PreflightSEO
Start free

Privacy Policy

Last updated: February 21, 2026

Who we are

PreflightSEO is an SEO migration comparison tool operated by PreflightSEO (Netherlands). Our registered contact is [email protected].

This Privacy Policy describes how we collect, use, and protect your personal data. We comply with the EU General Data Protection Regulation (GDPR) and applicable local data protection laws.

Data we collect

We collect the following categories of personal data:

Account data

What: Email address, name, and hashed password.

Why: To create and maintain your account, enable login, and provide customer support.

Legal basis: Performance of a contract (your account agreement with us).

Payment data

What: Billing email, payment method details, invoices, and subscription status.

Important: We do not store credit card details. Payment processing is handled by Stripe, our PCI-DSS certified payment processor. We only store transaction records and invoice history.

Legal basis: Performance of a contract and our legitimate interest in billing and financial records.

Crawl data

What: URLs and sites you submit to PreflightSEO for comparison runs, including crawl reports and analysis results.

Why: To perform the crawl, store results, and generate reports for your projects.

Legal basis: Performance of a contract.

Analytics

What: We use self-hosted Plausible Analytics to track aggregated page views, feature usage, and error rates. No cookies are set; IP addresses are anonymized; no personal data is collected.

Why: To understand how the product is used, identify bugs, and improve the service.

Legal basis: Our legitimate interest in product improvement and analytics.

How we use your data

  • • To deliver the PreflightSEO service and generate SEO comparison reports
  • • To process payments and send invoices
  • • To respond to support requests and communicate service updates
  • • To improve the product, debug issues, and analyze usage patterns
  • • To comply with legal obligations (e.g., tax or law enforcement requests)
  • • To prevent fraud and enforce our Terms of Service

Data retention

Account data: Retained while your account is active, plus 30 days after account deletion to allow recovery.

Payment data: Retained for 7 years to comply with financial record-keeping requirements.

Crawl reports: Retained according to your subscription plan limits. You may delete reports manually at any time.

Analytics: Aggregated and never personally identifiable. Raw access logs are retained for 90 days.

Third-party processors

We share limited data with trusted third-party service providers:

  • Stripe: Payment processing. Your payment information is shared with Stripe under their privacy policy and Data Processing Agreement. Stripe is GDPR-compliant and EU SCCs-certified.
  • Email provider (if applicable): For transactional emails (account confirmations, reports, support).

We do not sell, rent, or share your data for advertising or marketing purposes.

Your rights under GDPR

You have the following rights under EU data protection law:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right of rectification: You can request corrections to inaccurate data.
  • Right of erasure ("right to be forgotten"): You can request deletion of your data (subject to legal retention obligations).
  • Right to restrict processing: You can ask us to limit how we use your data.
  • Right to data portability: You can request your data in a portable format.
  • Right to object: You can object to processing for legitimate interests, including marketing.
  • Right to lodge a complaint: You may file a complaint with your local data protection authority, such as the Dutch Autoriteit Persoonsgegevens (APO) at autoriteitpersoonsgegevens.nl.

To exercise any of these rights, contact [email protected].

International transfers

PreflightSEO is based in the Netherlands. Your data is primarily stored within the EU/EEA. If data is transferred outside the EU/EEA (e.g., to Stripe's US systems), we ensure appropriate safeguards via EU Standard Contractual Clauses (SCCs).

Security

We implement industry-standard security measures including:

  • • Encryption in transit (TLS/SSL)
  • • Hashed password storage (bcrypt)
  • • Access controls and authentication
  • • Regular security audits and updates
  • • Secure backup procedures

However, no system is 100% secure. We cannot guarantee absolute protection. If you believe your data has been compromised, contact [email protected] immediately.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in data practices or legal requirements. Material changes will be announced via email to your registered account email. Your continued use of PreflightSEO after changes take effect constitutes acceptance of the revised policy.

The effective date shown at the top of this page reflects the last update.

Contact

If you have questions or concerns about this Privacy Policy, data protection practices, or wish to exercise your rights, contact:

Email: [email protected]

Data Protection Inquiry: [email protected]