Privacy Policy

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Authentication credentials via OAuth (Google, GitHub)
• Profile information from connected OAuth providers

SEO Data

To provide our services, we access and store data from:

• Google Search Console: Search queries, clicks, impressions, CTR, average position, and indexed pages
• Google Analytics 4: Traffic data, sessions, users, bounce rates, and engagement metrics
• PageSpeed Insights: Core Web Vitals performance metrics
• SERP Data: Keyword rankings and position tracking

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, and time spent on the application.

2. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve our SEO monitoring services
• Detect anomalies and generate alerts for your websites
• Correlate data across multiple sources to identify root causes of issues
• Generate AI-powered analysis and recommendations
• Send email notifications about incidents and platform updates
• Process payments and manage subscriptions
• Respond to customer support requests
• Comply with legal obligations

3. Data Storage and Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.3
• Data at rest is encrypted using AES-256
• OAuth tokens are encrypted and stored securely
• We use secure PostgreSQL databases hosted on AWS
• Regular security audits and vulnerability assessments
• Multi-tenant isolation ensures your data is separated from other users

4. Data Retention

We retain your SEO data for the following periods:

• Search metrics: Up to 16 months of historical data
• Traffic metrics: Up to 14 months of historical data
• Performance metrics: Rolling 12 months
• Incident records: Retained for the duration of your subscription

When you delete your account, we will delete all associated data within 30 days, except where we are required to retain it for legal purposes.

5. Third-Party Services

We use the following third-party services:

• Google OAuth: For authentication
• GitHub OAuth: For authentication and deployment correlation
• Stripe: For payment processing
• AWS: For cloud infrastructure and AI services (Bedrock)
• Vercel: For application hosting
• Sentry: For error monitoring and performance tracking

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data
• Portability: Request your data in a machine-readable format
• Restriction: Request limitation of processing
• Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@apexsight.co.uk.

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies for advertising purposes.

• Session cookies: Required for authentication
• Preference cookies: Store your theme and display preferences

8. International Data Transfers

Your data may be processed in the United Kingdom, European Union, and United States. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the platform. Continued use of our services after such modifications constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: