Privacy Policy
Last updated: July 9, 2026
This policy explains what information FirstSerp("we", "us") collects when you use our website and platform, how we use it, and the choices you have.
Information we collect
- Account data — name, email, company name, and a hashed password when you sign up.
- Project data — the domains, keywords, competitors, and locations you configure for tracking, and the SEO metrics we collect about them from third-party data providers.
- Billing data — subscriptions are processed by Stripe. We never see or store your full card details; we store your plan, subscription status, and invoice records.
- Usage & security data — sign-in events with IP address and browser user-agent (shown to you under Active Sessions), and an audit log of account actions.
- Website analytics — our marketing site uses cookieless, privacy-focused analytics (Plausible). It does not use advertising cookies or track you across sites.
How we use it
- To provide the service: run rank checks, audits, and reports you configure.
- To operate your account: authentication, billing, support, and transactional email (verification, password reset, alerts you enable).
- To secure the platform: rate limiting, session management, audit logging.
- We do not sell your personal data, and we do not use it for third-party advertising.
Third-party processors
We rely on a small set of processors to run the service: hosting infrastructure, Stripe (payments), Resend (transactional email), SEO data providers (to fetch public search and backlink data about the domains you track), and the analytics provider named above. Each receives only the data needed for its function.
Data retention & deletion
Account and project data are retained while your account is active. You can request deletion of your account and associated data at any time by contacting us; we delete or anonymize it except where retention is legally required (e.g. invoices).
Your rights
Depending on your jurisdiction (including under GDPR), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Contact us to exercise them and we will respond within the statutory period.
Security
Passwords are stored hashed, sessions use signed cookies, third-party integration tokens are encrypted at rest, and access within a workspace is role-based. No method of transmission or storage is 100% secure, but we treat protecting your data as a core product requirement.
Contact
Questions or requests: contact us or email privacy@firstserp.com.