Privacy Policy

Last updated: April 14, 2026

1. Introduction

GROW IT ("we," "our," or "us") operates ChatSEO, an AI-powered SEO assistant. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website and services (collectively, the "Service").

We are committed to protecting your privacy and ensuring a positive experience on our Service. This policy describes our data practices in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you voluntarily provide when using our Service:

  • Account Information: Name, email address, company name, and other registration details
  • Registration: Email address when you sign up for the Service
  • Communication Data: Information you provide when you contact us for support or inquiries
  • Payment Information: Billing details (processed securely by third-party payment processors)

2.2 Information Collected Automatically

When you access our Service, we automatically collect certain information:

  • Usage Data: Pages visited, features used, time spent, and interaction patterns
  • Device Information: Browser type, device type, operating system, IP address
  • Cookies and Similar Technologies: Session data, preferences, and analytics information
  • Log Data: Server logs, error reports, and performance metrics

2.3 Third-Party Data

When you connect third-party services to ChatSEO, we access and process:

  • Google Search Console: Search queries, impressions, clicks, rankings, and site performance data

Important: Google Search Console data is accessed via the Google API in real-time using the read-only OAuth scope (webmasters.readonly). This data is never stored in our database, never cached, and never persisted in any form. It is fetched from Google's API, displayed to you, and immediately discarded. Only OAuth credentials (access token, refresh token) are stored to authenticate API requests on your behalf.

You control what data you share by managing permissions in your connected accounts. You can revoke ChatSEO's access at any time through your Google security settings.

3. How We Use Your Information

We use the information collected for the following purposes:

  • Provide the Service: Process your requests, analyze SEO data, and deliver AI-powered insights
  • Account Management: Create and manage your account, authenticate users, and provide customer support
  • Improve the Service: Analyze usage patterns, develop new features, and enhance user experience
  • Communications: Send service updates and respond to inquiries
  • Marketing: Send newsletters and promotional content (with your consent; you can unsubscribe at any time)
  • Security: Detect fraud, prevent abuse, and protect against security threats
  • Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. Artificial Intelligence and Your Data

ChatSEO uses AI services to provide SEO analysis and insights:

  • Anthropic Claude (Sonnet 4, Haiku): Used for real-time SEO analysis and conversation
  • Voyage AI: Used for vector embedding generation in the cross-conversation memory system

No training on your data: Under Anthropic's commercial API terms of service, data sent via the API is not used for model training. Voyage AI processes data for embedding generation only. We do not use any user data to train, fine-tune, or improve any AI model.

No retention by AI providers: All AI processing is ephemeral. Your data is processed and the result returned. AI providers do not retain your data beyond the duration of the API request.

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your information depends on the specific context:

  • Contract Performance: Processing necessary to provide the Service you have requested
  • Consent: You have given explicit consent for specific purposes (e.g., marketing emails)
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving the Service)
  • Legal Obligation: Processing required to comply with legal requirements

6. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

6.1 Service Providers (Sub-processors)

We share data with third-party vendors who perform services on our behalf. The following table summarizes our key sub-processors:

Sub-processorPurposeData ProcessedLocation
Hetzner Online GmbHServer hostingAll service dataGermany (EU)
AnthropicAI-powered SEO analysisConversation content, SEO data (transient)United States
Voyage AIVector embeddings for memoryText content for embeddingUnited States
Stripe, Inc.Payment processingBilling details, payment infoUnited States
ResendTransactional emailEmail address, nameUnited States
Mixpanel, Inc.Product analytics (consent required)Usage events, email, nameUnited States
Customer.ioMarketing automation (consent required)Email, name, usage eventsUnited States
SentryError monitoringTechnical errors, IP addressUnited States
Crisp IM SASCustomer support chatName, email, conversationsFrance (EU)
Google APIsOAuth + Search ConsoleOAuth tokens, GSC data (transient)United States
DataForSEOSEO data (keywords, SERP)Public domain/URL dataUnited States
FirecrawlWeb page scrapingPublic URLs, page contentSelf-hosted (EU)

For the complete and always up-to-date list of sub-processors, including data transfer mechanisms, see our Sub-processors page.

For enterprise customers requiring a Data Processing Agreement, see our DPA.

These providers are contractually required to protect your data and use it only for specified purposes.

6.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal processes
  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Prevent fraud or security threats

6.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred to the acquiring entity. We will notify you of any such change and your options regarding your data.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide you with the Service
  • Comply with legal obligations (e.g., tax and accounting requirements)
  • Resolve disputes and enforce our agreements

When you close your account or request deletion, we will delete or anonymize your personal information within 30 days, unless we are legally required to retain it longer.

8. Your Data Protection Rights (GDPR)

If you are located in the EEA, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent to processing at any time

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, modification, disclosure, or destruction. These measures include:

  • Encryption of data in transit (SSL/TLS) and at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Employee training on data protection practices
  • Secure data centers with physical and network security

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data from the EEA to other countries, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other lawful transfer mechanisms under the GDPR

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. Cookies are small data files stored on your device that help us:

  • Remember your preferences and settings
  • Understand how you use our Service
  • Improve functionality and performance
  • Deliver relevant content and advertisements

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our Service.

12. Third-Party Links

Our Service may contain links to third-party websites and services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

13. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately and we will delete it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification (for significant changes)

We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller: GROW IT
3 impasse du parc
14610 Cairon, France
Email: [email protected]

You also have the right to file a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.