Privacy Policy

This Privacy Policy explains how SEOInputs ("SEOInputs", "we", "us", or "our") collects, uses, discloses, retains, and protects personal information when you visit the marketing site at seoinputs.com, create an account, or use the customer application at app.seoinputs.com (together, the "Service"). It also describes the rights you have over your information and how to exercise them.

Please read this Policy together with our Terms of Service and our Cookie Policy.

1. Who we are and our role

SEOInputs provides a search-visibility analytics platform. For the personal information of visitors and account holders, we act as a data controller. For the Google Search Console data and other content you connect to your workspace, we act as a data processor that handles that data on your instructions to deliver the Service.

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing. If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) applies.

2. Information we collect

• Account & profile data — your first and last name, work email, password (stored only as a salted hash), and the company profile you provide at sign-up or later (company name, industry, company description, company size, and company website).
• Google Search Console (GSC) data — after you explicitly authorize the connection, we access your Search Console properties on a read-only basis to retrieve query, page, click, impression, position, and country/ device aggregates. We never request write scopes and cannot modify your Search Console account or your website.
• Connected-account identifiers — when you sign in with Google, we receive your basic Google profile (name, email, and account identifier) to create and authenticate your account.
• Usage & device data — pages viewed, features used, approximate location derived from IP, browser and device type, and diagnostic logs. We use this to operate, secure, and improve the Service.
• Billing data — subscription status and payment records returned by our payment gateway. We do not store full card numbers.
• Support & communications — messages you send us and records of support interactions.

3. How and why we use information

We process personal information for the following purposes and legal bases:

• To provide the Service — connect your GSC properties, run audits, compute metrics, surface insights, and render your dashboards. Legal basis: performance of a contract.
• To secure the Service — authentication, fraud and abuse prevention, rate limiting, and audit logging. Legal basis: legitimate interests and legal obligation.
• To communicate — send transactional email (verification, password reset, security alerts, billing) and, with your consent where required, product updates. Legal basis: contract and consent.
• To improve the Service — aggregate, de-identified analytics on how features are used. Legal basis: legitimate interests.
• To comply with law — tax, accounting, and responding to lawful requests. Legal basis: legal obligation.

4. How we process your connected data

Your Search Console data is connected so we can analyze it and present insights back to you inside your workspace. We want to be explicit about the limits we place on this data:

• Access is strictly read-only. We retrieve metrics; we never write to, alter, or delete anything in your Google account or on your website.
• We do not sell your connected data and we do not use it to train, fine-tune, or otherwise develop machine-learning or generative models. Your data is used only to produce the analysis and outputs delivered to your own workspace.
• Where the Service relies on third-party processing providers to generate an analysis (see Section 6), data is sent under contractual terms that prohibit those providers from retaining it beyond what is needed to return a result and prohibit its use for their own model training.
• Your connected data is isolated per workspace (tenant) and encrypted in transit and at rest.

5. Google API limited-use disclosure

SEOInputs' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We request the minimum scopes necessary, use the data only to provide and improve the user-facing features described here, do not transfer it except as needed to provide those features or as required by law, and do not use it for advertising or for training generalized AI/ML models.

6. Service providers and subprocessors

We rely on a limited set of vendors that process data on our behalf under written agreements with confidentiality, security, and limited-use obligations:

• Google — Search Console connector and Google Sign-In identity.
• Payment gateway — subscription billing and payment processing.
• Transactional email provider — verification, reset, and alert email.
• Cloud infrastructure, CDN, and encrypted object storage providers.
• Third-party processing providers that return automated analysis on your connected data under no-retention, no-training terms.

We maintain a current list of subprocessors and will provide it, and a Data Processing Agreement, on request at [email protected].

7. International transfers

We may process and store information in countries other than your own, including the United States. Where we transfer personal data out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.

8. Data retention

We retain account and connected data while your subscription is active. After you close your account, we delete or de-identify personal data within 90 days, except where a longer period is required for legal, tax, or security purposes. You can request earlier deletion at any time (Section 9). Aggregate, de-identified statistics that cannot be linked back to you may be kept indefinitely.

9. Your privacy rights

Depending on where you live, you have some or all of the following rights: to access, correct, delete, or port your personal data; to restrict or object to certain processing; to withdraw consent; and to lodge a complaint with a supervisory authority.

California residents have the right to know what personal information we collect, to request deletion or correction, and to opt out of "sale" or "sharing" of personal information. We do not sell your personal information and we do not share it for cross-context behavioral advertising. We will not discriminate against you for exercising any right.

To exercise a right, sign in and visit Settings → Privacy to request a data export or deletion, revoke the Google Search Console connection, or email [email protected]. We verify requests and respond within the timeframe required by law (generally 30–45 days). You may use an authorized agent where permitted.

10. Security

We protect personal data with encryption in transit and at rest, tenant isolation, least-privilege access controls, audit logging, and routine security review. No method of transmission or storage is perfectly secure, but we work to protect your information and will notify you and the relevant authorities of a qualifying personal data breach as required by law.

11. Children

The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children.

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice (for example, by email or an in-app notice). We may make changes at any time, and changes take effect when posted; your continued use of the Service after an update constitutes acceptance of the revised Policy. We encourage you to review this page periodically.

13. Contact us

For privacy questions, data subject requests, or to reach our privacy team, contact [email protected]. For security matters, contact [email protected].