Privacy Policy

1. Who We Are

GetSEOAnalyzer ("we," "us," or "our") is an AI-powered SEO audit platform operated at getseoanalyzer.com. We provide website analysis, SEO scoring, and AI-generated recommendations to businesses, agencies, and individual users worldwide.

For the purposes of applicable data protection laws, GetSEOAnalyzer is the data controller responsible for your personal information collected through our website and services.

If you have any questions about this Privacy Policy or our data practices, please contact us at [email protected].

2. Data We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

• Account registration: Name, email address, and password when you create an account.
• Payment information: Billing details processed securely through Stripe. We do not store full card numbers — only a token reference.
• URLs submitted for analysis: Website addresses you submit for SEO auditing.
• Communications: Any messages, support requests, or feedback you send us.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, scan frequency, and interaction patterns.
• Technical data: IP address, browser type and version, operating system, device type, and time zone.
• Session data: Login timestamps, session duration, and authentication tokens.
• Performance data: Load times, errors encountered, and feature performance metrics.

2.3 Data From Third Parties

• Google Analytics: Aggregated, anonymized website traffic and user behavior data.
• Stripe: Payment status, subscription tier, and billing history.
• Brevo (Sendinblue): Email delivery status and engagement metrics for transactional emails.

3. How We Use Your Data

We use the information we collect for the following purposes:

• Service delivery: To provide, operate, and maintain the GetSEOAnalyzer platform and all its features.
• Account management: To create and manage your account, authenticate logins, and maintain session security.
• Payments & billing: To process subscription payments, issue invoices, and manage plan upgrades or downgrades.
• Service communications: To send you transactional emails such as account confirmations, password resets, and audit delivery notifications.
• Product improvement: To analyze usage patterns and improve the performance, features, and usability of our platform.
• Security & fraud prevention: To detect, investigate, and prevent unauthorized access, abuse, or illegal activity.
• Legal compliance: To comply with applicable laws, regulations, and respond to lawful requests from authorities.
• Marketing (with consent): To send product updates, feature announcements, and promotional offers if you have opted in.

We will never use your data for purposes incompatible with those listed above without first obtaining your explicit consent.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data on the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to deliver the services you have subscribed to, including account management and SEO analysis.
• Legitimate interests (Art. 6(1)(f) GDPR): Security monitoring, fraud prevention, product analytics, and improving user experience — balanced against your privacy rights.
• Legal obligation (Art. 6(1)(c) GDPR): Financial record retention, tax compliance, and responding to lawful requests.
• Consent (Art. 6(1)(a) GDPR): Marketing emails, non-essential cookies, and analytics — you may withdraw consent at any time.

5. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We share data only in the limited circumstances below:

5.1 Service Providers (Data Processors)

• Supabase: Database and authentication infrastructure. Data is stored in secure, encrypted databases. Privacy Policy
• Netlify: Website hosting and deployment. Privacy Policy
• Stripe: Payment processing. Stripe is PCI-DSS Level 1 certified. Privacy Policy
• Brevo (Sendinblue): Transactional email delivery. Privacy Policy
• Google Analytics: Anonymized usage analytics. Privacy Policy
• Make.com (Integromat): Workflow automation for report generation and delivery. Privacy Policy

5.2 Legal Disclosures

We may disclose your data when required by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or ensure the safety of our users.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of substantially all of our assets, your data may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before such a transfer occurs.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law:

• Active accounts: Data is retained for the duration of your account.
• Deleted accounts: We delete or anonymize personal data within 30 days of account deletion, except where retention is required by law.
• Financial records: Billing and payment records are retained for 7 years to comply with tax and accounting regulations.
• Logs & analytics: Technical logs are retained for 90 days; anonymized analytics data may be retained for up to 24 months.
• Backups: Data may persist in encrypted backups for up to 60 additional days after the deletion period.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: Request a copy of all personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention obligations.
• Right to restriction: Request that we restrict processing of your data in certain circumstances.
• Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Withdraw any consent you have given at any time without affecting prior processing.
• Right to lodge a complaint: You have the right to complain to your local data protection authority (e.g., the ICO in the UK, CNIL in France, or the CPDP in Bulgaria).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• All data in transit is encrypted using TLS 1.3.
• Passwords are hashed using bcrypt — we never store passwords in plaintext.
• Database access is restricted to authenticated services only, with row-level security (RLS) enforced via Supabase.
• Payment data is processed exclusively through Stripe's PCI-DSS Level 1 certified infrastructure.
• We conduct regular security reviews and dependency audits.
• Access to production systems is limited to authorized personnel only, with multi-factor authentication enforced.

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant authorities within 72 hours as required by applicable law.

9. Cookies & Tracking

We use cookies and similar tracking technologies to operate our service and improve your experience. For full details, please see our Cookie Policy.

In summary, we use:

• Essential cookies: Required for authentication, session management, and security. Cannot be disabled.
• Analytics cookies: Google Analytics for anonymized usage tracking. Can be disabled in cookie settings.
• Preference cookies: To remember your settings and preferences. Can be disabled.

You can manage your cookie preferences at any time via our Cookie Settings.

10. Children's Privacy

GetSEOAnalyzer is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child under 16 has provided us with personal information, please contact us immediately at [email protected] and we will take steps to delete that information.

11. International Data Transfers

GetSEOAnalyzer operates globally. Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer data from the EEA or UK to third countries, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Transfers only to countries with an adequacy decision from the European Commission.
• Reliance on certified frameworks such as the EU-US Data Privacy Framework where applicable.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Send a notification email to registered users at least 14 days before changes take effect.
• Display a prominent banner on our website.

Your continued use of GetSEOAnalyzer after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree, you may close your account at any time.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Support: [email protected]
• Website: getseoanalyzer.com

We aim to respond to all privacy-related inquiries within 5 business days, and to any formal data subject requests within 30 days as required by applicable law.