Privacy Policy
Last updated: June 26, 2025
SEOCheckPilot ("we", "our", or "us") operates the website and API at seocheckpilot.com. This policy explains what personal data we process, why we process it, how long we keep it, and the rights you have under the UK GDPR, EU GDPR, and similar laws.
1. Data controller
SEOCheckPilot is the data controller for personal data described in this policy. Contact: [email protected]
2. Data we collect
When you use tools without an account
- URLs you submit — processed to run the requested audit or scan.
- Client identifier — a random ID stored in your browser (after cookie consent) and sent as
X-Client-Idto enforce fair-use quotas and prevent abuse. - Server logs — IP address, timestamp, request path, and user agent (up to 14 days).
When you create an account
- Account data — name, email address, password (stored hashed), email verification status, and session tokens.
- Projects & scans — domains, scan results, monitors, and alert settings you save to your workspace.
- Billing data — subscription plan and status. Payment card details are processed by Stripe; we do not store full card numbers.
3. Legal basis (GDPR)
- Contract — providing the service you request, including account features and paid plans.
- Legitimate interests — security, fraud prevention, quota enforcement, and improving reliability.
- Consent — optional functional storage (theme, local history, service worker) and the support chat widget. You can withdraw consent anytime via Cookie preferences in the footer.
- Legal obligation — where required for tax, accounting, or lawful requests.
4. How we use your data
- Run website and AI visibility analyses you request
- Authenticate users and manage subscriptions
- Send transactional email (verification, password reset, billing notices)
- Cache results to improve performance
- Detect abuse and protect our infrastructure
We do not sell your personal data and we do not use it for third-party advertising.
5. Third-party processors
- AI providers — URLs and extracted page content may be sent to AI services when you use AI Recommendations, Keyword Generator, or AI Visibility features.
- Stripe — payment processing and subscription management (Stripe Privacy Policy).
- Vanoy (support chat) — loaded only if you accept the Support chat category. May set cookies on their domain.
- Email delivery — transactional messages via our email provider.
- Infrastructure — hosting and database providers that store encrypted data on our behalf.
6. Cookies & local storage
We do not use Google Analytics or advertising trackers. On your first visit you will see a consent banner with Accept all, Necessary only, or Customize options.
- Strictly necessary — consent record, authentication session, client ID for quotas, and security-related data.
- Functional (optional) — theme preference, local scan history, onboarding state, and service worker offline cache.
- Support chat (optional) — third-party chat widget scripts and any cookies they set.
Use the Cookie preferences link in the site footer to change your choices at any time. Withdrawing functional consent clears optional local data on your device.
7. Data retention
- Account data — until you delete your account
- Scan / history cache — up to 30 days on the server; shorter in-memory cache for performance
- Server logs — up to 14 days
- Stripe records — retained per Stripe and legal requirements
8. Security
Connections use HTTPS. Passwords are hashed. Our analysis pipeline includes SSRF protections. No system is 100% secure; please use a strong unique password and keep your session token private.
9. Your rights
Depending on your location, you may have the right to:
- Access a copy of your personal data
- Rectify inaccurate data
- Delete your data ("right to be forgotten")
- Restrict or object to certain processing
- Data portability
- Withdraw consent for optional processing
- Lodge a complaint with your supervisory authority
Signed-in users can delete their account from the Account page (cancel any active subscription first). For other requests, email [email protected].
10. International transfers
Our processors may process data in countries outside your own. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
11. Children
SEOCheckPilot is not directed at children under 16. We do not knowingly collect personal data from children. Contact us if you believe a child has provided personal data and we will delete it.
12. Changes
We may update this policy. The "Last updated" date reflects the current version. Material changes will be highlighted on this page.
13. Contact
Questions about privacy or data protection: [email protected]