Legal

Privacy Policy

Last updated: May 18, 2026

SEOSpectator (“we”, “us”, “our”) takes your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use seospectator.com (“the Service”).

We comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the India Digital Personal Data Protection Act, 2023 (DPDP Act).

1. Information We Collect

Information you provide

  • Account information: Email address, name (if provided via OAuth)
  • Payment information: Processed entirely by Cashfree (India) or PayPal (International). We never see or store your card details — we only receive a subscription ID and payment status.
  • Audit input: URLs you submit for SEO audits
  • AI Coach messages: Conversations you have with the AI Coach (stored to maintain context within a session)

Information collected automatically

  • Usage data: Audits run, features used, pages visited, time spent
  • Device data: IP address, browser type, operating system, device identifiers
  • Cookies: Session cookies for authentication (essential), analytics cookies (anonymized)

2. How We Use Your Data

We use your data to:

  • Provide, maintain, and improve the Service
  • Run SEO audits and generate AI Coach responses
  • Process payments and prevent fraud
  • Send transactional emails (audit reports, password resets, billing receipts)
  • Send product updates and marketing (only with your explicit consent — you can opt out anytime)
  • Comply with legal obligations
  • Detect and prevent abuse of the Service

3. AI Model Training — We Never Use Your Data

We do not use your audit data, AI Coach messages, or any other personal data to train AI models. When we send messages to our AI provider (Anthropic), they process them under their commercial API terms, which explicitly forbid training on commercial customer data.

4. Data Sharing

We share your data only with:

  • Payment processors (Razorpay) — to process subscription payments
  • AI providers (Anthropic) — to generate AI Coach responses
  • Infrastructure providers (Vercel for hosting, Neon for database, Supabase for authentication, Resend for email) — to operate the Service
  • Analytics (Vercel Analytics — privacy-respecting, no personal identifiers shared)
  • Legal authorities — only when required by valid legal process

We do not sell your personal data to advertisers or data brokers.

5. Data Retention

  • Account data: Kept until you delete your account, then deleted within 30 days
  • Audit results: Kept for 12 months by default (paid plans can retain longer), or deleted on request
  • AI Coach conversations: Kept for 12 months
  • Payment records: Kept for 7 years for tax and accounting compliance
  • Email logs: Kept for 90 days

6. Your Rights

You have the right to:

  • Access — request a copy of your personal data
  • Rectify — correct inaccurate data
  • Erase — delete your account and all associated data
  • Restrict — limit how we process your data
  • Portability — export your data in a structured, machine-readable format
  • Object — opt out of marketing or specific processing
  • Withdraw consent — for any processing based on consent

To exercise any of these rights, email privacy@seospectator.com. We will respond within 30 days.

7. Data Security

We protect your data with:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption at rest in our database
  • Two-factor authentication available on all accounts
  • Regular security audits and dependency vulnerability scans
  • Principle of least privilege for internal access

8. International Data Transfers

Our infrastructure is hosted in Singapore (Neon Postgres) and globally distributed (Vercel edge). Data may be transferred to and processed in countries outside your home country, with appropriate safeguards under GDPR Standard Contractual Clauses.

9. Cookies

We use the following cookies:

  • Essential cookies — for authentication and session management (cannot be disabled)
  • Analytics cookies — Vercel Analytics (anonymized visitor counts; no personal identifiers)

We do not use advertising cookies or third-party trackers like Google Analytics or Facebook Pixel.

10. Children's Privacy

The Service is not directed to anyone under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If we learn that a child has provided personal data, we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect.

12. Contact

For privacy questions or to exercise your rights:
Email: privacy@seospectator.com
General contact: /contact