Privacy Policy — SEOAudits.org

Last updated: 19 September 2025 Contact: contact@seoaudits.org

1) Who we are

This Privacy Policy explains how SEOAudits.org (“we”, “us”, “our”) collects and processes personal data when you visit our website, create an account, or use our services (the “Services”). Controller: SEOAudits.org, operated by [Your Company Legal Name], [Registered Address]. You can contact us at contact@seoaudits.org for any privacy matter.

This Policy is designed to meet the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). GOV.UK+1

2) The data we collect

a) Data you provide

• Account data: name, email, password, organisation details, billing country.
• Billing data: payment method tokens/IDs (processed by our payment provider), VAT/tax information, invoices.
• Communications: support tickets, emails, chat messages, feedback.
• Affiliate programme data (if applicable): payout email (e.g., PayPal), referral links, earnings and withdrawal requests.

b) Data we collect automatically

• Usage & device data: IP address, browser/OS, device identifiers, pages viewed, dates/times, referral URLs, approximate location (country/city), diagnostic logs.
• Cookies & similar technologies: essential cookies (for login, security) and, with your consent, analytics/marketing cookies. See Cookies section below.

c) Audit content you submit

To run SEO audits, you or your users may submit URLs, sitemaps, bulk URL lists or raw HTML. Our systems may retrieve page HTML, HTTP headers, metadata, links, images, and generate analysis data (e.g., issue findings, scores, screenshots, summaries). You are responsible for ensuring you have the right to provide this content.

We do not intend to collect special category data. Please do not submit confidential or sensitive personal data in pages you audit.

3) Why we process your data (lawful bases)

PurposeExamplesLegal basisProvide and secure the ServicesAccount creation, login, run audits, deliver reports, prevent fraud, security monitoringContract (UK GDPR Art. 6(1)(b)) / Legitimate interestsPayments & invoicingSubscription management, tax recordsContract / Legal obligationCustomer supportRespond to requests, fix issuesLegitimate interestsProduct improvement & analyticsUsage metrics, feature performanceLegitimate interests (balanced, privacy-preserving)Marketing (optional)Newsletters, offers, affiliate communicationsConsent (you can withdraw any time)Legal & complianceEnforce Terms, handle disputesLegitimate interests / Legal obligation

You have a right to object to processing based on legitimate interests (see Your rights).

4) Cookies and similar technologies

We use:

• Strictly necessary cookies (e.g., authentication, security, load balancing).
• Non-essential cookies (analytics/marketing) only with your consent. You can accept or reject non-essential cookies via our banner and update choices any time in “Cookie Settings”.

Under UK PECR, consent for non-essential cookies must be freely given, specific, informed and unambiguous. Simply burying cookie info in a privacy policy is not valid consent. ICO+1

5) Children’s privacy

Our Services are aimed at business users and are not directed to children. Where online services rely on consent, UK law sets the age of digital consent at 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided data, contact us and we will delete it. ICO+1

6) AI features

If you enable AI audit summaries, we generate short, human-readable summaries from your audit data.

• We restrict providers to data-processing only and do not permit your audit content to be used to train third-party foundation models.
• We apply access controls, encryption in transit and at rest, and data minimisation for prompts/outputs.

7) Sharing your data (processors & recipients)

We use carefully selected service providers (data processors) under written contracts that include confidentiality and data protection obligations. Typical categories include:

• Hosting & databases, content delivery, backups
• Email & notifications (transactional and optional marketing, with your consent)
• Payments & billing (tokenised payment processing)
• Analytics & error monitoring (privacy-respecting analytics where possible)
• Customer support & chat
• Affiliate platform & payout processing (where applicable)

We may disclose data where required by law, to protect rights and security, or in connection with a reorganisation, merger or acquisition (with appropriate safeguards).

8) International transfers

If we transfer personal data outside the UK, we will ensure an appropriate transfer mechanism, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or rely on a UK adequacy regulation where available. ICO+1

9) Data retention

We keep personal data only as long as necessary for the purposes set out above, including to meet legal, accounting and reporting requirements. Typical retention:

• Account data: for the life of the account, then deleted or anonymised within 30–90 days.
• Audit data: retained according to your plan settings (e.g., 7–365 days); deleted automatically after the retention window, with limited-duration backups.
• Billing records: up to 6–7 years to meet tax and accounting obligations.
• Support communications & logs: typically 12–24 months, unless longer is needed for security or disputes.

10) Security

We implement appropriate technical and organisational measures including encryption in transit and at rest, access controls, least-privilege staff access, logging, vulnerability management and regular backups. No system is 100% secure; we monitor for incidents and will act in accordance with legal obligations.

11) Your privacy rights (UK GDPR)

You have the right to:

• Be informed about how we use your data;
• Access your data;
• Rectify inaccurate data;
• Erase data (where applicable);
• Restrict processing;
• Data portability;
• Object to processing based on legitimate interests or to direct marketing;
• Withdraw consent at any time (where processing relies on consent).

To exercise any right, email contact@seoaudits.org. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk if you are unhappy with how we handle your data. ICO+1

12) Marketing

We send service/transactional emails as part of providing the Services (e.g., audit completion notices, security, billing). We send marketing emails only with your consent. You can unsubscribe at any time via the link in the email or by contacting us.

13) Do Not Track / signals

Industry standards for Do Not Track are not yet uniform, so we do not respond to DNT signals. You can control non-essential cookies via our banner and browser settings.

14) Third-party links

Our site may link to third-party websites, tools and integrations. Their privacy practices are governed by their own policies. Please review those before using such services.

15) Affiliates

If you join our affiliate programme, we process your payout email (e.g., PayPal), referral identifiers, earnings and withdrawals to administer the programme. We also use cookies for attribution with your consent (see Cookies).

16) Social logins

If you choose to sign in via a third-party provider (e.g., Google, Microsoft), we receive identifiers and your email to create or authenticate your account, per the provider’s terms and your settings with them.

17) Changes to this Policy

We may update this Policy to reflect changes to our practices or the law (for example, changes announced by the ICO to UK GDPR guidance following legislative updates). We will post the new Policy with a new “Last updated” date and, where appropriate, notify you in-app or by email. ICO

18) How to contact us

Questions or requests about this Policy or your data: Email: contact@seoaudits.org Postal: [Your Company Legal Name], [Registered Address] (United Kingdom)

If we are unable to resolve a concern, you can contact the Information Commissioner’s Office (ICO) at ico.org.uk for guidance or to lodge a complaint. ICO