QuickSEO
PricingToolsBlog
Get Started

Privacy Policy

Last Updated: 18 March 2026

Welcome to QuickSEO (https://quickseo.ai). This privacy policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

1. Information We Collect

Account Information

When you sign up via Google OAuth, we collect:

  • Profile data: Email address, full name, and profile picture as provided by Google.
  • Google OAuth tokens: Access and refresh tokens used to connect to Google Search Console on your behalf. These tokens are stored securely and used only for authorized API access.

Google Search Console Data

When you connect a website, we fetch and store:

  • Keywords and search queries associated with your site.
  • Page performance data (clicks, impressions, average position, CTR).
  • Device and country breakdowns for your search traffic.

AI Visibility Tracking Data

When you use AI visibility features, we collect and store:

  • Prompts: The search prompts you create to track brand mentions across AI platforms.
  • AI responses: Raw responses from AI platforms (ChatGPT, Claude, Gemini, Perplexity) are stored for analysis.
  • Visibility scores: Parsed brand mention positions, citation URLs, and sentiment analysis results.
  • Competitor data: Competitor brand mentions detected in AI responses.

Billing Information

When you subscribe to a paid plan:

  • Stripe customer ID: We map your account to a Stripe customer record.
  • Billing address: Collected by Stripe during checkout.
  • Subscription status: Plan, billing cycle, and payment status are synced to our database.

We do not store credit card numbers or full payment details — these are handled entirely by Stripe.

Website Content

When you set up AI visibility tracking, we may scrape your website's content using Firecrawl to generate relevant AI prompts. This content is stored temporarily for prompt generation purposes.

Usage and Analytics Data

  • Datafast: We use Datafast analytics to track page views and events. Datafast uses cookies (visitor ID and session ID) for anonymous visitor tracking.
  • Vercel Analytics: Performance metrics are collected automatically by our hosting platform.
  • Google Tag Manager: Used for conversion and marketing analytics. GTM loads the following tracking pixels:
    • Facebook Pixel (Meta): Used for conversion tracking and retargeting on Facebook and Instagram. Subject to Meta's Privacy Policy.
    • Reddit Pixel: Used for conversion tracking and advertising attribution on Reddit. Subject to Reddit's Privacy Policy.
    • Google Analytics: Used for website traffic analysis and conversion tracking.
  • In the EU/EEA, UK, Switzerland, and Brazil, GTM and all associated pixels only load after you provide consent via our cookie consent banner.

Cookies and Local Storage

  • Authentication cookies: Set by Supabase to manage your session.
  • Sidebar state cookie: Remembers your dashboard sidebar preference (1-year expiry).
  • Datafast cookies: Visitor ID and session ID cookies for anonymous analytics.
  • GTM/Google Analytics cookies: Only set with your consent in regulated regions.
  • Facebook Pixel cookies: Used for ad targeting and conversion measurement. Only set with your consent in regulated regions.
  • Reddit Pixel cookies: Used for ad attribution and conversion tracking. Only set with your consent in regulated regions.
  • Local storage: UI preferences such as date ranges and chart grouping settings.

reCAPTCHA

We use Google reCAPTCHA v3 on certain forms to prevent spam and abuse. reCAPTCHA may collect hardware and software information, such as device data and application data, and send it to Google for analysis. Your use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

2. How We Use Your Information

  • To provide our services: Fetching Google Search Console data, running AI visibility scans, generating analytics dashboards, and delivering SEO insights.
  • To process payments: Managing subscriptions, billing, and account status via Stripe.
  • To send transactional emails: Account notifications, onboarding emails, and service updates via Resend.
  • To improve the product: Anonymous usage analytics help us understand feature adoption and performance.
  • To prevent abuse: reCAPTCHA and rate limiting protect against spam and unauthorized access.
  • To run background jobs: Inngest processes scheduled AI visibility scans on your behalf.

3. Third-Party Services and Data Sharing

We share data with the following third-party services as necessary to operate QuickSEO:

ServiceData SharedPurpose
SupabaseAccount data, all application dataDatabase hosting, authentication
Google OAuth / Search Console APIOAuth tokens, search queriesAuthentication, GSC data retrieval
StripeUser ID, email, billing addressPayment processing
OpenAIUser-created promptsAI visibility tracking (ChatGPT)
AnthropicUser-created promptsAI visibility tracking (Claude)
Google Generative AIUser-created promptsAI visibility tracking (Gemini)
PerplexityUser-created promptsAI visibility tracking (Perplexity)
ResendEmail address, first nameTransactional emails
FirecrawlWebsite URLs you provideWebsite content extraction
DatafastAnonymous usage events, visitor/session cookiesAnalytics
VercelPage performance metricsHosting and performance analytics
Google Tag ManagerConversion events (with consent)Marketing analytics
Facebook / Meta PixelPage views, conversions (with consent)Advertising and retargeting
Reddit PixelPage views, conversions (with consent)Advertising attribution
Google reCAPTCHADevice/browser signalsBot and spam prevention
InngestSite IDs, configuration dataBackground job scheduling

We do not sell your personal data to any third party.

4. AI Platform Data Processing

When you use AI visibility tracking, your prompts are sent to third-party AI providers (OpenAI, Anthropic, Google, Perplexity) to generate responses. These providers may process your prompts according to their own privacy policies and data retention practices. We recommend reviewing:

  • OpenAI Privacy Policy
  • Anthropic Privacy Policy
  • Google AI Privacy
  • Perplexity Privacy Policy

Prompts are constructed from your brand name and industry context — they do not contain your personal information.

5. Data Security

  • Storage: All data is stored on secure servers provided by Supabase (PostgreSQL with Row Level Security).
  • Encryption: Data is encrypted in transit (TLS) and at rest.
  • Access control: Database queries enforce user-level access controls to prevent unauthorized data access.
  • Security headers: We implement Content Security Policy, X-Frame-Options, X-Content-Type-Options, and strict referrer policies.
  • API authentication: All authenticated API routes verify user identity and resource ownership before processing requests.

6. Data Retention

  • Account data: Retained for as long as your account is active.
  • Google Search Console data: Retained for as long as your site is connected.
  • AI visibility data: Retained for as long as your account is active to provide historical trend analysis.
  • Analytics data: Datafast retains anonymous analytics according to their own policies.
  • Payment data: Stripe retains billing records according to their data retention policy and applicable financial regulations.

Upon account deletion, we will delete your personal data and associated site data from our systems. Some data may be retained in backups for a limited period or as required by law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data and account.
  • Data portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to the processing of your personal data under certain circumstances.
  • Consent withdrawal: Withdraw your consent to data processing at any time, without affecting the lawfulness of processing based on consent before withdrawal.
  • Restrict processing: Request that we limit the processing of your data under certain conditions.

GDPR (EU/EEA)

If you are in the EU/EEA, you have all the rights listed above under the General Data Protection Regulation. Our cookie consent banner ensures we obtain consent before loading non-essential tracking in regulated regions.

CCPA (California)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information.

8. Cookie Consent

For users in the EU/EEA, UK, Switzerland, and Brazil, we display a cookie consent banner before loading any non-essential cookies or tracking scripts (such as Google Tag Manager). You can manage your preferences at any time through the consent banner. Essential cookies (authentication, session management) are always active as they are necessary for the service to function.

9. Children's Privacy

QuickSEO is not intended for use by children under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Your continued use of QuickSEO after changes are posted constitutes your acceptance of the updated policy.

11. Contact Information

For any questions, data requests, or privacy concerns, contact us at:

  • Email: support@quickseo.ai