← Back to App

Privacy Policy

Last updated: March 30, 2026

1. Who we are and what this policy covers

SEOPilot is operated by MAXHOLDING S.R.L., a company based in Romania. This Privacy Policy applies to all our services, including:

• Our website at seopilot.online
• Our web application and dashboard

We collect information about you only when we have a reason to do so—for example, to provide our services, communicate with you, or improve our offerings. This policy explains what information we collect, how we use it, and your rights regarding your data.

2. Google API services and Search Console data

What Google services we access

SEOPilot integrates with the following Google API services to provide SEO analysis and optimization features:

• Google Search Console API - To access your search performance data, indexing status, and site properties

Specific data we access from Google Search Console

When you authorize SEOPilot to connect to your Google Search Console account, we access the following data using the webmasters.readonly scope:

• Search performance metrics (queries, impressions, clicks, click-through rate, average position)
• Website properties and verified sites associated with your account

How we use your Google Search Console data

We use your Google Search Console data exclusively to provide you with the following user-facing features in our application:

• Display search performance analytics and trends in your SEOPilot dashboard
• Identify SEO optimization opportunities based on your search data
• Generate automated recommendations for improving search rankings
• Create custom reports comparing your performance across different time periods
• Alert you to significant changes in search visibility or indexing issues

What we do NOT do with your Google data

We do not and will never:

• Sell your Google Search Console data to third parties
• Transfer your data to advertising platforms, data brokers, or information resellers
• Use your data to serve advertisements or for retargeting purposes
• Use your data to train AI or machine learning models (except for your personal SEO recommendations within our app)
• Use your data to determine creditworthiness or for lending purposes
• Share your data with competitors or for purposes unrelated to providing our SEO services to you

Data storage and security for Google API data

We store aggregated and processed versions of your Google Search Console data in encrypted databases hosted on secure cloud infrastructure (AWS/Google Cloud). Raw API responses are cached temporarily (up to 24 hours) to improve performance and reduce API calls. All data transmission occurs over encrypted HTTPS connections using TLS 1.3.

Human access to your Google data

Our employees and contractors do not access your individual Google Search Console data except in the following limited circumstances:

• You explicitly request technical support and grant permission to view your account
• We need to investigate security issues, bugs, or potential abuse
• We are required to do so by law or legal process

All personnel with potential access to user data are bound by confidentiality agreements and trained on data protection requirements.

Revoking access to Google services

You may revoke SEOPilot's access to your Google Search Console data at any time by:

• Visiting your Google Account Permissions page and removing SEOPilot
• Using the "Disconnect Google Account" option in your SEOPilot dashboard settings

When you revoke access, we will stop accessing your Google data immediately. You may request deletion of stored data by contacting us at privacy@seopilot.online.

3. Information we collect

Information you provide to us

We collect information you directly provide when you:

• Create an account: Name, email address, password (hashed and encrypted)
• Subscribe to our service: Billing information including payment method details (processed securely through Stripe; we do not store full credit card numbers)
• Connect your websites: Domain names, website URLs, and related SEO settings
• Use our services: Content you create, keyword lists, reports you generate, notes, and preferences
• Contact us: Support requests, feedback, survey responses, and communications

Information we collect automatically

When you use SEOPilot, we automatically collect certain information including:

• Usage data: Features you use, actions you take, pages you visit, time spent, and interaction patterns
• Device information: Browser type and version, operating system, device type, screen resolution
• Log data: IP address (anonymized after 30 days), access times, referring URLs, error logs
• Extension data: Extension version, installation date, settings configuration
• Cookies and tracking: Session identifiers, preferences, authentication tokens (see Cookies section)

Information from third-party services

We receive information when you connect third-party services to SEOPilot:

• Google OAuth: Basic profile information (name, email, profile photo) when you sign in with Google
• Payment processors: Transaction confirmations and subscription status from Stripe

4. How and why we use information

We use the information we collect only for legitimate business purposes consistent with this policy. Our legal bases for processing your data include:

To provide and improve our services (Contractual necessity)

• Deliver SEO analysis, recommendations, and reporting features
• Process your subscription and manage billing
• Authenticate your account and maintain security
• Provide customer support and respond to inquiries
• Fix bugs, monitor performance, and improve functionality
• Develop new features based on usage patterns

