Privacy
policy.

SEOVentra is an SEO operations platform built for developers, agencies, and growth teams. We help you manage URL indexing, run technical SEO audits, track AI discoverability scores, and monitor your presence across Google, Bing, and AI-powered search engines.

When we say "SEOVentra", "we", "our", or "us" in this policy, we mean the SEOVentra platform and its operators. When we say "you" or "your", we mean you — the individual or organisation using our platform.

This policy explains clearly what data we collect, why we collect it, how we use it, and what control you have over it. We've written it in plain language intentionally.

We collect data in two ways: data you give us directly, and data generated automatically when you use the platform.

Data you provide directly:

• Account information — your name, email address, and password (stored as a hashed credential, never plaintext) when you sign up
• Organisation details — organisation name, slug, and plan tier
• Domain data — domain names and URLs you add to the platform for tracking and indexing
• Verification tokens — DNS records, HTML tags, or file contents used to verify domain ownership
• Payment information — billing name, email, and payment method (processed by Razorpay or Stripe — we never store raw card numbers)
• API keys — keys you generate for programmatic access; we store only the hashed prefix after creation
• Alert configurations — notification rules including email addresses, webhook URLs, Telegram chat IDs, or Discord endpoints you configure
• Support messages — any communication you send to our team

Data generated automatically:

• Indexing job metadata — URLs submitted, provider used (GSC/IndexNow), job status, attempt count, timestamps, and API response data from Google and Bing
• Audit data — crawled URLs, discovered issues, SEO scores, AI discoverability scores, recommendations, and associated metadata
• GSC OAuth tokens — encrypted access and refresh tokens used to operate Search Console on your behalf
• Usage metrics — event counts for URL submissions, audits, AI scores, inspections, API calls, and sitemap submissions used for quota tracking
• Session data — login sessions, device type, and IP address for authentication and security
• Log data — request logs, error traces, and worker execution logs on Cloudflare infrastructure

We use your data only to operate, improve, and support the SEOVentra platform. Specifically:

• Providing the service — processing indexing jobs, running crawls, calling Google Search Console and IndexNow APIs, generating audit reports, computing AI visibility scores, and displaying your dashboard
• Authentication — verifying your identity on login, maintaining sessions, and securing your account
• Billing and quota management — tracking usage against your plan limits, processing payments, and sending billing-related notifications
• Alerts and notifications — delivering email, webhook, Discord, or Telegram notifications when your configured events trigger
• Platform improvement — understanding which features are used most, diagnosing errors, and improving performance (using anonymised aggregate data, not profiling individual users)
• Security — detecting abuse, preventing fraud, and protecting the platform and other users
• Legal compliance — retaining records as required by applicable law or in response to valid legal requests
• Support — responding to your questions, bug reports, and account requests

We do not use your data to train AI or machine learning models. We do not build advertising profiles. We do not sell, rent, or trade your data with third parties for their commercial purposes.

Connecting Google Search Console is optional but required for GSC-based URL inspection and sitemap submission features. When you authorise SEOVentra to access your Google account, we request the following OAuth scopes:

• webmasters.readonly — to inspect URL indexing status and fetch Search Console property data
• webmasters — to submit URLs and sitemaps to your Search Console properties

We store your OAuth access token and refresh token in encrypted form using AES-256 encryption with a key stored separately from the data. Tokens are decrypted only at the moment an API call is made and are never logged or exposed in plaintext.

We access only the Search Console properties associated with domains you have explicitly added and verified in SEOVentra. We do not read search performance data, keyword data, or any other Search Console reports beyond what is required for indexing operations.

You can revoke Google access at any time from your Google Account security settings (myaccount.google.com/permissions) or by disconnecting GSC within the SEOVentra dashboard. Revocation immediately disables all GSC-dependent features for your account and invalidates stored tokens.

IndexNow is a free, open indexing protocol supported by Bing, Yandex, and other search engines. When you use IndexNow features in SEOVentra, we:

• Derive a unique IndexNow key for each of your verified domains from your domain's verification token using a one-way hash function
• Submit your URLs and sitemaps to IndexNow-compatible endpoints (Bing, api.indexnow.org, Yandex, Seznam) on your behalf
• Store the submission results for your records and retry logic

IndexNow submissions do not require you to create a Bing account. Your platform key is used as a service-level credential covering all domains you manage through SEOVentra. Bing may log the submitted URLs in accordance with their own privacy policy.

If you have a Bing Webmaster API key configured, we use it to fetch crawl statistics from Bing Webmaster Tools on your behalf. This key is stored encrypted and used only for that purpose.

SEOVentra is built entirely on Cloudflare's infrastructure. Here is where your data lives:

• Cloudflare D1 (SQLite at the edge) — primary database storing accounts, domains, jobs, audits, scores, and all structured data
• Cloudflare KV — session tokens, rate limit counters, and short-lived cache values
• Cloudflare R2 — audit report artifacts and any stored file exports
• Cloudflare Workers — serverless compute processing all API requests and background jobs

Cloudflare operates a global network. Data may be processed at edge locations around the world for performance and availability. Cloudflare's own data processing agreements and DPA apply to this infrastructure layer.

We do not operate our own data centres. We do not use AWS, Google Cloud, or Azure as primary infrastructure. All data processing occurs within Cloudflare's network.

Your data is not transferred to any other cloud provider or third-party database service. Payment data is processed by Razorpay (India) or Stripe (international) and is not stored in our systems beyond transaction metadata.

