Privacy Policy

Last updated: March 2026

Table of Contents

Who We Are
Data We Collect
How We Use Your Data
Payment Processing
Data Storage & Retention
Cookies
Third-Party Services
Your Rights (GDPR)
Data Requests & Contact
Changes to This Policy

1. Who We Are

This Privacy Policy describes how [COMPANY_NAME] ("we", "us", or "our") collects, uses, and protects your personal data when you use the SEO Audit Tool website and services.

Registered address: [COMPANY_ADDRESS]
Email: [COMPANY_EMAIL]
Company registration: [COMPANY_REGISTRATION]

We act as the data controller for personal data processed through this service in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Data you provide directly

Email address — used to deliver your audit report and communicate with you about your order.
Website URL — the website you submit for SEO analysis.
Google Business Profile (GBP) URL — optionally provided for local SEO analysis.

2.2 Data generated by our service

Audit results — the SEO analysis data, scores, and recommendations generated for your website.
Order metadata — timestamps, audit ID, selected plan, and delivery status.

2.3 Data collected automatically

IP address — for fraud prevention and rate limiting.
Browser and device information — via cookies and standard HTTP headers for analytics purposes (with your consent).

3. How We Use Your Data

We process your personal data for the following purposes:

Purpose	Legal Basis (GDPR)
Generate and deliver SEO audit reports	Performance of contract (Art. 6(1)(b))
Process payments via Stripe	Performance of contract (Art. 6(1)(b))
Send transactional emails (report delivery, receipts)	Performance of contract (Art. 6(1)(b))
Respond to support requests	Legitimate interest (Art. 6(1)(f))
Fraud prevention and abuse detection	Legitimate interest (Art. 6(1)(f))
Analytics and service improvement	Consent (Art. 6(1)(a))
Marketing communications	Consent (Art. 6(1)(a))

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

4. Payment Processing

All payments are processed securely by Stripe, Inc. We do not store, collect, or have access to your full credit card number, CVV, or other payment card details. This data is handled entirely by Stripe in accordance with PCI DSS Level 1 standards.

We receive only the following from Stripe: a transaction identifier, payment status, the last four digits of your card, and the card brand (e.g., Visa, Mastercard). For more information, see Stripe's Privacy Policy.

5. Data Storage & Retention

Your data is stored on secure servers. We retain different categories of data for different periods:

Data Category	Retention Period
Audit reports and results	90 days from generation, then automatically deleted
Email address and order metadata	12 months from last interaction, or until deletion is requested
Payment transaction records	As required by applicable tax and accounting laws (typically 5–7 years)
Support tickets	12 months from resolution
Analytics data	26 months (anonymized/aggregated)

After the retention period expires, data is permanently deleted or irreversibly anonymized.

6. Cookies

Our website uses cookies and similar technologies. We categorize them as follows:

6.1 Necessary cookies

These cookies are essential for the website to function and cannot be disabled. They include session cookies for maintaining your browsing session and security-related cookies.

6.2 Analytics cookies (optional, with consent)

We use analytics cookies to understand how visitors interact with our website, which pages are most popular, and how we can improve the user experience. These cookies are only set after you provide your consent.

6.3 Marketing cookies (optional, with consent)

Marketing cookies may be used to deliver relevant content and measure the effectiveness of our campaigns. These cookies are only set after you provide your consent.

You can manage your cookie preferences at any time through the cookie consent banner or by adjusting your browser settings. Withdrawing consent does not affect the lawfulness of processing based on consent given before withdrawal.

7. Third-Party Services

We share data with the following third-party service providers, each acting as a data processor under appropriate data processing agreements:

Service	Purpose	Data Shared
Stripe	Payment processing	Payment details (handled directly by Stripe), email address, transaction amount
Resend	Transactional email delivery	Email address, audit report content
DataForSEO	SEO data and analysis	Website URL, GBP URL
Google PageSpeed API	Website performance analysis	Website URL

Each third-party provider processes data in accordance with their own privacy policies. We encourage you to review their policies for details on how they handle data.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR:

Right of access — You can request a copy of the personal data we hold about you.
Right to rectification — You can ask us to correct inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten") — You can request that we delete your personal data, subject to legal retention obligations.
Right to data portability — You can request your personal data in a structured, commonly used, machine-readable format.
Right to object — You can object to the processing of your personal data based on legitimate interests.
Right to restrict processing — You can request that we limit the processing of your personal data in certain circumstances.
Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [DATA_PROTECTION_EMAIL]. We will respond to your request within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been infringed.

9. Data Requests & Contact

For any questions about this Privacy Policy, data protection inquiries, or to exercise your rights, please contact us:

Data protection contact: [DATA_PROTECTION_EMAIL]
General inquiries: [COMPANY_EMAIL]
Postal address: [COMPANY_ADDRESS]

We aim to respond to all data protection requests within 30 days. If your request is particularly complex, we may extend this period by a further 60 days, in which case we will notify you.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this page.
Notify registered users via email where the changes are significant.
Post a prominent notice on our website if required.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.