SERPTool

Privacy Policy

Last updated: 21 April 2026

This Privacy Policy explains how SERPTool ("we", "us") collects, uses, and safeguards information when you use our keyword research and SEO analysis service. By using SERPTool you consent to the practices described below.

1. Information we collect

  • Account data — name, email address, hashed password.
  • Usage data — analyses you create, keyword lists you submit, collections you save.
  • Billing data — credit ledger entries. No payment card numbers are stored on our servers; when we enable subscriptions, card handling will be delegated to Stripe.
  • Technical data — IP address, browser user-agent, and request logs, retained for security and abuse prevention.

2. How we use your information

  • Authenticate you and maintain your session (a single HTTP-only cookie containing a JWT).
  • Deliver the service — run SERP analyses, store results, produce exports.
  • Track credit balances and API usage against your account.
  • Diagnose errors and prevent abuse (rate limiting, spam detection).
  • Send transactional emails (e.g. password resets, when enabled). We do not send marketing email without opt-in.

3. Sub-processors

We share data with the following third parties strictly to deliver the service:

  • DataForSEO — we forward the keywords and target URLs you submit to DataForSEO's live SERP, backlinks, and AI-optimization APIs. No account-identifying information is sent. See their privacy policy.
  • Google PageSpeed Insights (optional) — target URLs in SERP analyses may be submitted to Google's free PageSpeed API for page-timing data.

4. Cookies

We use a single essential cookie for authentication. We do not use advertising or third-party analytics cookies. You can clear it by signing out or clearing your browser data.

5. Data retention

Analyses and collections remain until you delete them or close your account. Audit log entries and API-usage records are retained for 12 months for security and billing review, then purged. Ledger entries are retained as long as your account exists (they are the billing record of truth).

6. Your rights

You may request export or deletion of your personal data at any time by contacting us at our contact form. Deletion removes your user record, analyses, collections, and ledger entries, subject to any retention required by law.

7. Security

Passwords are hashed with bcrypt. Traffic is served over HTTPS. The application is self-hosted on infrastructure controlled by the operator. No system is perfectly secure, but we follow standard industry practices and respond promptly to reported vulnerabilities.

8. International transfers

DataForSEO and Google may process data outside your country of residence. Your use of the service signifies consent to those transfers.

9. Children

SERPTool is not directed at children under 16 and we do not knowingly collect data from them.

10. Changes

We may update this policy; when we do, we'll change the "Last updated" date. Material changes will be announced to account holders by email where applicable.

11. Contact

Questions or data requests: use the contact form.