We integrate with or rely on the following third-party services to operate the platform:

• Google — for OAuth authentication and Search Console API access
• Razorpay — for payment processing (India); governed by Razorpay's privacy policy
• Stripe — for payment processing (international); governed by Stripe's privacy policy
• Cloudflare — for infrastructure, DNS, CDN, and compute; governed by Cloudflare's privacy policy
• Bing / Microsoft — for IndexNow URL submission; Microsoft's privacy policy applies to submitted URLs
• Yandex — for IndexNow URL submission; Yandex's privacy policy applies to submitted URLs
• Anthropic Claude API — for AI discoverability scoring during audits; page content is sent to Claude for analysis and not retained by Anthropic beyond the API call per their data handling policy

We select third-party services carefully and only share the minimum data required for each integration. We do not pass your personal account data (name, email, billing information) to indexing or crawling services.

SEOVentra uses a minimal cookie footprint. We set:

• A session cookie — an HttpOnly, Secure, SameSite=Strict cookie containing your encrypted session token. This is strictly necessary for authentication and is the only cookie required to use the platform.
• No advertising cookies
• No third-party tracking cookies
• No analytics beacons or pixel trackers

We do not use Google Analytics, Mixpanel, Segment, Hotjar, or similar third-party behavioural analytics tools. Any platform usage analytics are derived from our own server-side logs and event counts, not client-side trackers.

Your browser's "Do Not Track" preference is respected in spirit — we do not track you across websites and have no cross-site tracking infrastructure.

We retain your data for as long as your account is active or as needed to provide the service. Specific retention periods:

• Account and organisation data — retained for the duration of your account, plus 30 days after deletion to allow for recovery
• Indexing job history — retained for 12 months by default; configurable per-domain on Pro and Business plans
• Audit reports and AI scores — retained for 6 months on free tier, 24 months on paid plans
• Usage metrics and billing records — retained for 7 years as required for financial compliance
• OAuth tokens — deleted immediately upon GSC disconnection or account deletion
• Session tokens — expire after 30 days of inactivity; deleted on logout or account deletion
• Support communications — retained for 3 years to maintain context for ongoing support

When you delete your account, we queue permanent deletion of all associated data within 30 days. During this window, you may request a data export or cancel the deletion. After 30 days, deletion is irreversible.

Aggregated, anonymised statistical data (e.g. "X% of audits find missing canonical tags") may be retained indefinitely as it contains no personally identifying information.

We take security seriously and implement industry-standard protections:

• Encryption in transit — all communication between your browser and SEOVentra uses TLS 1.2 or higher
• Encryption at rest — OAuth tokens, API keys, and sensitive credentials are encrypted with AES-256 before storage
• Password hashing — passwords are hashed using bcrypt with a per-user salt; we cannot recover your password
• API key design — API keys are shown once on creation; we store only a hashed prefix for identification
• Session security — sessions use cryptographically random tokens with HttpOnly, Secure, SameSite cookies
• Role-based access — platform access is enforced by an RBAC system with viewer, member, and admin roles
• Infrastructure security — Cloudflare's WAF, DDoS protection, and edge network provide additional hardening

No security system is perfect. If you discover a vulnerability in SEOVentra, please report it responsibly to security@seoventra.com. We commit to acknowledging reports within 48 hours and resolving critical issues within 14 days.

In the event of a data breach affecting your account, we will notify you by email within 72 hours of becoming aware of it, in compliance with applicable data protection regulations.

Depending on your location, you may have the following rights regarding your personal data:

• Right to access — request a copy of all personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your account and all associated personal data
• Right to data portability — request an export of your data in a machine-readable format (JSON)
• Right to restriction — request that we limit processing of your data in certain circumstances
• Right to object — object to processing of your data for specific purposes
• Right to withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at privacy@seoventra.com. We will respond within 30 days. We may ask you to verify your identity before processing requests.

You also have the right to lodge a complaint with your local data protection authority if you believe we have mishandled your data. We would prefer you contact us first so we can resolve the issue directly.

SEOVentra is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has created an account or provided personal data, please contact us at privacy@seoventra.com and we will promptly delete the relevant data.

Because SEOVentra runs on Cloudflare's global edge network, your data may be processed in data centres located outside your country of residence, including outside the European Economic Area.

Cloudflare maintains Standard Contractual Clauses (SCCs) and a comprehensive Data Processing Addendum (DPA) that govern cross-border data transfers in compliance with GDPR and equivalent regulations.

If you are located in the EU or UK and have concerns about international data transfers, you may request a copy of the relevant transfer mechanisms by contacting us at privacy@seoventra.com.

If you are located in the European Union or United Kingdom, the General Data Protection Regulation (GDPR) applies to our processing of your personal data. Our legal bases for processing are:

• Contract performance — processing your account data, domain data, and indexing jobs is necessary to deliver the service you signed up for
• Legitimate interests — security monitoring, abuse prevention, and platform analytics are in our legitimate interests and do not override your rights
• Consent — where we ask for your consent (e.g. for optional email communications), you may withdraw it at any time
• Legal obligation — retention of financial records as required by law

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the right to know what personal information we collect, the right to delete it, the right to opt out of "sale" (we do not sell data), and the right to non-discrimination.

To exercise any GDPR or CCPA rights, email privacy@seoventra.com with the subject line "Privacy Rights Request".

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes — changes that affect how we collect, use, or share your data — we will:

• Notify you by email at the address associated with your account at least 14 days before changes take effect
• Display a prominent notice in the SEOVentra dashboard
• Update the effective date at the top of this page

Minor changes (clarifications, typo corrections, formatting) may be made without notice. The current version of this policy is always available at seoventra.com/privacy.

Continued use of SEOVentra after changes take effect constitutes your acceptance of the updated policy. If you do not agree with changes, you may delete your account before they take effect.