1. Data controller

The data controller is:

Giovanni Manetti

VAT: IT06703160488

Email: [email protected]

2. Data collected

PerSeo Insights collects and processes the following categories of data:

  • Registration data: username, email, password (encrypted)
  • Billing data: VAT number and tax residence (PRO accounts only)
  • OAuth data: if you use Google Sign-In, we receive your name, email and profile photo from Google
  • Usage data: URLs analyzed, scan timestamps, issues detected, scheduled report configurations
  • URL monitoring data: monitored URLs, configured check intervals, SEO score history, detected change alerts
  • Google Search Console tokens: encrypted OAuth credentials for GSC data access (only if you connect your Google Search Console account; stored in database and revocable at any time)
  • Technical data: IP address, user agent, browsing data, anonymous session identifier (_psid)
  • Cookies: technical and preference cookies (see Cookie policy)

3. Processing purposes

Your personal data is processed for the following purposes:

  • Service provision: account management, authentication, web analysis, scheduled report execution, automatic URL monitoring
  • Service improvement: aggregate anonymous statistics, performance optimization
  • Security: abuse prevention, usage limit management, account protection
  • Operational communications: transactional emails (registration confirmation, password reset), URL monitoring alert notifications, automatic delivery of scheduled SEO reports
  • Google Search Console integration: access to your site's GSC data via OAuth token, exclusively at your request and for the GSC features of the service
  • Legal obligations: tax and accounting compliance

4. Legal basis

The processing of your data is based on:

  • Contract performance (Art. 6(1)(b) GDPR) - to provide you with the requested service
  • Consent (Art. 6(1)(a) GDPR) - for non-technical cookies and marketing communications
  • Legitimate interest (Art. 6(1)(f) GDPR) - for security and fraud prevention
  • Legal obligation (Art. 6(1)(c) GDPR) - for tax compliance

5. Data retention

Your personal data is retained for the following periods:

  • Active accounts: until account deletion
  • Scan history: 24 months from last activity
  • URL monitoring data and alert history: 12 months from last detection, or until the monitored URL is removed
  • Scheduled report configurations: until the report or account is deleted
  • Google Search Console tokens: until the connection is revoked or the account is deleted
  • Tax data: 10 years (legal obligation)
  • Security logs: 90 days

6. Data sharing

Your personal data is never sold to third parties. It may only be shared with:

  • Service providers: hosting (VPS), database, CDN, email services
  • Payment processing: Stripe, for secure handling of PRO account payments
  • Google OAuth: if you use Google Sign-In (see Google privacy policy)
  • Google Search Console API: if you connect your GSC account, data is retrieved via Google APIs and displayed exclusively to you. OAuth tokens are encrypted and never shared with third parties.
  • Competent authorities: upon legal request or court order

7. Your rights (GDPR)

Under the GDPR you have the right to:

  • Access: request a copy of your data (Art. 15)
  • Rectification: correct inaccurate data (Art. 16)
  • Erasure: right to be forgotten (Art. 17)
  • Restriction: restrict processing in certain circumstances (Art. 18)
  • Portability: receive your data in a structured format (Art. 20)
  • Objection: object to processing based on legitimate interest (Art. 21)
  • Complaint: file a complaint with your national Data Protection Authority

To exercise your rights: [email protected]

8. Security

We implement technical and organizational measures to protect your data:

  • SSL/TLS encryption for all communications
  • Passwords encrypted at rest
  • Daily encrypted backups
  • Firewall and DDoS protection
  • Access to personal data restricted to authorized personnel only

9. Extra-EU data transfers

Your data is stored on servers located in the European Union. Some third-party services (e.g., Google OAuth, Stripe) may transfer data outside the EU with adequate safeguards (Standard Contractual Clauses, pursuant to Art. 46 GDPR).

10. Changes to this privacy policy

We reserve the right to update this privacy policy. We will notify you by email in case of substantial changes. The last-updated date at the top of the page always shows the current version.

11. Contact

For questions or requests regarding this privacy policy:

Email: [email protected]

Data Protection Authority: www.garanteprivacy.it