days
Security monitoring and abuse detection
Analytics data (if consented)
26 months (standard analytics retention)
Industry standard for trend analysis
Cookie consent records
12 months
To respect your preference without showing the banner repeatedly
When retention periods expire, data is securely deleted or anonymised so it can no longer be associated with you.
6Third-Party Processors
We share your data with the following third-party processors only where necessary to deliver the service. All processors are bound by Data Processing Agreements and must comply with GDPR-equivalent standards.
Stripe
Privacy policy →Anthropic / OpenAI (AI provider)
Privacy policy →Vercel
Privacy policy →Email service provider
We do not sell your personal data to any third party. We do not share your data with advertisers.
7International Data Transfers
Some of our third-party processors are based in the United States. Where personal data is transferred outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place:
- ✓Standard Contractual Clauses (SCCs) approved by the European Commission and the ICO
- ✓EU–US Data Privacy Framework (where the recipient is certified)
- ✓UK International Data Transfer Agreements (IDTAs) where applicable
You may request a copy of the relevant transfer safeguards by contacting us at support@aischemagen.com.
8Your Rights Under UK / EU GDPR
You have the following rights in relation to your personal data. These rights are not absolute — in some cases we may be unable to comply due to legal obligations — but we will always respond to your request within 30 days.
Right of Access
Art. 15Request a copy of all personal data we hold about you, along with information on how we use it.
Right to Rectification
Art. 16Ask us to correct inaccurate or incomplete personal data we hold about you.
Right to Erasure
Art. 17Ask us to delete your personal data where there is no compelling reason to continue processing it. Also known as the 'right to be forgotten'.
Right to Restriction
Art. 18Ask us to restrict processing of your data — for example, while you contest its accuracy or object to our use of it.
Right to Data Portability
Art. 20Receive your personal data in a structured, machine-readable format (JSON/CSV) and transfer it to another controller.
Right to Object
Art. 21Object to processing based on legitimate interests or for direct marketing. We will stop unless we have compelling legitimate grounds that override your interests.
Right to Withdraw Consent
Art. 7(3)Where processing is based on consent (e.g. analytics cookies, marketing emails), you may withdraw consent at any time without affecting prior lawful processing.
Rights Related to Automated Decisions
Art. 22Not to be subject to decisions based solely on automated processing that significantly affect you. We do not make such decisions about individuals.
10How to Exercise Your Rights
To exercise any of your rights, email us at support@aischemagen.com with the subject line "GDPR Data Request". Please include:
- ·The email address associated with your AI Schema Gen account
- ·The specific right you are exercising (e.g. access, erasure, portability)
- ·Any relevant details that will help us locate your data
We will not charge a fee for handling a data request unless it is manifestly unfounded or excessive. We may need to verify your identity before processing the request to ensure we do not disclose data to an unauthorised person.
11Complaints
If you are unhappy with how we have handled your personal data, please contact us first at support@aischemagen.com. We will investigate and respond within 30 days.
If you remain dissatisfied, you have the right to lodge a complaint with the relevant supervisory authority:
UK — Information Commissioner's Office (ICO)
For UK residents or where the processing relates to UK GDPR
ico.org.uk/make-a-complaint →EU — Your Local Supervisory Authority
EU residents may complain to the data protection authority in their member state
Find your authority (EDPB) →12Changes to This Notice
We may update this GDPR notice from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will:
- ·Update the 'Last updated' date at the top of this page
- ·Send an email notification to registered users for significant changes
- ·Display a notice on the website where appropriate
We encourage you to review this page periodically. Continued use of AI Schema Gen after changes take effect constitutes acceptance of the updated notice.
Questions about your data?
We are happy to answer any questions about how we handle your personal information.
Contact us at support@aischemagen.com