🚀 Free SEO audit + custom 90-day roadmap — claim yours →

Privacy Policy

Effective date: May 26, 2026 · Version 2.0

SEOIndia (referred to as “SEOIndia”, “we”, “us”, or “our”) operates https://seoindia.co/ together with the SEO services, software tools, AI agent (Aria), and email products offered under the SEOIndia brand. This Privacy Policy explains in plain language what personal data we collect, why we collect it, what we do with it, how long we keep it, with whom we share it, and what choices and rights you have. It is written to satisfy the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the CPRA (CCPA / CPRA), India’s Digital Personal Data Protection Act 2023 (DPDP), Canada’s PIPEDA, Australia’s Privacy Act 1988, the UAE’s Federal Decree-Law No. 45 of 2021 (PDPL), and Singapore’s PDPA 2012. Where any local law gives you stronger rights, those local rights apply.

1. Who we are

SEOIndia is a globally distributed AI-first SEO services business. We deliver done-for-you search-engine optimisation, content production, technical SEO engineering, AI-search optimisation (GEO + AEO), website design and development, and related professional services to brands in 30+ countries. We also operate a suite of free and paid SEO software tools, an AI conversational agent named Aria, and email-based product communications. Our team is distributed across India, the United States, the United Kingdom and Singapore. You can reach our privacy team at privacy@seoindia.co or our Data Protection Officer at dpo@seoindia.co for any privacy-related question, including data-subject access requests.

2. What personal data we collect

We try to collect the minimum data necessary to operate the service. The categories below are exhaustive — we do not maintain hidden data stores.

2.1 Information you provide directly

  • Account information. When you create an account or fill in a contact / lead / book-demo / newsletter / checkout form, we collect your name, work email address, company name (optional), website URL, phone or WhatsApp number (optional), country and state of residence, and any message text you write.
  • Authentication credentials. Password hashes (we never store plaintext passwords), optional time-based one-time password (TOTP) 2FA seeds stored encrypted, and OAuth identifiers when you sign in with Google.
  • Billing data. Billing address, billing country, tax identification numbers where you provide them (GSTIN, VAT, EIN, ABN, etc.), and the last four digits of any payment card used. Full payment card numbers and bank account details are never sent to or stored on our servers — they are handled exclusively by our PCI-DSS-compliant payment processors (Stripe, Razorpay, PayPal).
  • Service inputs. URLs, domains, keywords, content briefs, audit configurations, and any other content you submit to our SEO tools, the Aria agent, or shared documents during a paid engagement.
  • Communications. The contents of emails, support tickets, chat messages with Aria or our team, and recorded video calls (only when both parties have consented to recording at the start of the call).

2.2 Information collected automatically

  • Usage data. Pages visited, features used, tool runs initiated, time spent, click-throughs, and the device + browser type used.
  • Technical logs. IP address, approximate location (city / country) derived from IP, user-agent string, referrer URL, error logs, request timestamps.
  • Cookies and similar technologies. See our Cookie Policy for the full enumeration and your opt-out controls.

2.3 Information from third parties

  • Search engine data from Google Search Console, Bing Webmaster Tools, Ahrefs, SEMrush, or DataForSEO — only when you connect those accounts to your dashboard.
  • Authentication data from Google OAuth when you choose “Sign in with Google”.
  • Payment confirmation events from Stripe, Razorpay and PayPal webhooks.

3. Why we use your data (purposes and legal bases)

We use your personal data only for the following purposes, each tied to a lawful basis as required by GDPR and equivalent regimes:

  • Service delivery — to fulfil our contract with you (GDPR Art. 6(1)(b)). Without this data we cannot run audits, produce content, host your dashboard, send invoices, or accept payments.
  • Account security and fraud prevention — based on our legitimate interest (GDPR Art. 6(1)(f)) in protecting accounts, preventing abuse, and rate-limiting bots. Includes IP-based rate limits, OTP verification, and 2FA enforcement for paid accounts.
  • Service improvement and analytics — based on legitimate interest, with opt-in consent for non-essential analytics cookies (GDPR Art. 6(1)(a)). Aggregated and pseudonymised wherever possible.
  • Transactional communications — legitimate interest. Includes invoices, audit deliveries, OTP codes, security alerts, and renewal reminders.
  • Marketing communications — only with your explicit opt-in consent (GDPR Art. 6(1)(a) / CAN-SPAM / Indian Information Technology Act). Includes the weekly newsletter, drip sequences, and product update emails. Every marketing email contains a one-click unsubscribe link.
  • Legal compliance — to satisfy tax, accounting, anti-money-laundering, court order, and regulator request obligations (Art. 6(1)(c)).

