1. Overview
This Privacy Policy explains how VaFe ("we", "us", "our") collects, uses, and protects information when you use VaFe (the "Service"), our SEO agency management platform available at https://seo-updates.com. For legal entity details, see Section 14 (Contact Us).
We respect your privacy and limit the data we collect to what is necessary to provide the Service. We do not sell personal information, and we apply strict limits on how Google user data is used.
2. Information We Collect
2.1 Information you provide directly
- Account information: name, email address, password (hashed), company name, phone number (optional), billing address.
- Payment information: handled by our payment processors (PayPal, Stripe, Razorpay). We store only non-sensitive transaction identifiers and last-4 card digits for receipt purposes. We never store full card numbers or CVV codes.
- Client data you add: when you use the Service to manage your clients, you provide their business names, contact details, websites, keywords, and project notes. You are the data controller for this information; we are the data processor.
- Communications: emails, support tickets, and feedback you send us.
2.2 Information collected automatically
- Usage data: pages visited, features used, time spent, click patterns, and actions taken within the Service.
- Device information: browser type, operating system, IP address, screen resolution, and device identifiers.
- Log data: access logs, API call logs, error logs, and security events.
2.3 Information from third parties
- Google Search Console: with your explicit authorization, we retrieve keyword rankings, clicks, and impressions for the websites you add to the Service.
- Google Analytics: with your authorization, we retrieve traffic metrics, conversion data, and audience insights.
- Google Business Profile: with your authorization, we retrieve business performance metrics (calls, directions, website clicks) for your listings.
- Google Places API: we use this to determine your business's local map ranking at multiple geographic points around your location.
3. How We Use Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Authenticate users and prevent unauthorized access
- Process payments and send billing notifications
- Sync data from Google APIs to your dashboard
- Send transactional emails (trial reminders, receipts, critical updates)
- Respond to your support requests
- Detect and prevent fraud, abuse, or security incidents
- Comply with legal obligations
- Generate aggregated, anonymized analytics to improve the Service
4. Google User Data
4.1 What Google data we access
With your explicit OAuth authorization, we access data from the following Google APIs:
- Google Search Console API (
webmasters.readonly) — keyword rankings, clicks, impressions, CTR for your verified properties - Google Analytics Data API (
analytics.readonly) — traffic metrics and audience data for your GA4 properties - Google Business Profile API (
business.manage) — listings, insights, posts, and reviews for your GBP locations - Google My Business Account Management API — account and location metadata
- Google Places API — business listings and location data for local rank tracking
4.2 How Google user data is used (Limited Use)
Data obtained from Google APIs is used only to:
- Display rankings, traffic, and business metrics in your authorized workspace
- Generate reports, charts, and trend analysis you request
- Power features you have explicitly enabled, such as grid rank tracking and proposal generation
We do not:
- Transfer Google user data to third parties except as necessary to provide the Service (e.g., our hosting provider)
- Use Google user data for advertising purposes
- Allow humans to read Google user data, except with your explicit consent for support, for security investigations, for compliance with applicable law, or in aggregated and anonymized form for internal analytics
- Sell Google user data
- Use Google user data to train AI or machine learning models
4.3 Revoking Google access
You can revoke VaFe's access to your Google account at any time:
- Within the Service: Settings → Integrations → Disconnect
- Directly with Google: https://myaccount.google.com/permissions
5. Sharing and Disclosure
We share information in the following limited circumstances:
- Subprocessors: vendors who process data on our behalf under contract (see Section 6).
- Legal compliance: when required by law, court order, or valid legal process; or when necessary to protect our rights, safety, or property.
- Business transfers: in connection with a merger, acquisition, or sale of assets, we may transfer information subject to equivalent protection.
- With your consent: for any purpose disclosed at the time of collection and with your explicit permission.
We do not sell, rent, or trade personal information to third parties for their marketing purposes.
6. Subprocessors
We use the following subprocessors to deliver the Service. All subprocessors are bound by contractual obligations to maintain appropriate security and privacy standards.
| Subprocessor | Purpose | Location |
|---|---|---|
| Google LLC | Search Console, Analytics, Business Profile, Places API | USA |
| PayPal Holdings | Payment processing | USA |
| Stripe, Inc. | Payment processing (if enabled) | USA |
| Razorpay | Payment processing (India users) | India |
| Anthropic PBC | AI content generation (Claude API) | USA |
| Hosting provider | Application hosting & database | India |
We notify users of material changes to our subprocessors via email or in-app notification at least 30 days in advance.
7. Data Retention
- Account data is retained for the duration of your active subscription.
- After account cancellation, data is retained for 90 days in case of reactivation, then permanently deleted from live systems.
- Encrypted backups are retained for up to 180 days for disaster recovery purposes.
- Billing records are retained as required by applicable tax and accounting law (typically 7 years).
- Log data is retained for 90 days for security and debugging purposes.
8. Security
We implement industry-standard security measures to protect your information, including:
- Encryption in transit (TLS 1.2+) for all connections
- Encryption at rest for sensitive credentials (AES-256-CBC)
- Password hashing with bcrypt
- Multi-tenant isolation at the database query level
- Access controls and audit logging for all administrative actions
- Regular security updates and patching
- Two-factor authentication for administrative accounts
No method of transmission or storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security. If we become aware of a breach that affects your personal data, we will notify you without undue delay.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: request a copy of the personal information we hold about you
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your personal information (subject to legal retention requirements)
- Portability: request export of your data in a structured, machine-readable format
- Restriction: request restriction of processing under certain circumstances
- Objection: object to processing based on legitimate interests
- Withdraw consent: where processing is based on consent, withdraw it at any time
- Complaint: lodge a complaint with a supervisory authority in your jurisdiction
To exercise any of these rights, contact us at support@seo-updates.com. We will respond within 30 days.
10. International Transfers
The Service is hosted in India. If you access the Service from outside India, your information will be transferred to, stored, and processed in India or other countries where our subprocessors operate. By using the Service, you consent to these transfers.
For EU/UK users, we rely on appropriate safeguards (Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms) for international transfers where required.
11. Cookies
We use cookies and similar technologies to authenticate sessions, remember preferences, and analyze usage. For full details, see our Cookie Policy.
12. Children
The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us at support@seo-updates.com and we will promptly delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.
14. Contact Us
For privacy questions or to exercise your rights, contact us at:
VersaForge LLP
Tamil Nadu
India
Email: support@seo-updates.com