Privacy Policy

Last updated: April 2026

This Privacy Policy explains how The Biggest Nerd ("we," "us," or "our") collects, uses, and shares information about you when you use our website at thebiggestnerd.com and the SEO System Builder platform (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

We collect the following categories of information:

Account Information

Email address — collected at sign-up and used to identify your account and send transactional communications.
Password — stored as a one-way cryptographic hash (bcrypt). We never store or have access to your plaintext password.

Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVV, or full payment card details on our servers. Stripe provides us with a token and limited metadata (e.g., card brand, last four digits, billing country) for record-keeping purposes.
Your Stripe customer ID and subscription status are stored in our database to manage your plan and page credit balance.

Project and Usage Data

Niche descriptions and project names you enter when creating SEO projects.
Generated content — keyword clusters and HTML pages produced by the AI on your behalf, stored temporarily so you can download them.
Usage activity — page generation jobs initiated, credit consumption, timestamps, and project status.
Log data — IP address, browser type, referring URL, and pages visited, collected automatically by our web server for security and debugging purposes.

2. How We Use Your Information

We use the information we collect to:

Provide and operate the Service — authenticate your account, process AI generation jobs, manage subscriptions, and deliver downloadable content.
Process payments — communicate with Stripe to charge subscriptions, handle upgrades and cancellations, and manage page credit packs.
Send transactional emails — account confirmation, password resets, payment receipts, and service-critical notifications. We do not send marketing emails without your explicit opt-in.
Improve the Service — analyze aggregate usage patterns to fix bugs, prioritize features, and optimize performance. We do not sell individual-level usage data.
Ensure security and prevent abuse — monitor for fraudulent activity, enforce our Terms of Service, and comply with legal obligations.

3. Third-Party Services

We share data with the following third-party services only as necessary to operate the platform:

Service	Purpose	Data shared
Stripe	Payment processing and subscription management	Email, billing details, subscription events
Resend	Transactional email delivery	Email address, email content
Google Analytics	Anonymous website usage analytics	Anonymized page views, session data (no PII)

We do not sell, rent, or trade your personal information to any third party for marketing purposes. We may disclose your information if required by law, court order, or to protect the rights and safety of our users and the public.

4. Cookies and Tracking

We use the following cookies:

Session cookie (sid) — an HTTP-only, secure cookie used to maintain your authenticated session after login. This cookie expires after 30 days of inactivity or when you log out.
Google Analytics cookies — used to collect anonymous information about how visitors use our site, including pages visited, session duration, and geographic region. No personally identifiable information is included. You can opt out using the Google Analytics Opt-Out Browser Add-on.

We do not use advertising cookies, cross-site tracking cookies, or third-party behavioral profiling cookies.

5. Data Retention

We retain your account data for as long as your account remains active. If you delete your account, all associated personal data — including your email address, project data, and generated content — will be permanently deleted from our systems within 30 days of the deletion request.

Aggregated, anonymized usage statistics that cannot be used to identify you may be retained indefinitely for platform analytics. Server log files are retained for up to 90 days for security monitoring purposes.

6. Your Rights

You have the following rights with respect to your personal data:

Access — request a copy of the personal data we hold about you.
Correction — request that we correct inaccurate or incomplete data.
Deletion — request deletion of your account and associated personal data.
Data portability — request an export of your project data in a common format.
Objection — object to certain processing activities where applicable under your local law.

To exercise any of these rights, contact us at kalanbrock@gmail.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

7. Data Security

We implement industry-standard security measures to protect your data, including HTTPS/TLS encryption for all data in transit, bcrypt hashing for passwords, and HTTP-only cookies to prevent client-side session theft. We do not store payment card data. While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

The Service is not intended for or directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at kalanbrock@gmail.com and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 30 days before the changes take effect. The updated policy will be posted at this URL with a revised "Last updated" date. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

10. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at kalanbrock@gmail.com. We aim to respond within 3 business days.