Privacy Policy

Last updated: March 1, 2026

1. Information We Collect

We collect information you provide directly and data generated through your use of the Service:

• Account Information: Name, email address, company or agency name, password (hashed and salted)
• Billing Information: Payment method details are processed and stored securely by Stripe. We do not store your full credit card number.
• Business Data: Business names, addresses, phone numbers, locations, keywords, and Google Business Profile information you provide for tracking and optimization
• Usage Data: Pages visited, features used, actions taken, session duration, login timestamps, and interaction patterns
• Device & Technical Data: Browser type and version, operating system, IP address, screen resolution, referring URLs, and device identifiers
• Communications: Messages sent through support channels, Telegram bot interactions, and email correspondence

2. How We Use Your Information

We use collected information to:

• Provide, operate, maintain, and improve the Service
• Process payments, send invoices, and manage billing
• Deliver ranking reports, alerts, and optimization insights
• Send service updates, security alerts, and important notices
• Respond to support requests and customer inquiries
• Analyze usage patterns to improve the user experience and develop new features
• Protect against fraud, abuse, and unauthorized access
• Comply with legal obligations

We do not use your personal information for automated decision-making or profiling that produces legal effects.

3. Third-Party Services

We do not sell, rent, or trade your personal information to third parties. We share data only with trusted service providers who assist in operating the Service:

• Stripe: Payment processing and subscription management. Stripe's privacy policy governs their handling of your payment data.
• Google Analytics (GA4): Website usage analytics and conversion tracking. Data is anonymized where possible.
• Google Tag Manager: Tag management for analytics and marketing scripts.
• Meta (Facebook) Pixel: Conversion tracking and advertising optimization for users who arrive via Meta ads.
• Cloudflare: Content delivery, DDoS protection, and hosting infrastructure.
• Telegram: Delivery of alerts and reports via our bot (@OneStepSeoBot), only if you opt in to Telegram notifications.

Each third-party provider processes data in accordance with their own privacy policies. We only share the minimum data necessary for each provider to perform their function.

4. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential Cookies: Required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
• Analytics Cookies: Google Analytics cookies help us understand how visitors use our website and platform. These collect anonymized usage data.
• Advertising Cookies: Meta Pixel cookies help us measure the effectiveness of our advertising campaigns and serve relevant ads to potential users.

You can control or delete cookies through your browser settings. Blocking essential cookies may prevent you from using certain features of the Service. Most browsers allow you to refuse third-party cookies while accepting first-party cookies.

5. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/SSL) and at rest
• Secure password hashing
• Access controls and role-based permissions
• Regular security reviews and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal data for as long as your account is active and for a reasonable period afterward as necessary to:

• Fulfill the purposes described in this policy
• Comply with legal and regulatory obligations
• Resolve disputes and enforce our agreements
• Maintain business records as required by law

Ranking data, analytics history, and performance reports are retained for the duration of your subscription. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request export of your data in a machine-readable format
• Opt-out: Unsubscribe from marketing communications at any time via the link in any email
• Restrict Processing: Request that we limit how we process your data in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of your personal information — we do not sell personal information
• The right to non-discrimination for exercising your privacy rights

9. International Users

The Service is operated from the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the United States where our servers are located. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or through the Service at least 15 days before they take effect. Your continued use of the Service after changes constitutes acceptance of the updated policy.