Legal
Privacy Policy
Your privacy matters to us. This policy explains how SEOScanHQ collects, uses, stores, and protects your information.
Last updated: March 25, 2026
1. Introduction
SEOScanHQ ("we," "us," or "our") operates the website located at seoscanhq.com and provides an AI-powered SEO scanning and analysis platform (the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website and use our Service.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
This Privacy Policy applies to all users of the Service, including visitors who do not create an account, registered users with free plans, and subscribers to paid plans.
2. Information We Collect
2.1 Account Information
When you create an account through our authentication provider, Clerk, we collect:
- Full name
- Email address
- Profile photograph (if provided via social login)
- Authentication credentials (managed securely by Clerk; we do not store passwords directly)
2.2 Scan Data
When you use our scanning Service, we collect and store:
- URLs submitted for scanning
- Scan results, including AI readiness scores, identified issues, and remediation recommendations
- Scan timestamps and frequency
- Scan configuration preferences
2.3 Usage Data
We automatically collect certain information when you access the Service, including:
- IP address (anonymized where required by law)
- Browser type and version
- Operating system
- Referring URLs and exit pages
- Pages visited and features used within the Service
- Date and time of access
- Device identifiers
This data is collected through Google Analytics (Measurement ID: G-FXNNNRDB4R) and server-side logging.
2.4 Payment Information
Payment processing is handled entirely by LemonSqueezy, our Merchant of Record. We do not directly collect, store, or process credit card numbers, bank account details, or other financial instruments. LemonSqueezy may share with us your billing name, email address, transaction identifiers, plan type, and subscription status for the purpose of managing your account.
2.5 Communications
If you contact us via email or through our contact form, we collect the content of your message, your email address, and any attachments you provide. We retain these communications to respond to your inquiries and improve the Service.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and maintain the Service: To operate the scanning platform, deliver scan results, and manage your account.
- Improve the Service: To analyze usage patterns, identify bugs, optimize performance, and develop new features.
- Communicate with you: To send transactional emails (scan completions, account changes), respond to support inquiries, and, with your consent, send marketing communications about new features or updates.
- Process billing: To manage subscriptions, process payments through LemonSqueezy, and handle refund requests.
- Ensure security: To detect and prevent fraud, unauthorized access, and other malicious activity.
- Comply with legal obligations: To fulfill our legal and regulatory requirements, including responding to lawful requests from governmental authorities.
4. Data Storage and Security
We take the security of your data seriously and implement industry-standard measures to protect it.
4.1 Infrastructure
- Database: Your data is stored in a Neon PostgreSQL database with automated backups, point-in-time recovery, and encryption at rest.
- Hosting: The Service is hosted on Vercel's global edge network, which provides DDoS protection, automated failover, and geographic redundancy.
- Authentication: User authentication is managed by Clerk, which implements industry-standard security practices including bcrypt password hashing, session management, and multi-factor authentication support.
4.2 Encryption
- All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
- Data at rest in our database is encrypted using AES-256 encryption.
- API keys and sensitive credentials are stored using environment-level encryption and are never exposed in client-side code.
4.3 Access Controls
Access to production systems and user data is restricted to authorized personnel on a need-to-know basis. We enforce principle-of-least-privilege access controls and audit access logs regularly.
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected users in the event of a data breach, in accordance with applicable laws.
5. Third-Party Services
We use the following third-party service providers to operate and improve the Service. Each provider has access only to the information necessary to perform their designated functions and is obligated to maintain the confidentiality and security of your data.
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication and user management | Name, email, authentication tokens |
| LemonSqueezy | Payment processing (Merchant of Record) | Billing name, email, payment details |
| Google Analytics | Website analytics and usage tracking | Anonymized IP, browsing behavior, device info |
| Vercel | Application hosting and edge delivery | Server logs, request metadata |
| Neon | PostgreSQL database hosting | All stored application data (encrypted) |
We encourage you to review the privacy policies of these third-party providers. We are not responsible for the privacy practices of third parties, but we carefully evaluate each provider's security posture before integrating their services.
