This Privacy Policy explains how ScopeIQ ("we", "us") collects, uses, shares and protects personal data when you visit our website or use the ScopeIQ platform (together, the "Service"). We keep it simple: we collect the minimum we need to run a paid SEO tool well, and we never sell your personal data.
1. Data We Collect
Data you provide
- Account data: name, email address and password (stored as a salted hash) when you register.
- Billing data: handled by our merchant of record, Freemius, Inc. We never see or store your full payment card details; we receive only transaction metadata (plan, amount, status, country for tax purposes).
- Project data: domains, keyword lists and settings you add to your workspace.
- Communications: messages you send us via the contact form or by email.
Data collected automatically
- Usage data: features used, reports generated, and in-app events, used to improve the product.
- Technical data: IP address, browser type, device type and approximate (country-level) location, used for security, fraud prevention and localization.
- Cookies: see Section 6.
Data we do not collect
We do not collect special categories of personal data (health, biometrics, etc.) and the Service is not directed at children under 16. Publicly available web data in our SEO indexes (URLs, links, page titles) is crawled from the open web and is not linked to your account.
2. How We Use Your Data
- To provide, operate and secure the Service (contract performance).
- To process payments and manage subscriptions via Freemius (contract performance).
- To respond to support requests (contract performance / legitimate interest).
- To improve features and fix bugs using aggregated usage analytics (legitimate interest).
- To send transactional emails such as receipts, renewal reminders and security notices (contract performance / legal obligation).
- To send product updates and marketing emails only with your consent — every such email contains a one-click unsubscribe link.
- To comply with legal obligations, including tax and accounting rules.
3. Legal Bases (GDPR)
Where the EU/UK General Data Protection Regulation applies, we rely on: performance of a contract (Art. 6(1)(b)) for account, billing and support; legitimate interests (Art. 6(1)(f)) for security, fraud prevention and product analytics; consent (Art. 6(1)(a)) for marketing communications and non-essential cookies; and legal obligation (Art. 6(1)(c)) for tax and accounting records.
4. Sharing and Processors
We do not sell personal data. We share it only with service providers who process it on our behalf under data processing agreements:
- Freemius, Inc. — merchant of record, payment processing, licensing and subscription management.
- Cloud hosting and infrastructure providers — to run the Service and store data.
- Email delivery providers — to send transactional and (with consent) marketing email.
- Analytics providers — privacy-focused, aggregated product analytics.
We may also disclose data if required by law, to protect our rights, or as part of a merger or acquisition (in which case this Policy will continue to apply to your data until you are notified otherwise).
5. International Transfers
Some of our processors may be located outside your country, including outside the European Economic Area. Where that is the case, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or an applicable adequacy decision.
6. Cookies
We use a small number of cookies:
- Essential cookies — session and security cookies required for login and checkout. These cannot be disabled.
- Preference cookies — remember settings such as your selected billing cycle.
- Analytics cookies — set only with your consent, used to understand aggregate usage.
You can control non-essential cookies via the cookie banner and delete cookies at any time in your browser settings.
7. Retention
- Account and project data: kept while your account is active, then deleted or anonymized within 90 days of account deletion.
- Billing records: retained for as long as required by tax and accounting law (typically up to 10 years).
- Support communications: retained for up to 24 months after the last contact.
- Server logs: retained for up to 30 days for security purposes.
8. Security
We protect your data with industry-standard measures, including TLS encryption in transit, encryption at rest, hashed passwords, least-privilege access controls and regular security reviews. No system is 100% secure; if a breach affecting your personal data occurs, we will notify you and the competent authorities as required by law.
9. Your Rights
Depending on where you live, you may have the right to:
- access a copy of the personal data we hold about you;
- correct inaccurate data;
- delete your data ("right to be forgotten");
- receive your data in a portable format;
- object to or restrict certain processing;
- withdraw consent at any time (without affecting prior processing);
- lodge a complaint with your local data protection authority.
To exercise any of these rights, email privacy@scopeiq.dev. We respond within 30 days.
10. Changes to This Policy
We may update this Policy from time to time. For material changes we will notify you by email or in-app notice before the changes take effect. The "Last updated" date at the top of this page reflects the latest revision.
11. Contact
For any privacy questions or requests, contact our privacy team at privacy@scopeiq.dev or via our contact page.