Privacy Policy
Last updated: March 18, 2025
SEO Tool ("we," "us," or "our") operates the SEO Tool web application. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.
1. Information We Collect
Account information. When you sign up, we collect your email address and a hashed password. If you sign in with Google, we receive your name, email, and profile picture from Google.
Google API data. If you connect Google Analytics, Search Console, or Google Business Profile, we request read-only access to your analytics and search data through OAuth. We store the OAuth tokens securely in our database so we can fetch reports on your behalf.
SEO analysis data. URLs you analyze, crawl results, SEO scores, and related audit data are stored in your account so you can view history and track progress.
Team data. If you create or join a team, we store team membership, roles, and team-scoped analysis results.
Usage data. We collect basic usage data such as pages visited, features used, and device/browser information to improve the service.
2. How We Use Your Information
- To provide and maintain the SEO Tool service
- To display your SEO analysis results, history, and reports
- To fetch analytics data from Google on your behalf using your authorized tokens
- To enable team collaboration and shared dashboards
- To send transactional emails (account verification, password resets, team invitations)
- To monitor and improve the performance of our service
3. Data Storage & Security
Your data is stored in a Supabase-hosted PostgreSQL database with row-level security policies. OAuth tokens are stored securely and are only used to fetch data from Google APIs on your behalf.
We use HTTPS for all data transmission. Authentication is handled through Supabase Auth with industry-standard JWT tokens.
4. Third-Party Services
We use the following third-party services to operate SEO Tool:
- Supabase — database hosting, authentication, and row-level security
- Google APIs — Analytics, Search Console, and Business Profile data (read-only access with your consent)
- Vercel — application hosting and deployment
- Resend — transactional email delivery
Each of these services has their own privacy policy. We recommend reviewing them for details on how they handle data.
5. Google API Scopes
When you connect your Google account, we request the following read-only scopes:
- Google Analytics —
analytics.readonlyto view your GA4 traffic data - Search Console —
webmasters.readonlyto view search performance data - Business Profile —
business.manageto read your Google Reviews
You can revoke access at any time from your Google Account permissions page.
6. Data Retention
We retain your account data and analysis history for as long as your account is active. If you delete your account, we will remove your personal data and analysis history within 30 days. Anonymized, aggregated data may be retained for service improvement.
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and associated data
- Revoke Google API access at any time through your Google Account
- Export your SEO analysis data
8. Cookies
We use essential cookies and local storage for authentication session management (e.g., storing your JWT token and active team selection). We do not use third-party tracking cookies.
9. Children's Privacy
SEO Tool is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised "Last updated" date.
11. Contact
If you have questions about this Privacy Policy or your data, please contact us at support@seotool.com.