Privacy & Cookie Policy

1. Who we are

ClarifySEO is an independent service available at clarifyseo.app. For any privacy-related queries, contact us at hello@clarifyseo.app.

2. What data we collect

When you use ClarifySEO, we collect and process the following data:

• Account information — your name and email address, provided via Google OAuth when you sign in.
• Google Search Console data — search queries, page performance, click-through rates, and position data for the properties you connect. This data is fetched from the Google API on your behalf.
• Google Analytics 4 data — traffic channels, page engagement, and conversion events, if GA4 is available on your connected property.
• Audit reports — the generated reports produced from your data, stored to allow you to access them after generation.
• Payment information — billing details are processed and stored by Stripe. We do not store card numbers or full payment data.
• Usage data — audit counts and subscription status, used to enforce plan limits.

3. How we use your data

Your data is used solely for the following purposes:

• To generate your SEO audit report
• To display your reports and allow you to download them
• To send you your report by email on completion
• To manage your account and subscription
• To improve site functionality and reliability

Your data is never sold, shared with third parties for marketing purposes, or used to train AI models.

ClarifySEO's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Legal basis for processing (GDPR)

We process your data under the following legal bases:

• Contract — processing necessary to provide the service you have requested.
• Legitimate interests — improving site functionality and preventing abuse.
• Consent — for analytics cookies, where you have given explicit consent via our cookie banner.

5. Data retention

We retain your data for as long as your account is active. If you delete your account, your data will be deleted within 30 days. Audit reports are retained until you delete them from your dashboard.

6. How we protect your data

We apply the following technical and organisational measures to protect your data:

• Encryption in transit — all data exchanged between your browser and our servers is encrypted using TLS. All API calls to Google, Anthropic, and Stripe are made over HTTPS.
• Encryption at rest — your data is stored in a managed PostgreSQL database hosted by Neon, which encrypts data at rest by default.
• Access controls — your audit reports and account data are accessible only to your authenticated session. We do not expose user data across accounts.
• Minimal OAuth scopes — we request only the minimum Google OAuth scopes required to generate your audit. We request read-only access to Search Console and Analytics data and do not request permission to modify your Google properties.
• No unnecessary data storage — your Google Search Console and Analytics data is fetched and processed to generate your report. We do not store raw API data beyond what is required to provide the service.
• Token security — OAuth access and refresh tokens are stored securely and never exposed to the client or included in logs.

While no system can guarantee absolute security, we take reasonable and appropriate steps to protect your data against unauthorised access, disclosure, or loss.

7. Third-party services

We use the following third-party services which may process your data:

• Google OAuth — for authentication. Subject to Google's Privacy Policy.
• Anthropic Claude API — your GSC and GA4 data is transmitted to Anthropic's API solely to generate your audit report. This transfer is made via API and Anthropic does not retain or use API-submitted data for model training. This use is within the Limited Use requirements of the Google API Services User Data Policy.
• Stripe — for payment processing. Subject to Stripe's Privacy Policy.
• Resend — for transactional email delivery.
• Neon — for database hosting. Data is stored in the EU.
• Vercel — for hosting. Subject to Vercel's Privacy Policy.
• Google Analytics 4 — for site analytics, used only with your consent.

8. Your rights (GDPR)

Under GDPR, you have the right to:

• Access — request a copy of the data we hold about you
• Rectification — correct inaccurate data
• Erasure — request deletion of your data
• Portability — receive your data in a machine-readable format
• Object — object to processing based on legitimate interests
• Withdraw consent — for analytics cookies, via the cookie icon in the bottom-left corner of any page

To exercise any of these rights, contact us at hello@clarifyseo.app.

You can also revoke ClarifySEO's access to your Google data at any time via your Google Account permissions page.

9. Cookie policy

We use cookies and similar technologies on this site. Below is a full list of the cookies we set.

Necessary cookies

These cookies are required for the site to function and cannot be disabled.

Analytics cookies

These cookies are only set with your consent. They help us understand how the site is used.

You can change your cookie preferences at any time using the cookie preferences in the bottom-left corner of any page.

10. Google Consent Mode

We implement Google Consent Mode v2. By default, all non-essential Google cookies are blocked until you give consent. If you decline analytics cookies, Google Analytics will operate in cookieless mode — aggregate, anonymised data may still be collected for modelling purposes in line with Google's policies.

11. Changes to this policy

We may update this policy from time to time. Material changes will be notified via email or a notice on the site. The date at the top of this page indicates when the policy was last updated.