To communicate with you (Legitimate interest / Consent)

• Send transactional emails (account notifications, billing receipts, security alerts)
• Provide product updates, feature announcements, and usage tips (with your consent)
• Send marketing communications about our services (you may opt out at any time)
• Respond to your support requests and feedback

To ensure security and prevent fraud (Legitimate interest / Legal obligation)

• Monitor for suspicious activity and potential security threats
• Detect and prevent unauthorized access or abuse
• Enforce our Terms of Service and investigate violations
• Protect our rights, property, and the safety of our users

To comply with legal obligations (Legal obligation)

• Respond to lawful requests from law enforcement or government authorities
• Comply with applicable laws, regulations, and legal processes
• Maintain records for tax and accounting purposes

To analyze and understand usage (Legitimate interest / Consent)

• Analyze aggregated usage statistics to understand how users engage with our service
• Conduct research to improve user experience and product design
• Create anonymous case studies and success stories (with explicit permission)

5. Sharing and disclosure of information

We may share your information only in the following limited circumstances:

With service providers

We work with third-party companies to help us operate our business and deliver services to you. These service providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your data:

Service Provider	Purpose	Data Shared
Google Cloud Platform	API services and infrastructure	API requests and cached data

Each service provider's privacy policy governs their use of your information. We have data processing agreements with all service providers handling personal data.

For legal reasons

We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect against fraud, security threats, or illegal activity
• Protect the rights, property, or safety of SEOPilot, our users, or the public

In business transfers

If SEOPilot is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy. You will have the opportunity to delete your account before the transfer.

With your consent

We may share your information for any other purpose with your explicit consent, such as:

• Publishing customer testimonials or case studies (with your permission)
• Integrating with third-party tools you choose to connect
• Sharing anonymized, aggregated data for research or industry reports

6. Data security measures

We implement industry-leading security measures to protect your personal information from unauthorized access, use, alteration, or destruction. While no system is 100% secure, we take reasonable and appropriate steps to safeguard your data.

Technical safeguards

• Encryption in transit: All data transmission uses TLS 1.3 encryption (HTTPS)
• Encryption at rest: Databases and file storage use AES-256 encryption
• Password security: Passwords are hashed using bcrypt with salt
• API security: OAuth 2.0 authentication, API rate limiting, and token expiration
• Infrastructure security: Web Application Firewall (WAF), DDoS protection, intrusion detection
• Vulnerability management: Regular security audits, penetration testing, and dependency updates

Organizational safeguards

• Access controls: Role-based access with principle of least privilege
• Employee training: Regular security awareness and data protection training
• Confidentiality agreements: All employees and contractors sign NDAs
• Logging and monitoring: Audit logs of access to sensitive data and systems
• Incident response: Documented procedures for security breach response
• Vendor management: Data processing agreements with all third-party services

Data breach notification

In the unlikely event of a data breach affecting your personal information, we will:

• Notify affected users via email within 72 hours of discovering the breach
• Provide details about what information was affected and steps we're taking
• Recommend actions you can take to protect yourself
• Report the breach to relevant regulatory authorities as required by law

7. Data retention and deletion

We retain your personal information only as long as necessary to provide our services and fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

Data retention periods

Data Type	Retention Period	Reason
Account information	Duration of account, then removed from active systems within 30 days after deletion	Provide services, allow account recovery
Google Search Console data	Duration of account, then removed from active systems within 30 days after deletion or disconnect	Provide SEO analysis features
Usage logs and analytics	Up to 24 months	Service improvement, security monitoring
Web server logs (with IP addresses)	30 days, then IP anonymized	Security, debugging, performance
Payment records	7 years after last transaction	Tax compliance, accounting requirements
Support communications	3 years after resolution	Reference, quality improvement
Marketing consent records	Duration of consent + 3 years	Compliance with marketing regulations

Account deletion

When you delete your SEOPilot account:

• Your account is immediately deactivated and inaccessible
• Personal data is removed from active production systems within 30 days
• Encrypted and technically isolated backups containing your data are purged within 90 days
• We retain minimal transaction records as required by law (tax compliance)
• Aggregated, anonymized usage statistics may be retained for analytics

To request account deletion, contact us at support@seopilot.online for account closure assistance or privacy@seopilot.online for privacy-rights requests.

