Privacy Policy

Last updated: 3 May 2026

SEONAR ("we", "us", "our") is an SEO intelligence platform that helps businesses understand their search performance. This policy explains what data we collect, why we collect it, and how we keep it safe.

1. What data we collect

When you connect your Google account to SEONAR, we access the following data on your behalf via Google's APIs:

  • Google Search Console - search performance data including queries, pages, clicks, impressions, CTR, and average position.
  • Google Analytics - website analytics data such as traffic, sessions, and user engagement metrics.

We also collect basic account information (name, email) needed to identify your account within the platform.

2. Why we collect it

We use this data solely to provide SEO analytics, reporting, and insights within the SEONAR platform. This includes generating performance dashboards, identifying keyword opportunities, tracking ranking changes, and producing actionable recommendations for your websites.

3. How we access your Google data

SEONAR accesses Google services on your behalf using OAuth 2.0, the industry-standard authorization protocol. When you connect your Google account, you grant SEONAR specific permissions (scopes) to read your search and analytics data.

We store the OAuth refresh tokens required to maintain this access securely, using encryption at rest. These tokens are only used to fetch data you have explicitly authorized.

4. How data is stored and who can access it

Your data is stored securely on cloud infrastructure within the EU (AWS eu-west-1).

SEONAR is a multi-tenant platform. Data from each connected Google account is scoped to the organization that authorized access. This means:

  • Only members of your organization can view your data.
  • Data is never shared between organizations or tenants.
  • Our team may access data only for support or debugging purposes, and only when necessary.

5. Data Protection & Security

We apply industry-standard security controls to protect data accessed via Google APIs and any other personal data we hold:

  • Encryption in transit. All communication between your browser, our servers, and Google APIs is protected with TLS 1.2 or higher. We do not transmit your data over unencrypted channels.
  • Encryption at rest. All data is stored on encrypted volumes within Amazon Web Services (AWS) infrastructure in the EU region (eu-west-1). Database storage and object storage use AES-256 encryption at rest by default.
  • OAuth token protection. Access tokens and refresh tokens issued by Google are additionally encrypted at the application layer using authenticated symmetric encryption (Fernet — AES-128-CBC with HMAC-SHA256) before being persisted. Encryption keys are managed in AWS Secrets Manager, separately from the application database.
  • Tenant isolation. SEONAR is a multi-tenant application. Data accessed on behalf of one organization is logically isolated from every other organization. Each connected Google account's data is bound to the specific organization that authorized access and is never merged or exposed across tenants.
  • Authentication and administrative access. Access to SEONAR requires authenticated user sessions. Administrative access to production AWS infrastructure is restricted to a small number of authorized personnel and protected by multi-factor authentication (MFA) on every account.
  • Network and infrastructure security. Production systems are deployed in private network segments behind AWS security groups and VPC isolation. Public access is restricted to required HTTPS endpoints only. Internal services communicate over private subnets and are not exposed to the public internet. Logs and operational metrics are collected via Amazon CloudWatch to support monitoring and incident response.
  • Data minimization. We only request the minimum OAuth scopes required to deliver the features you have enabled. We request read-only access to Google Search Console and Google Analytics and never modify your Google data or configuration.
  • Backups. Encrypted database backups are retained on a short rolling window (currently 7 days) and are then automatically purged.
  • Breach response. In the event of a confirmed data breach affecting your data, we will notify affected users as soon as reasonably possible and in accordance with applicable laws (including the GDPR where applicable).

6. Use of AI/LLM providers

SEONAR uses third-party AI services (such as OpenAI and Anthropic) to generate insights, summaries, cluster names, and recommendations from your data. When data is sent to these providers:

  • Only aggregated or derived data (e.g. keyword groupings, performance summaries) is processed - not raw token material or full analytics exports.
  • The data is processed transiently to generate the requested output and is not used to train AI models, per the providers' enterprise/API terms.
  • These providers are bound by their own privacy and data processing agreements.

7. Data sharing

We do not sell, rent, or share your data with third parties. Your data is used exclusively to deliver the SEONAR service to you. We do not use your data for advertising, profiling, or any purpose unrelated to providing the platform.

8. Revoking access

You can revoke SEONAR's access to your Google data at any time through either of these methods:

  • Google Account settings - visit myaccount.google.com/permissions and remove SEONAR from your authorized apps.
  • Within SEONAR - use the disconnect option in your account settings to revoke access directly from our platform.

9. Data retention

If you revoke access or disconnect your Google account:

  • We immediately stop fetching new data from your Google account.
  • Previously collected data may be retained for a reasonable period to support your historical reports.
  • You can request full deletion of your data by contacting us (see below).

If your SEONAR account is deleted, all associated data - including stored tokens, analytics data, and reports - will be permanently removed from our systems within 30 days.

10. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you via the platform or by email. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact

If you have any questions about this privacy policy or how your data is handled, please contact us at privacy@seonar.ai.