Legal

Privacy Policy.

Last updated: June 30, 2026

1. Introduction

WhatSEO.ai ("WhatSEO", "we", "us", or "our") is an AI-powered SEO analysis platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services at whatseo.ai.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and name. If you sign in with Google, we receive your Google profile information (name and email) as authorized by you.

2.2 Website Data You Provide

When you use our audit service, you provide your website URL, and optionally: competitor URLs, priority pages, and a Google Analytics property ID. We use this data solely to perform SEO analysis on your behalf.

2.3 Google API Data

With your explicit consent, we access the following Google services using OAuth 2.0:

  • Google Search Console (read-only): We access your search performance data including queries, clicks, impressions, and page rankings for the last 90 days. This data is used exclusively within your SEO audit report.
  • Google Analytics (GA4) (read-only): We access your organic traffic data including sessions, engagement rates, and top landing pages. This data is used exclusively within your SEO audit report.

We request only read-only access. We never modify your Google Search Console or Analytics data. You can revoke access at any time from your Google Account permissions page.

2.4 Automatically Collected Data

We collect standard web analytics data including IP address, browser type, and pages visited. We use this to improve our service and do not sell this data to third parties.

3. How We Use Your Data

  • To perform SEO audits on websites you specify
  • To generate professional reports with your audit results
  • To send you audit reports via email
  • To display your audit history in your dashboard
  • To improve our analysis algorithms and service quality

We do not sell your data, use it for advertising, or use Google user data to develop, improve, or train generalized AI/ML models. We share data only with the service providers (sub-processors) we rely on to operate WhatSEO.ai, strictly to deliver the audit features you requested. These recipients, and what each receives, are listed in Section 6 below.

4. Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL) with Row Level Security ensuring each user can only access their own data. All data is encrypted in transit using TLS 1.3. Google OAuth tokens are stored encrypted in our database and are used only to fetch data for your audits.

5. Data Retention

Audit results are retained for as long as your account is active. You can request deletion of your data at any time by contacting us. Google OAuth tokens are retained only while your Google integration is connected; disconnecting removes the tokens.

6. How We Share, Transfer, and Disclose Data

We share, transfer, and disclose your data — including data obtained from Google APIs (your Google profile, and your Google Search Console and Google Analytics data) — only with the following service providers (sub-processors), and only to provide the SEO audit features you requested. The "Receives Google user data" column states whether that provider processes data obtained from Google APIs.

  • Supabase (database hosting & authentication) — stores your account, audit results, and encrypted Google OAuth tokens. Receives Google user data: yes (your Google profile and the Search Console / Analytics results saved in your audit).
  • Vercel (application hosting) — serves the application that processes requests. Receives Google user data: in transit only, as data passes through to provide the service.
  • Trigger.dev (background task processing) — runs the audit jobs that fetch and compile your report. Receives Google user data: yes (processes your Search Console / Analytics data while building the report).
  • Anthropic (Claude API) (AI report generation) — generates the written analysis in your report. Your Google Search Console and Analytics figures are sent to Anthropic to produce that narrative. Receives Google user data: yes. Anthropic does not use API inputs to train its models, and we do not use Google user data to train or improve any AI/ML models.
  • Resend (email delivery) — delivers your audit reports and notifications, which may contain Google-derived figures. Receives Google user data: yes (only the report content we email to you).
  • Google APIs — the source of Search Console and Analytics data, accessed read-only with your consent.

We do not share Google user data with any other parties. We may also disclose data if required by law, or in connection with a merger or acquisition, in which case we will notify affected users.

7. Your Rights

You have the right to: access your personal data, correct inaccurate data, delete your account and all associated data, export your audit reports, and revoke Google API access at any time. To exercise these rights, contact us at [email protected].

8. Google API Services User Data Policy

WhatSEO.ai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we use Google user data only to provide the SEO audit features you explicitly requested; we transfer it only to the sub-processors named in Section 6, solely to operate those features; we do not sell it; we do not use it for advertising; and we do not use it to develop, improve, or train generalized or non-personalized AI/ML models. Humans do not read your Google user data except where you grant explicit consent, where required for security or legal reasons, or where the data has been aggregated and anonymized.

9. Contact

For any privacy-related questions or requests, contact us at [email protected].