What is LLM SEO and how does outwrite.ai optimize for it?

LLM SEO is the practice of optimizing content specifically for Large Language Models like ChatGPT, Perplexity, and Google AI. outwrite.ai creates content with Q&A sections, answer-first formatting, fragment-ready passages, and proper heading structures that AI systems prefer to cite and reference.

How does AI-optimized content get more citations than traditional SEO?

AI systems favor content with clear structure, direct answers, bullet points, and standalone answer passages called 'fraggles.' Our platform generates content using these exact patterns, resulting in 10x more citations from AI systems compared to traditional SEO content.

What types of content can I generate with outwrite.ai?

You can generate 5 specialized content types: Standard Articles, List Posts, How-To Guides, 'What Is' Explanatory content, and Blog Posts. Each type is optimized for specific AI search patterns and citation structures.

Data Processing Agreement

This Data Processing Agreement ("DPA") governs how outwrite.ai processes personal data as part of our AI-powered content optimization services. This agreement supplements our Terms of Service and ensures GDPR compliance for all data processing activities.

1. Scope and Definitions

Scope of Application

This DPA applies to all personal data processing performed by outwrite.ai when providing AI content generation, WordPress integration, subscription management, and related services where outwrite.ai acts as a data processor on behalf of users (data controllers).

Key Definitions

• Personal Data: Any information relating to an identified or identifiable natural person, including names, emails, IP addresses, and usage analytics
• Data Controller: The customer/user who determines the purposes and means of personal data processing
• Data Processor: outwrite.ai, which processes personal data on behalf of the data controller
• Data Subject: The individual whose personal data is being processed
• Sub-processor: Third-party service providers engaged by outwrite.ai to assist in data processing

2. Data Processing Details

Categories of Personal Data Processed

• Account Information: Email addresses, full names, Google OAuth tokens, subscription status
• Content Data: Project titles, generated content, meta descriptions, optimization data
• WordPress Integration: Site URLs, usernames, encrypted credentials (using pgsodium)
• Usage Analytics: Content generation events, subscription usage, feature access logs
• Payment Information: Stripe customer IDs, subscription metadata (card data processed by Stripe)
• Technical Data: IP addresses, session tokens, API usage logs, rate limiting data

Processing Purposes and Legal Basis

• Service Delivery (Contract Performance): AI content generation, WordPress publishing, photo integration
• Account Management (Contract Performance): User authentication, subscription management, usage tracking
• Security & Fraud Prevention (Legitimate Interest): Rate limiting, abuse detection, security monitoring
• Customer Support (Contract Performance): Technical assistance, billing support, issue resolution
• Service Improvement (Legitimate Interest): Anonymous usage analytics, performance optimization

Data Subjects

Registered users of the outwrite.ai platform, including content creators, marketers, and business users who utilize our AI content optimization services.

3. Sub-processors and Data Transfers

Authorized Sub-processors

Supabase (AWS-based)

Database hosting, authentication, file storage, real-time features

Location: AWS regions (US-East, EU-West)

OpenAI & Google AI

AI content generation, natural language processing

Location: United States

Stripe

Payment processing, subscription billing, customer management

Location: Global with EU adequacy

Pexels

Stock photo search and integration

Location: Germany (EU)

International Data Transfers

Data may be transferred outside the European Economic Area (EEA) to the following regions:

• United States: Protected by adequacy decisions and Standard Contractual Clauses (SCCs)
• OpenAI/Google AI processing: US-based with contractual safeguards
• AWS Infrastructure: EU and US regions with appropriate technical measures

4. Technical and Organizational Security Measures

Data Security Infrastructure

• Encryption in Transit: TLS 1.3 for all data transmission and API communications
• Encryption at Rest: AES-256 database encryption via Supabase/AWS infrastructure
• Credential Protection: WordPress passwords encrypted using pgsodium with project-specific keys
• Access Controls: Row Level Security (RLS) policies ensuring user data isolation
• Authentication: Google OAuth 2.0 with JWT tokens for session management

Operational Security

• Rate Limiting: 5 attempts per 15-minute window for critical operations
• Audit Logging: Comprehensive usage event tracking with retention policies
• Automated Backups: Daily database backups with point-in-time recovery
• Monitoring: Real-time security monitoring and anomaly detection
• Incident Response: 48-hour breach notification procedures

5. Data Retention and Deletion

Retention Periods

• Active Account Data: Retained throughout subscription period and for 30 days post-termination
• Generated Content: 30 days after account deletion for recovery purposes
• Usage Logs: 12 months for billing verification and fraud prevention
• WordPress Credentials: Deleted immediately upon user disconnection or account termination
• Payment Data: Retained per Stripe's data retention requirements and applicable law
• Security Logs: 90 days for incident investigation and compliance

Deletion Procedures

Upon account deletion request, all personal data is permanently removed within 30 days, except where retention is required by law. Users receive confirmation of deletion completion via email.

6. Data Subject Rights and Controller Assistance

Rights Implementation

• Access (Art. 15 GDPR): Users can export all their data via dashboard or API
• Rectification (Art. 16 GDPR): Profile and content data can be updated through user interface
• Erasure (Art. 17 GDPR): Account deletion feature with 30-day confirmation period
• Portability (Art. 20 GDPR): JSON export of all user content and metadata
• Objection (Art. 21 GDPR): Opt-out mechanisms for legitimate interest processing
• Restriction (Art. 18 GDPR): Temporary processing limitations upon request

Response Timeline

Data subject requests are processed within 30 days of receipt. For complex requests, we may extend this period by 60 days with appropriate notification to the data subject.

7. Processor Obligations and Compliance

Processing Restrictions

• Process personal data only on documented instructions from the data controller
• Ensure confidentiality of all personnel with access to personal data
• Implement appropriate technical and organizational security measures
• Obtain prior consent before engaging additional sub-processors
• Assist with data protection impact assessments when required

Breach Notification

Personal data breaches are reported to data controllers within 48 hours of discovery, including available details about the nature, scope, and remediation measures taken.

8. Audit Rights and Compliance Verification

Data controllers have the right to conduct audits of our data processing activities. We provide:

• Annual compliance certifications and security audit reports
• Documentation of technical and organizational measures
• Access to relevant personnel for audit interviews
• Cooperation with third-party audit firms appointed by data controllers
• Regular attestations from our sub-processors regarding their compliance

Note: Audit costs are typically borne by the requesting party, except where required by law or contract. Reasonable advance notice (30 days) is required for on-site audits.

9. Agreement Term and Termination

This DPA remains in effect for the duration of the service agreement and terminates automatically upon:

• Completion of all data deletion procedures (within 30 days of account termination)
• Expiration or termination of the underlying service agreement
• Mutual agreement by both parties in writing

Upon termination, we will delete or return all personal data as instructed by the data controller, except where retention is required by applicable law.

10. Contact Information and Inquiries

For all data processing inquiries, DPA execution, or compliance matters:

Email: support@outwrite.ai

Subject Line: "DPA Inquiry" or "Data Processing Question"

Mailing Address: 40 Hummock Rd, Quincy, MA 02171

Response Time: 5 business days for standard inquiries, 48 hours for urgent data protection matters

Data Protection Officer: For organizations requiring formal DPA execution or having specific GDPR compliance questions, please include your organization details and specific requirements in your initial contact.

Data Processing Agreement (DPA)