Searchyze (“we”, “us”, or “the Service”) respects your privacy. This Privacy Policy explains how information is collected, used, stored, and protected when you use searchyze.com, app.searchyze.com, and related services.
1. Information We Collect
1.1 Account Information
When you sign in using Google OAuth, we collect:
-
Name
-
Email address
-
Profile picture
-
Unique Google account identifier
This information is used solely for account authentication and service access.
1.2 Google API Data (Authorized by User)
When you connect Google services, we access only the data you explicitly authorize via OAuth, including:
-
Google Search Console: search queries, landing pages, impressions, clicks, CTR, and average position data
-
Google Analytics 4 (GA4): aggregated traffic, engagement, and conversion data
-
Google Ads: campaign, keyword, and performance metrics
We only request read-only permissions necessary to provide analytics and reporting features.
1.3 Technical and Usage Data
For operational and security purposes, we collect:
-
IP address
-
Browser type
-
Device information
-
Log data
-
Session identifiers
-
Cookies necessary for authentication and preferences
2. How We Use Your Data
We process collected data for the following purposes:
-
Search performance analysis and reporting
-
AI-powered recommendations and content insights
-
Forecasting and performance modeling
-
Account management and authentication
-
Service security and fraud prevention
-
Debugging and technical improvement
Google user data is never used for advertising, resale, or profiling purposes.
3. Data Storage and Security
We implement industry-standard technical and organizational measures to protect personal and Google user data.
3.1 Encryption in Transit
All data transmitted between users, our servers, and third-party APIs is encrypted using HTTPS with TLS encryption.
3.2 Encryption at Rest
OAuth access tokens, refresh tokens, and connected Google account data are encrypted at rest using strong encryption standards (such as AES-256 or equivalent).
3.3 Access Control
Access to production systems is restricted to authorized personnel only. Access rights are granted based on the principle of least privilege and require secure authentication.
3.4 Token Protection
Google OAuth tokens are:
-
Stored in encrypted form
-
Never exposed publicly
-
Used only to access data authorized by the user
-
Revocable by the user at any time through their Google account
3.5 Data Isolation
User data is logically isolated and accessible only within the authenticated account environment.
3.6 Monitoring and Security Controls
We maintain logging and monitoring systems designed to detect unauthorized access or abnormal activity.
4. Sensitive Google User Data
Searchyze only accesses Google user data that is explicitly authorized by the user.
We do not access, collect, or store:
-
Gmail message bodies
-
Google Drive file contents
-
Google Photos content
-
Contacts
-
Calendar events
-
Health, biometric, or financial data
The data we access is limited strictly to performance and analytics metrics required to provide the Service.
We do not transfer Google user data to third parties except as necessary to provide the Service or comply with legal obligations.
We do not use Google user data for advertising purposes.
5. Third-Party Services
The Service integrates with:
-
Google APIs (OAuth, Search Console, Analytics, Ads)
-
OpenAI or Gemini APIs for AI-powered analysis
-
Google PageSpeed Insights
These providers process data according to their own privacy policies.
We ensure that any third-party processing is limited to what is necessary to provide our services.
6. Cookies
We use cookies necessary for authentication and session management.
The searchyze.sid cookie:
-
Is used for session authentication
-
Is transmitted securely via HTTPS
-
Is not used for tracking across websites
Users may disable cookies through browser settings, though this may affect functionality.
7. Data Retention
We retain user data while the account is active.
Users may request:
-
Account deletion
-
Revocation of Google integrations
-
Permanent deletion of stored data
Upon verified deletion requests, data is permanently removed within a reasonable timeframe unless retention is legally required.
8. Legal Basis for Processing (GDPR)
We process personal data under the following legal bases:
-
User consent (OAuth authorization)
-
Contractual necessity (providing the Service)
-
Legitimate interest (security and service improvement)
-
Legal obligations where applicable
Users located in the European Economic Area have the right to access, correct, delete, or restrict processing of their personal data.
9. Data Breach Response
In the event of a data breach affecting personal data, we will:
-
Investigate and mitigate the incident promptly
-
Notify affected users when required by applicable law
-
Notify relevant authorities if legally required
10. Your Rights
Users have the right to:
-
Access their personal data
-
Request correction of inaccurate data
-
Request deletion of their data
-
Object to certain processing activities
-
Withdraw consent at any time
Requests can be submitted via the contact details below.
11. International Data Transfers
Data may be processed on servers located outside the user’s country. In such cases, appropriate safeguards are applied in accordance with applicable data protection laws.
12. Changes to This Policy
We may update this Privacy Policy periodically. Continued use of the Service after updates constitutes acceptance of the revised policy.
13. Contact
For privacy-related questions or data requests:
Email: hello[at]searchyze.com
Website: https://searchyze.com
