Privacy Policy

What We Collect

What We DON'T Collect

• We don't log or store the content of your tool call requests or responses.
• We don't store your Google Search Console or Analytics data.
• We don't use cookies for tracking (only a session cookie for the dashboard).
• We don't sell your data. Period.

Google Data

When you connect Google, we request these scopes:

• webmasters.readonly — Read your Search Console data
• analytics.readonly — Read your Analytics data

We use Google data exclusively to serve your MCP tool requests. We don't cache, aggregate, or share your Google data with anyone. You can disconnect your Google account at any time from the dashboard, which immediately deletes your stored tokens.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Third-Party Services

• Lemon Squeezy — Payment processing. See their privacy policy.
• Fly.io — Hosting. Your data is processed on their infrastructure.
• Google APIs — We access your GSC/GA4 data on your behalf.

Security

• Passwords: bcrypt hashed
• API keys: SHA-256 hashed (we only store the hash)
• OAuth tokens: AES-256-GCM encrypted with unique IVs
• All traffic: HTTPS/TLS
• Database: SQLite with WAL mode, persisted to encrypted volume

Your Rights

• Access: View your data in the dashboard.
• Delete: Delete your account to remove all data.
• Disconnect: Revoke Google access anytime.
• Export: Contact us for a data export.

Data Retention

Account data is kept until you delete your account. Usage logs are kept for 90 days for billing purposes, then automatically purged.

Changes

We'll email you about material changes to this policy.

Contact

Privacy questions? Email privacy@seomcp.dev