6. Data Retention
We retain your personal information and scan data for as long as your account remains active, or as needed to provide you the Service.
- Account data: Retained for the lifetime of your account. Upon account deletion, your personal information is permanently removed within 30 days, except where retention is required by law.
- Scan results: Retained for the lifetime of your account. Historical scan data is permanently deleted when you delete your account.
- Usage and analytics data: Retained in aggregated, anonymized form for up to 26 months through Google Analytics, in accordance with Google's data retention policies.
- Billing records: Retained by LemonSqueezy in accordance with applicable tax and financial regulations, typically for a minimum of 7 years.
- Support communications: Retained for up to 3 years after resolution for quality assurance and legal compliance purposes.
7. Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
- Right to Erasure: You may request that we delete your personal data, subject to certain legal exceptions.
- Right to Data Portability: You may request an export of your data in a structured, commonly used, and machine-readable format (JSON or CSV).
- Right to Restrict Processing: You may request that we limit the processing of your personal data under certain circumstances.
- Right to Opt-Out of Marketing: You may unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or by contacting us directly.
- Right to Withdraw Consent: Where we rely on consent as the legal basis for processing, you may withdraw consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.
To exercise any of these rights, please contact us at privacy@seoscanhq.com. We will respond to verified requests within 30 days, or within the timeframe required by applicable law.
8. GDPR Compliance
If you are a resident of the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the following additional provisions apply to you under the General Data Protection Regulation (GDPR):
8.1 Legal Bases for Processing
We process your personal data under the following legal bases:
- Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service you have requested, including account management and scan delivery.
- Legitimate Interest (Art. 6(1)(f)): Processing for analytics, fraud prevention, security, and product improvement, where our interests do not override your fundamental rights.
- Consent (Art. 6(1)(a)): Processing for marketing communications and non-essential cookies, which you may withdraw at any time.
- Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable legal requirements, such as tax and financial reporting obligations.
8.2 International Data Transfers
Your data may be transferred to and processed in the United States and other countries where our service providers operate. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions where available.
8.3 Data Protection Officer
For GDPR-related inquiries, you may contact our Data Protection Officer at privacy@seoscanhq.com. You also have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of an alleged infringement.
9. CCPA Compliance
If you are a California resident, the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), provide you with specific rights regarding your personal information:
- Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to Correct: You have the right to request correction of inaccurate personal information.
- Right to Opt-Out of Sale: We do not sell your personal information to third parties. If this practice ever changes, we will provide a clear opt-out mechanism.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To submit a verifiable consumer request, please contact us at privacy@seoscanhq.com. We will verify your identity before processing any request and respond within 45 days as required by law.
10. Cookies
Cookies are small text files placed on your device by your web browser. We use cookies and similar tracking technologies for the following purposes:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Authentication | Managed by Clerk to maintain your authenticated session, enable login persistence, and ensure security. | Session / 30 days |
| Analytics | Set by Google Analytics to collect anonymized usage data, page views, and interaction patterns to help us understand how users engage with the Service. | Up to 2 years |
| Preferences | Store your preferences such as theme (light/dark mode), language settings, and cookie consent choices. | 1 year |
You can manage cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that disabling essential cookies may affect the functionality of the Service, including the ability to remain logged in.
11. Children's Privacy
The Service is not directed to individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete such information promptly.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@seoscanhq.com so we can take appropriate action.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:
- We will update the "Last updated" date at the top of this page.
- We will notify registered users via email at the address associated with their account.
- We may display a prominent notice on the Service (such as a banner) for at least 30 days following the change.
Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to periodically review this page for the latest information.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy Inquiries: privacy@seoscanhq.com
- General Support: support@seoscanhq.com
- Website: seoscanhq.com/contact
We aim to respond to all privacy-related inquiries within 30 days of receipt.
Have questions about your data?
Our team is here to help with any privacy concerns.