Privacy Policy

Last updated: September 29, 2025

This Privacy Policy explains how SEO Forecasting Tool (“we,” “us,” “our”) collects, uses, discloses, and protects information when you use our website, apps, and services (collectively, the “Service”). By using the Service, you agree to this Policy. If you do not agree, please do not use the Service.

1) Who We Are & Scope

SEO Forecasting Tool provides software that models organic search growth and timelines. This Policy applies to information we process as:

  • Data Controller for account, billing, support, and marketing data.

  • Data Processor/Service Provider for customer-supplied data (e.g., keywords, analytics, imports from Google Search Console/GA4) that we handle on your instructions.

If there’s ever a conflict between this Policy and a signed data processing agreement (DPA) with you, the DPA controls for Customer Data.

2) Information We Collect

a) Information you provide

  • Account & profile: name, email, password (hashed), role, company.

  • Billing: billing address, transaction details; card data is handled by our payment processor and not stored on our servers.

  • Customer Data: keywords, pages, URLs, forecast settings, imports from third-party platforms (e.g., Google Search Console, GA4), notes, tags.

  • Support & feedback: messages, attachments, survey responses.

b) Information collected automatically

  • Usage data: feature interactions, clicks, referring pages, session duration.

  • Device & log data: IP address, browser type/version, OS, timestamps, crash reports.

  • Cookies & similar tech: see Section 7 for details.

c) Information from third parties

  • Integrations: data you authorize us to access from connected services (e.g., GSC, GA4).

  • Vendors: fraud prevention, analytics, email delivery, customer support tools.

  • Public sources: business contact info that is publicly available.

We do not intentionally collect sensitive personal data (e.g., health, biometric). Please do not submit such data to the Service.

3) How We Use Information (Purposes)

We use information to:

  • Provide and secure the Service (authenticate, operate, troubleshoot, prevent abuse).

  • Forecast and report (run models and generate dashboards you request).

  • Improve the Service (usage analytics, A/B tests, model accuracy checks).

  • Communicate (transactional emails, service updates, security notices).

  • Support & compliance (respond to tickets, enforce Terms, comply with law).

  • Marketing with your consent or where permitted (product updates, educational content). You can opt out anytime.

4) Legal Bases (EEA/UK where applicable)

  • Contract (Art. 6(1)(b)): to provide the Service you request.

  • Legitimate Interests (Art. 6(1)(f)): security, product improvement, limited marketing.

  • Consent (Art. 6(1)(a)): cookies, integrations, certain marketing.

  • Legal Obligation (Art. 6(1)(c)): tax, accounting, regulatory requirements.

5) Sharing & Disclosures

We do not sell your personal data.

We may share information with:

  • Service providers/processors (cloud hosting, analytics, email, payments, error monitoring, customer support) under contracts requiring appropriate safeguards.

  • Third-party integrations you connect (e.g., GSC/GA4) per your instructions.

  • Corporate transactions (merger, acquisition, financing, sale of assets) subject to confidentiality.

  • Legal & safety: to comply with law, enforce Terms, protect rights, security, or prevent fraud/abuse—with careful review.

We do not allow providers to use your data for their own marketing.

6) Data Retention

  • Account data: kept while your account is active and for up to 24 months after last activity, unless you request deletion sooner or a longer period is required by law.

  • Customer Data: retained until you delete it, your account is closed, or per your contract; typically deleted within 30 days of account closure.

  • Logs & backups: short, rolling periods (generally 30–90 days) for security and reliability.

We may retain anonymized or aggregated data that no longer identifies you.

7) Cookies & Similar Technologies

We use cookies, local storage, and similar tools to:

  • Essential: authentication, security, load balancing.

  • Functional: preferences, remembering settings.

  • Analytics: understand feature usage and performance.

  • (Optional) Marketing: only if you consent.

You can manage preferences via our cookie banner and in your browser settings. Blocking some cookies may impact functionality. We currently do not respond to “Do Not Track” signals.

8) Security

We implement reasonable technical and organizational measures, including encryption in transit, access controls, least-privilege principles, and monitored infrastructure. No method of transmission or storage is 100% secure; you are responsible for safeguarding your credentials and enabling available security features.

9) International Data Transfers

We may process data in countries other than yours (for example, where our cloud providers operate). When transferring personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), DPAs, and vendor due diligence.

10) Your Rights & Choices

a) Global rights

  • Access, correct, delete your personal data.

  • Object or restrict certain processing.

  • Portability of data you provided.

  • Withdraw consent where processing is based on consent.

Contact us (see Section 14) to exercise these rights. We may ask for verification and will respond within applicable timelines.

b) EEA/UK

You may lodge a complaint with your local Data Protection Authority.

c) California (CCPA/CPRA)

California residents have the right to know, access, delete, correct, opt out of sale/share of personal information, and to limit use of sensitive information.
We do not sell or share personal information for cross-context behavioral advertising.

11) Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us to delete it.

12) Third-Party Links & Features

Our Service may link to third-party sites or include features (e.g., sign-in, analytics) operated by others. Their privacy practices are governed by their policies; please review them.

13) Acting as Processor for Customer Data

For Customer Data you submit or connect:

  • We process it only to provide the Service, per your settings and instructions.

  • You are responsible for having the necessary permissions and lawful basis to process that data.

  • Upon request, we will support data export and deletion features and sign a DPA when required

14) Changes to This Policy

We may update this Policy from time to time. Material changes will be posted here with an updated “Last updated” date (or effective date if different). Your continued use of the Service after changes take effect means you accept the revised Policy.

15) Summary (Not legally binding)

  • We collect account, usage, and optional integration data to run and improve the Service.

  • We don’t sell your data.

  • Cookies are used for essential functions, analytics, and (optional) marketing.

  • You control, export, and delete your data; we help you exercise your rights.

  • Data may be processed internationally with appropriate safeguards.

Note: This document is a general template and not legal advice. Please have a qualified attorney review and tailor it to your specific data flows, vendor list, cookie categories, and jurisdictional requirements.