8. Your rights and choices

You have significant control over your personal information. Depending on your location, you have various rights regarding your data:

Access and portability

• View your data: Access your personal information through your account dashboard
• Download your data: Export your data in machine-readable formats (JSON, CSV) via Settings → Export Data
• Request a copy: Contact us to receive a complete copy of all data we hold about you

Correction and updates

• Update account information: Modify your name, email, and preferences in your account settings
• Request corrections: Contact us to correct inaccurate or incomplete information

Deletion and erasure

• Delete your account: Permanently remove your account and associated data
• Request deletion: Ask us to delete specific information (subject to legal retention requirements)
• Disconnect Google services: Revoke access to your Google Search Console data at any time

Objection and restriction

• Object to processing: Ask us to stop processing your data for certain purposes
• Restrict processing: Request that we limit how we use your data
• Withdraw consent: Revoke consent for data processing at any time (won't affect prior processing)

Communication preferences

• Unsubscribe from marketing: Click "unsubscribe" in any marketing email or update preferences in your account
• Opt out of analytics: Disable cookies or use browser privacy settings
• Do Not Track: We honor Do Not Track signals in accordance with applicable law

How to exercise your rights

To exercise any of these rights, you can:

• Use the self-service tools in your account settings
• Email us at privacy@seopilot.online

Response timeline: We will respond to your request within 30 days (45 days for California residents under CCPA). We may need to verify your identity before fulfilling certain requests.

Verification process

To protect your privacy, we verify your identity before granting access to or deleting your personal information. We may ask you to:

• Log in to your account
• Confirm your email address
• Provide additional identifying information

You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization or power of attorney.

9. EU and UK users (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have specific rights under the General Data Protection Regulation (GDPR) and UK GDPR.

Data controller

MAXHOLDING S.R.L. is the data controller responsible for your personal information. Our contact details are provided in the Contact section below.

Legal bases for processing

We process your personal data based on the following legal grounds:

• Contractual necessity: Processing necessary to provide our services under our Terms of Service
• Legitimate interests: Processing necessary for our legitimate business interests (e.g., security, fraud prevention, service improvement), balanced against your rights
• Consent: Processing based on your explicit consent (e.g., marketing communications, optional features)
• Legal obligation: Processing necessary to comply with applicable laws and regulations

Your GDPR rights

Under GDPR, you have the right to:

• Right to be informed: Understand how your data is collected and used (this policy)
• Right of access (Article 15): Obtain confirmation and access to your personal data
• Right to rectification (Article 16): Correct inaccurate or incomplete data
• Right to erasure (Article 17): Request deletion of your data ("right to be forgotten")
• Right to restrict processing (Article 18): Limit how we use your data
• Right to data portability (Article 20): Receive your data in a structured, commonly used format
• Right to object (Article 21): Object to processing based on legitimate interests or direct marketing
• Rights related to automated decision-making (Article 22): We do not make solely automated decisions with legal or significant effects

Supervisory authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data in accordance with the law. You can find your data protection authority here.

International data transfers

SEOPilot is based in Romania. When you use our services from the EU/EEA/UK, your personal information is transferred to the U.S. We protect these transfers using Standard Contractual Clauses (SCCs) approved by the European Commission and UK Information Commissioner's Office, along with additional safeguards including:

• Encryption of data in transit and at rest
• Access controls and security measures outlined in this policy
• Data processing agreements with all subprocessors

10. California residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

Categories of personal information we collect

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, account username, IP address, device identifiers
• Commercial information: Subscription history, payment records, purchase history
• Internet activity: Browsing history on our site, search history, interaction with our services
• Geolocation data: Approximate location based on IP address
• Professional information: Website URLs you manage, business information you provide
• Inferences: Preferences and characteristics derived from your usage patterns

Sources of personal information

We collect personal information from the following sources:

• Directly from you (account registration, using our services)
• Automatically from your devices (cookies, log files)
• From third-party services you connect (Google Search Console, Google OAuth)
• From payment processors (Stripe)

Business and commercial purposes

We use personal information for the business purposes described in the "How and Why We Use Information" section, including:

• Providing and maintaining our services
• Improving and personalizing user experience
• Customer support and communications
• Security, fraud detection, and legal compliance
• Analytics and service improvement

