Privacy Policy

1. Information we collect

1.1 Information You Provide to Us

When you create an account, purchase a service package, contact support, or otherwise interact with the Site, you may provide:

  • Name (business name and/or contact person)
  • Email address
  • Phone number (optional)
  • Business information (business name, address, website URL, industry, location)
  • Google My Business details (GMB profile URL, login credentials if you grant access)
  • Billing and payment information (handled by third-party processors — see Section 3)
  • Account credentials (username, hashed password)
  • Service preferences (package selection, target keywords, competitor information)
  • Support messages and correspondence
  • Review and feedback on our services

1.2 Information We Automatically Collect

When you visit our Site, we automatically collect:

  • IP address
  • Device and browser information (type, version, operating system)
  • Referral/landing pages and pages viewed on the Site
  • Date/time stamps and activity logs
  • Cookies and similar tracking technologies (see Section 7)

1.3 Information from Third Parties

We may receive information from:

  • Payment processors (transaction confirmation)
  • Email service providers (delivery and open rates)
  • Analytics providers (aggregate or pseudonymized data)
  • Google My Business API (if you grant us access to manage your GMB profile)
  • Social media platforms (if you connect your accounts)

2. How We Use Your Information

We use your personal information to:

Process and deliver services — Execute your chosen SEO package (GMB optimization, backlink building, content creation, etc.)

Communicate with you — Send order confirmations, service updates, reports, support responses, and security alerts

Provide customer support — Answer questions and resolve issues

Deliver reports and analytics — Provide performance dashboards, ranking reports, and progress updates

Send marketing communications — Promotional emails about new packages or features (you can unsubscribe anytime)

Improve our services — Analyze usage, test features, and optimize our AI tools

Detect and prevent fraud — Protect against unauthorized access and abuse

Comply with legal obligations — Meet regulatory and legal requirements

We only use personal data for purposes described in this policy or disclosed at the time of collection.

3. Payments & financial data

We do not store full credit card details on our servers.

Payment processing is handled by secure third-party providers such as:

  • Stripe
  • PayPal
  • Paddle
  • [Your payment processor]

These providers collect and process payment data according to their own privacy policies and PCI-DSS standards.

What we receive:

  • Transaction confirmation (amount, date, transaction ID)
  • Payer identifier (not full card numbers)

What we never see:

  • Full credit card numbers
  • CVV codes
  • Card expiration dates

4. Downloads, licenses & intellectual property

4.1 Service Access

After purchase, you receive:

    • Order confirmation email with service details
    • Dashboard login credentials (for packages that include tracking)
    • Progress reports as specified in your package
    • Deliverables (backlinks report, content files, analytics reports, etc.)

4.2 Access to Your Business Accounts

Some services may require limited access to:

  • Google My Business profile (to optimize listings, post content, respond to reviews)
  • Website backend (if applicable for on-page SEO)
  • Social media accounts (for packages including social optimization)

We only request the minimum access necessary to deliver services. You can revoke access at any time.

4.3 Intellectual Property

  • Content we create (articles, GMB posts, descriptions) becomes your property upon delivery
  • Reports and analytics are provided for your internal use
  • Our AI tools, dashboards, and methodologies remain our proprietary property
  • Client confidentiality — We will not share your business strategies or data with competitors

5. Sharing Your Information

We may share personal information with:

5.1 Service Providers

Third parties who perform services on our behalf:

  • Payment processors (Stripe, PayPal, etc.)
  • Hosting providers (AWS, Google Cloud, etc.)
  • Email marketing platforms (Mailchimp, SendGrid, etc.)
  • Analytics tools (Google Analytics, etc.)
  • AI service providers (OpenAI API, etc.)
  • SEO tools (Ahrefs, SEMrush, Moz, etc.)

These providers are contractually required to protect your data and use it only for specified services.

5.2 Legal Authorities

When required by law or to:

  • Comply with legal process (court orders, subpoenas)
  • Protect our legal rights
  • Prevent fraud or illegal activity
  • Protect safety of users or the public

5.3 Business Transfers

If we sell, merge, or transfer our business, personal information may be transferred as part of that transaction. We will notify affected users.

5.4 With Your Consent

We may share information for other purposes with your explicit consent.

6. Data Security

We implement reasonable security measures to protect your information:

Encryption — SSL/TLS encryption for data in transit
Secure hosting — Data stored on secure, access-controlled servers
Access controls — Limited employee access on a need-to-know basis
Password protection — Hashed and salted password storage
Regular security audits — Monitoring for vulnerabilities

However, no system is 100% secure. We cannot guarantee absolute security.

In case of a data breach affecting your personal information, we will notify you and relevant authorities as required by law.

7. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to:

🍪 Enable site functionality — Session cookies, authentication
🍪 Remember preferences — Language, dashboard settings
🍪 Analyze usage — Google Analytics, heatmaps
🍪 Support marketing — Retargeting ads (where applicable)

You can control cookies through your browser settings. Note that disabling cookies may affect site functionality (e.g., staying logged in, cart contents).

Types of cookies we use:

  • Essential cookies — Required for site operation
  • Performance cookies — Track how you use the site
  • Functional cookies — Remember your preferences
  • Marketing cookies — Deliver relevant ads

8. Data Retention

We retain personal data only as long as necessary to:

Provide services — Duration of your package + reasonable period for support
Comply with legal obligations — Tax records, business records (typically 7 years)
Resolve disputes — Until matters are resolved

After these purposes are complete:

  • We will delete or anonymize your data
  • You can request earlier deletion (subject to legal retention requirements)

Typical retention periods:

  • Active accounts: Duration of service + 1 year
  • Inactive accounts: 2 years of inactivity, then deletion
  • Financial records: 7 years (tax compliance)
  • Marketing emails: Until you unsubscribe + 30 days

9. Your Rights (Access, Correction, Deletion)

Depending on your location, you may have the right to:

9.1 Access

Request a copy of personal data we hold about you

9.2 Correction

Update inaccurate or incomplete information

9.3 Deletion

Request deletion of your personal data (subject to legal retention requirements)

9.4 Restriction

Limit how we process your information

9.5 Objection

Object to certain processing activities

9.6 Data Portability

Receive your data in a common, machine-readable format

9.7 Withdraw Consent

Revoke consent where processing is based on consent

9.8 Opt-Out of Marketing

Unsubscribe from promotional emails (link in every email)

To exercise these rights: 📧 Email us at: [support@yourdomain.com]
📋 Include: “Privacy Request” in subject line
🆔 We may ask for identity verification before processing requests

Response time: We will respond within 30 days (or as required by applicable law)

10. GDPR & European Users

If you are located in the European Economic Area (EEA) or UK:

10.1 Data Controller

We are the data controller for personal data collected through our services.

10.2 Legal Basis for Processing

We process your data based on:

  • Contract performance — To deliver SEO services you purchased
  • Legitimate interests — To improve services, prevent fraud, marketing (where lawful)
  • Consent — Where you opt-in (e.g., marketing emails)
  • Legal obligation — Tax compliance, legal requirements

10.3 Your GDPR Rights

You have all rights listed in Section 9, plus:

  • Right to lodge a complaint with your local data protection authority

10.4 International Transfers

If data is transferred outside the EEA/UK, we use:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Other approved safeguards

11. CCPA & California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

  • Categories of personal information collected
  • Sources of information
  • Business purposes for collection
  • Categories of third parties we share with
  • Specific pieces of information we hold about you

11.2 Right to Delete

Request deletion of personal information (with exceptions for legal/business obligations)

11.3 Right to Opt-Out of Sale

We do not sell your personal information for monetary consideration.
If this changes, we will update this policy and provide an opt-out mechanism.

11.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request: 📧 Email: [support@yourdomain.com]
📋 Subject: “CCPA Request”
🆔 Identity verification required
⏱️ Response within 45 days

12. International Data Transfers

Your personal information may be processed and stored in countries outside your country of residence, including:

  • United States (our servers/service providers)
  • European Union (data centers)
  • Other locations where our service providers operate

We ensure appropriate safeguards are in place: ✅ Standard Contractual Clauses (SCCs)
✅ Adequacy decisions by relevant authorities
✅ Service providers with GDPR-compliant measures

13. Children's Privacy

Our services are not intended for individuals under 16 years of age.

We do not knowingly collect personal information from children under 16.

If you believe we have collected information from a child under 16: 📧 Contact us immediately at [support@yourdomain.com]
🗑️ We will promptly delete the information

14. Refunds, Cancellations & Service Disputes

Refunds and cancellations are governed by our [Refund Policy – link].

Key points:

  • ⏱️ Refund window: Typically 7-14 days (varies by package)
  • 📦 Service started: Refunds may be prorated if work has begun
  • Satisfaction guarantee: We work to resolve issues before processing refunds
  • 💳 Chargeback policy: Contact us first to resolve disputes

For payment issues or service disputes: 📧 Email: [support@yourdomain.com]
📞 Phone: [optional]
⏱️ Response time: Within 24-48 hours

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Legal or regulatory changes
  • New service features

When we make changes: 📅 We will post the updated policy with a revised “Effective Date”
📧 For material changes, we may email you or display a prominent notice
✅ Continued use of services after changes constitutes acceptance

We encourage you to review this policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

SEO Galaxy / [Your Company Name]

📧 Email: [support@yourdomain.com]
📧 Privacy-specific: [privacy@yourdomain.com]
📍 Address: [Your postal address – optional]
📞 Phone: [optional phone number]
🌐 Website: [yourdomain.com]

Business hours: Monday-Friday, 9 AM – 6 PM [Your Timezone]
Response time: Within 48 hours for privacy requests

17. Purchase Confirmation Notice

This short notice can be added to checkout/confirmation pages and purchase emails:

📦 Your SEO Service Confirmation

Thank you for choosing SEO Galaxy! You will receive:

Order confirmation email within minutes
Service kickoff details within 24 hours
Dashboard access (if applicable to your package)
Progress updates according to your package timeline

🔒 We respect your privacy — Read our full Privacy Policy at [yourdomain.com/privacy]

📧 Questions? Contact us at [support@yourdomain.com]

18. Short Privacy Notice (for Checkout Page)

Display this prominently during checkout:

🔒 Your Privacy Matters

✅ We protect your business information with industry-standard security
✅ We never sell your data to third parties
✅ Payment details are processed securely via [Stripe/PayPal]
✅ You control your data — request access or deletion anytime

[Read Full Privacy Policy] | [Contact Privacy Team]

19. GDPR Data Processing Addendum (Optional)

For enterprise clients requiring a DPA:

Upon request, we can provide a Data Processing Addendum (DPA) that includes:

  • Roles and responsibilities (controller vs processor)
  • Technical and organizational security measures
  • Sub-processor list
  • Data breach notification procedures
  • Standard Contractual Clauses (if applicable)

📧 Request a DPA at: [legal@yourdomain.com]