1. What is GDPR?

The General Data Protection Regulation (EU) 2016/679 (“GDPR”) is a regulation passed by the European Parliament and Council of the European Union. It has been enforceable since 25 May 2018 and is the world’s most comprehensive data protection law.

GDPR gives individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland strong rights over their personal data and imposes strict obligations on any organisation — regardless of where in the world it is based — that collects, stores, or processes personal data of EU residents.

Personal data under GDPR means any information that can directly or indirectly identify a living natural person. This includes names, email addresses, IP addresses, location data, online identifiers, and any other information that relates to an identifiable individual.

2. Who This Page Is For

This GDPR compliance page is written for:

• WordPress site owners and administrators who use the SEO Rank Genius plugin
• Agencies and freelancers who manage WordPress installations for clients
• Users who have purchased a license and created an account with SEO Rank Genius
• Anyone who wants to understand how their personal data is handled when using our Service

If you are a website visitor on a site that happens to use the SEO Rank Genius plugin, please note that the plugin does not collect, process, or transmit your personal data. Your data is handled by the website owner, not by SEO Rank Genius. The plugin sets no cookies on visitors’ browsers and makes no network requests on their behalf.

3. Our Role Under GDPR

Under GDPR, organisations that handle personal data are classified as either a Data Controller, a Data Processor, or both. Understanding our role is important for knowing your rights.

4. Data We Process and Why

4.1 Account and License Data

When you purchase a license or create an account, we collect:

• Name and email address
• Billing address (for invoice purposes)
• Payment information (processed by Freemius — we never see or store card details)
• WordPress site URL (required for license activation and plugin functionality)

Legal basis: Contract performance (Article 6(1)(b) GDPR) — this data is necessary to provide the Service you have purchased.

4.2 Plugin Usage Data

When the plugin is installed and activated, the following data may be sent to our systems:

• WordPress site URL and admin email address
• Plugin version, WordPress version, PHP version, and active theme
• License status and activation information
• Anonymous feature usage statistics (counts only — no content)

Legal basis: Contract performance (Article 6(1)(b)) for licence management; Legitimate interest (Article 6(1)(f)) for anonymised usage analytics to improve the Service.

4.3 Google Search Console Data

If you choose to connect Google Search Console, we access and temporarily cache:

• Search performance data (clicks, impressions, CTR, average position)
• Query data associated with your website
• URL-level performance metrics
• Sitemap status and URL inspection data
• OAuth 2.0 access and refresh tokens (encrypted at rest)

Legal basis: Consent (Article 6(1)(a) GDPR) — you explicitly authorise this access via Google’s OAuth 2.0 flow. You can withdraw consent at any time.

4.4 Google Analytics 4 Data

If you choose to connect Google Analytics 4, we access and temporarily cache:

• Website traffic metrics (sessions, users, pageviews)
• Engagement data (bounce rate, session duration, pages per session)
• Traffic source data (organic, direct, referral)
• Page-level performance data
• OAuth 2.0 access and refresh tokens (encrypted at rest)

Legal basis: Consent (Article 6(1)(a) GDPR) — you explicitly authorise this access via Google’s OAuth 2.0 flow. You can withdraw consent at any time.

4.5 AI Feature Processing Data

When you use AI-powered features, the following is sent to our cloud (api.seorankgenius.com) for processing:

• Post title, excerpt, and a limited content snippet (typically under 800 characters)
• Focus keywords and content structure metadata
• Site name and language/locale setting

This data is processed in real time and is NOT retained after the response is generated. It is not used for any purpose other than generating the requested AI output.

Legal basis: Contract performance (Article 6(1)(b)) — necessary to provide the AI feature you have activated.

4.6 Support Communications

When you contact us via email or support ticket, we retain the contents of those communications for up to 2 years for quality assurance purposes.

Legal basis: Legitimate interest (Article 6(1)(f)) — to maintain service quality and resolve disputes.

5. Data We Do NOT Collect

6. Data Retention

7. Your Rights Under GDPR

If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights under GDPR. We take these rights seriously and will act on your request without undue delay and within 30 days.

To exercise any of the above rights, please email support@seorankgenius.com. We will confirm receipt within 5 business days and respond fully within 30 days. If your request is complex, we may extend by up to a further 60 days, but will inform you of this extension.

We will never charge a fee for exercising your rights unless the request is manifestly unfounded or excessive.

8. Google API Services and Limited Use

8.1 What Google Limited Use Means

The Google API Limited Use policy restricts how applications may use data obtained through Google APIs. SEO Rank Genius complies fully with all Limited Use requirements:

8.2 Revoking Google Access

You can disconnect Google Search Console and/or Google Analytics 4 from SEO Rank Genius at any time:

• Inside the plugin: Navigate to SEO Rank Genius → Settings → Integrations and click “Disconnect”
• Via Google: Visit https://myaccount.google.com/permissions to view and revoke all app access

When you disconnect, all cached Google data and OAuth tokens are immediately and permanently deleted from our systems.

9. Sub-Processors

SEO Rank Genius uses the following third-party sub-processors that may handle your personal data. All sub-processors are bound by data processing agreements consistent with GDPR requirements.

We will update this list if we add new sub-processors. We will notify you of significant changes through the plugin’s admin interface or via email.

10. Data Transfers Outside the EEA

Some of our sub-processors (including Freemius and Google) are based in or transfer data to the United States and other countries outside the EEA. GDPR requires that such transfers have appropriate safeguards in place.

We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Ensuring sub-processors maintain equivalent data protection standards
• Freemius participates in the EU-US Data Privacy Framework
• Google maintains EU-US Standard Contractual Clauses for API data transfers

You can request information about the specific safeguards in place for international data transfers by emailing support@seorankgenius.com.

11. Do You Need a Data Processing Agreement (DPA)?

However, if your organisation requires a DPA for compliance documentation purposes (e.g. for enterprise procurement or legal review), we are happy to provide one. Please contact support@seorankgenius.com to request a Data Processing Agreement.

12. Security Measures

We implement technical and organisational security measures to protect your personal data in accordance with Article 32 GDPR:

12.1 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware, as required by Article 33 GDPR
• Notify affected users without undue delay where the breach is likely to result in high risk, as required by Article 34 GDPR
• Document all breaches, including those not requiring notification, in our internal breach register

13. GDPR and Your Own WordPress Site

As a WordPress site owner using SEO Rank Genius, you are an independent Data Controller for your own website visitors’ data. This means you are responsible for your own GDPR compliance. SEO Rank Genius helps you in the following ways:

Please note: SEO Rank Genius cannot be held responsible for your overall website’s GDPR compliance. You remain responsible for any other plugins, scripts, or services you use on your WordPress site that may collect visitor data.

14. Supervisory Authorities

You have the right to lodge a complaint with a data protection supervisory authority at any time. We ask that you contact us first so we can attempt to resolve your concern directly, but this does not affect your right to complain to a supervisory authority.

15. Changes to This GDPR Page

We will update this GDPR compliance page if our data practices change or if new legal requirements apply. For material changes, we will notify you via the plugin’s admin dashboard or by email. The “Last Updated” date at the top of this page reflects the most recent revision.

16. Contact Us

For any GDPR-related enquiry, rights request, or complaint, please contact us: