How seodot handles data

Categories of data and data sources

The operator of seodot processes personal data provided directly by the user when registering, signing in, paying for a plan, submitting URLs for analysis, contacting support, or sending a privacy request, as well as data generated automatically when the website and service are used.

For the personal data described in this policy, the operator of seodot acts as the data controller or equivalent role under the applicable law. Privacy-related requests may be sent through the contacts page or to [email protected].

This may include email address, profile name, account details, URLs and run parameters, finished reports, activity history, support communications, IP address, timestamps, browser and device information, cookies, session tokens, security events, and diagnostic logs.

When a user submits a URL, the service may temporarily process page content, HTTP headers, metadata, links, and other technical signals that are needed to prepare an SEO report. The user must have the right to submit the URL and related information.

• The service is not intended for children under 16 without the involvement of a parent or other legal representative.
• The service does not intentionally collect special categories of personal data.

Purposes of processing and legal bases

Where GDPR or similar rules apply, the primary legal basis is performance of a contract with the user, including account creation, analysis requests, report storage, plan billing, and support related to the service.

Certain records may also be processed in order to comply with a legal obligation, for example accounting duties, mandatory responses to authorities, or required security controls.

Some data is processed on the basis of the operator’s legitimate interests, such as securing infrastructure, investigating incidents, preventing fraud, maintaining internal logs, protecting rights in a dispute, and improving service quality without selling user data.

If a particular feature requires consent, for example optional cookies or product emails, that consent can be withdrawn at any time. Withdrawal does not affect the lawfulness of processing that took place before it.

• Automated analysis affects only the content of an SEO report and does not create decisions with legal or similarly significant effect for the user.
• Where consent is required, the service keeps that feature separate from the basic operation of the account.

URLs, page content, and analysis results

Submitted URLs are processed only to prepare SEO analysis, reopen results, compare runs, export reports, and carry out closely related internal actions without which the service could not fulfil the user’s request.

URLs, extracted page signals, and finished reports are not used for sale to external advertising systems, data brokers, or other parties that are not involved in providing the service. Access to those materials is limited to the user, authorized staff, and processors that need it for hosting, task queues, authentication, payments, mail delivery, or support.

If a user deletes a report, the related URL and analysis artifacts are deleted or anonymized under the usual cleanup schedule unless a longer period is needed to protect the service, comply with law, or investigate a technical issue.

• Public pages are analyzed as they are available on the web when the request is made.
• If a URL points to a restricted area, the user remains responsible for having the right to submit it to the service.

Processors, international transfers, and disclosure by law

The operator may disclose personal data to a limited group of processors that act under written terms and receive only the amount of data required for a specific service, such as cloud infrastructure, databases, job queues, authentication, payment processing, email delivery, support, and the Cloudflare content delivery network.

If a visitor allows optional analytics in the consent banner and the counter is enabled on the site, the site may connect Yandex Metrica. It may receive technical data about the browser, device, interface language, referrer, approximate location, viewed pages, and on-site actions, and it may use _ym_uid, _ym_d, _ym_isad, and _ym_visorc to distinguish repeat visits and perform a short activity check.

Cloudflare is used for content delivery, performance optimization, and protection against abuse. Cloudflare may process the IP address, browser details, and other connection data. More details: https://www.cloudflare.com/privacypolicy/.

If processing takes place outside the user’s country or outside the European Economic Area, the operator applies appropriate safeguards, including standard contractual clauses, contractual access restrictions, encryption, and supplier due diligence.

The operator may disclose data where required by law, court order, or a binding request from an authority, or where disclosure is necessary to protect rights, investigate abuse, collect debt, or prevent clear harm.

• Processors receive access only under contract and only to the data that their part of the service truly requires.
• Yandex Metrica, when enabled, receives data only after explicit consent in the banner.
• We do not give advertising networks access to URL lists or report content.

Retention periods, deletion, and anonymization

We keep personal data for no longer than is necessary for the purposes for which it was obtained, unless a longer period is required by law, needed to protect rights in a dispute, needed for information security, or required to prevent repeated abuse.

The account can be deleted from the SEO dashboard. After confirmation, the account, run history, analyses, comparisons, saved reports, and settings are deleted; backups and internal queues are cleaned during the normal cycle unless the law requires certain records to remain.

Security logs, payment records, and communications about legal or billing matters may remain for a longer period where this is required by law, needed for an audit, needed to enforce rights, or necessary to document the handling of a dispute.

• Confirmed account deletion clears the primary database records for the account, analyses, comparisons, saved reports, and settings.
• Where the law requires certain records to remain, we restrict access to them and keep them only for that required period.

Technical data, cookies, and security measures

When the website or account workspace is used, the service automatically processes technical data including IP address, date and time of the request, user-agent, browser and device details, language settings, referrer, cookies, session tokens, and security events.

A bottom consent panel appears on public pages. It allows visitors to decline optional analytics, open the detailed cookie list, or allow all. The choice is stored in seodot_cookie_consent and seodot-cookie-consent-v1 in localStorage so the site does not ask again on every page.

Required cookies and similar technologies are used for sign-in, session maintenance, form protection, abuse prevention, and basic interface preferences. They include seo_ai_sid, seodot_cookie_consent, seodot-cookie-consent-v1, and on the production domain Cloudflare cookies such as __cf_bm and cf_clearance if a protection check is triggered. Optional Yandex Metrica cookies are enabled only after separate consent where the law requires it.

The operator applies reasonable technical and organizational measures such as role-based access controls, encryption in transit, log monitoring, backups, staff access restrictions, and vendor reviews. No system can provide an absolute security guarantee, so users should also protect their own credentials and devices.

• Required cookies cannot be disabled without affecting sign-in and the basic operation of the service.
• Optional Yandex Metrica cookies can be declined in the banner; later the choice can be reset by clearing site cookies or using browser settings.