4. How we share your data

We do not sell, rent, lease, or trade your personal data to third parties for advertising or any other commercial purpose. We share data only with the following categories of processors, each contractually bound by Data Processing Agreements that mirror the obligations of this policy:

  • Hosting and infrastructure. Hostinger (primary web hosting, EU + India regions), Cloudflare (DDoS protection + edge cache), and Amazon S3 / Backblaze B2 for backups.
  • Payment processors. Stripe Inc. (US + EU), Razorpay (India), PayPal Holdings Inc.
  • Email delivery. Amazon SES, SendGrid, or your own SMTP server (configured by you).
  • AI providers. Google (Gemini), Anthropic (Claude), OpenAI, or self-hosted Ollama — depending on the AI provider you choose in your account settings. Aria chat messages are sent to whichever provider is configured for the AI completion. AI providers process inputs ephemerally and do not train on your data per their published terms.
  • Analytics. Optional, only with your consent. Google Analytics 4 or self-hosted Plausible for anonymous usage measurement.
  • Customer support tools. Internal ticketing systems used by our team to handle support requests.
  • Legal and professional advisors. External lawyers, auditors, and accountants strictly when required for legal, tax or audit purposes.
  • Successors in interest. In the event of a merger, acquisition, or insolvency restructuring, personal data may transfer to the new controlling entity, subject to the same protections promised here.

5. International data transfers

Because we operate across India, the United States, the United Kingdom, the European Union and Singapore, your personal data may be transferred to and processed in countries outside your home jurisdiction. Where transfers leave the European Economic Area, the United Kingdom, India, or another jurisdiction with data-localisation rules, we rely on the European Commission’s Standard Contractual Clauses (2021), the UK International Data Transfer Addendum, equivalent legal mechanisms, and supplementary technical measures (transport encryption, encryption at rest, pseudonymisation) to ensure your data continues to receive the same level of protection.

6. Data retention

We keep personal data only as long as necessary for the purposes set out in this policy. Specific retention windows:

  • Active account data: for as long as your account remains open, plus 30 days after closure for recovery.
  • Billing and tax records: 7 years after the relevant transaction, as required by Indian, US and EU tax law.
  • Marketing email lists: until you unsubscribe, after which we keep a hashed record of the unsubscribed address indefinitely to honour the suppression.
  • Server logs and security event logs: 90 days, then aggregated and personal identifiers stripped.
  • Tool run histories: 365 days unless you delete them earlier from your dashboard.
  • Recorded video calls: 12 months, after which automatic deletion.

7. Your privacy rights

Depending on your country of residence, you have some or all of the following rights. We honour them globally regardless of where you live:

  • Right of access — to receive a copy of the personal data we hold about you.
  • Right to rectification — to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — to delete your account and all linked personal data, subject to the legal retention windows above.
  • Right to restriction — to restrict processing while a request is being resolved.
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format and transmit it elsewhere.
  • Right to object — to object to processing based on legitimate interest, including direct marketing.
  • Right to withdraw consent — where consent is the legal basis, you can withdraw at any time.
  • Right not to be subject to automated decision-making — we do not use automated decision-making with legal or similarly significant effects.
  • Right to lodge a complaint — with your local data protection authority (e.g. the UK ICO, the French CNIL, the California Attorney General, the Data Protection Board of India).

To exercise any of these rights, email privacy@seoindia.co with the subject line “Data subject request”. We verify identity using the email on file plus a one-time code, then respond within 30 calendar days. There is no fee for the first request in any 12-month period.

8. Children’s privacy

Our service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please email privacy@seoindia.co and we will delete it immediately.

9. Security

We implement appropriate technical and organisational measures including TLS 1.3 in transit, AES-256 at rest for sensitive fields, scoped credentials, principle-of-least-privilege access for all staff, role-based access control, audit logs for every administrative action, mandatory two-factor authentication for all employees with production access, encrypted backups, isolated staging environments, and regular external security review. No system is perfectly secure, however, and we cannot guarantee absolute protection. If we discover a breach affecting your personal data we will notify you within 72 hours as required by GDPR Art. 33–34.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our service, law, or industry guidance. If we make material changes we will notify you by email and post a prominent notice on the site. The “Effective date” at the top of this page always reflects the current version. Continued use of the service after a change indicates acceptance of the new policy.

11. Contact us

Privacy questions, complaints, or formal data-subject requests: email privacy@seoindia.co or dpo@seoindia.co. General contact: https://seoindia.co/contact/.

This policy is written to be readable. It is not legal advice. Material decisions affecting your rights should be made in consultation with counsel.