Categories of third parties we share with

We share personal information with the following categories of third parties:

• Cloud service providers (Google Cloud)
• Payment processors (Stripe)
• Professional advisors (lawyers, accountants, when necessary)

Sale and sharing of personal information

Your California privacy rights

California residents have the following rights:

• Right to know: Request details about the personal information we collect, use, disclose, and sell (up to twice per year, free of charge)
• Right to delete: Request deletion of your personal information (subject to legal exceptions)
• Right to correct: Request correction of inaccurate personal information
• Right to opt-out: Opt out of the sale or sharing of personal information (we don't sell or share PI)
• Right to limit use of sensitive personal information: We don't collect or use sensitive PI as defined by CPRA
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

How to exercise your California rights

To exercise your rights:

• Email us at privacy@seopilot.online with "California Privacy Rights" in the subject line

We will respond within 45 days of receipt. We will verify your identity before fulfilling requests. You may designate an authorized agent by providing written authorization.

California "Shine the Light" law

California Civil Code Section 1798.83 allows California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

11. Cookies and tracking technologies

We use cookies and similar tracking technologies to provide, protect, and improve our services. This section explains what these technologies are and how we use them.

What are cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences, login status, and activity.

Types of cookies we use

Cookie Type	Purpose	Duration
Essential cookies	Required for core functionality, authentication, and security. Cannot be disabled.	Session / 1 year
Functional cookies	Remember your preferences, settings, and choices	1 year
Performance cookies	Monitor service performance and identify technical issues	Session / 30 days

We do not use advertising or targeting cookies.

Other tracking technologies

• Web beacons (pixel tags): Small invisible images in emails to track open rates and clicks
• Local storage: Browser storage for saving preferences and application state
• Session storage: Temporary storage that clears when you close your browser

Managing cookies

You can control cookies through your browser settings:

• Block all cookies (may affect site functionality)
• Delete existing cookies
• Set preferences for specific websites
• Enable "Do Not Track" (we honor DNT signals)

Browser instructions:

• Google Chrome
• Mozilla Firefox
• Apple Safari
• Microsoft Edge

12. International data transfers

SEOPilot operates globally and is headquartered in Romania. When you use our services from outside the Romania, your information is transferred to, stored, and processed in Romania and other countries where our service providers operate.

Data protection safeguards

Different countries have different data protection laws. When we transfer your data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): EU Commission-approved contracts for EU/EEA data transfers
• UK Addendum: UK-approved transfer mechanisms for UK data
• Encryption: All data transfers use encryption in transit (TLS 1.3)
• Data minimization: We transfer only necessary data for service provision
• Vendor agreements: All international service providers sign data processing agreements

Countries where data may be processed

Your data may be processed in the following locations:

• United States: Primary application servers and databases (AWS US regions)
• European Union: Optional EU data residency for European customers
• Other regions: Content delivery networks for performance optimization

By using SEOPilot, you consent to the transfer of your information to the Romania and other countries where we operate. If you do not consent, please do not use our services.

13. Children's privacy

SEOPilot is not directed to children under the age of 16, and we do not knowingly collect personal information from children.

Age requirement: You must be at least 16 years old (or the age of majority in your jurisdiction) to create an account and use our services. If we learn that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible.

Parent or guardian notice: If you believe your child has provided us with personal information, please contact us at privacy@seopilot.online, and we will delete the information.

COPPA compliance: In accordance with the Children's Online Privacy Protection Act (COPPA), we do not collect personal information from children under 13.

14. Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How we notify you of changes

When we make changes to this policy:

• Minor changes: We will update the "Last updated" date at the top of this policy
• Material changes: We will notify you by:
  • Email to your registered email address (at least 30 days in advance)
  • Prominent notice on our website and in your account dashboard
  • In-app notification when you next log in

Your acceptance of changes

Your continued use of SEOPilot after the updated policy takes effect constitutes acceptance of the changes. If you do not agree to the updated policy, you must stop using our services and may delete your account.

For material changes affecting how we use your personal information, we may require your explicit consent before the changes take effect.

Policy archive

Previous versions of this Privacy Policy are available upon request by contacting privacy@seopilot.online.

15. Contact information

---

This privacy policy was last updated on March 30, 2026.
Thank you for trusting SEOPilot with your data. Your privacy matters to us.