Serql

Privacy Policy

Last Updated: March 6, 2026

At Serql ("we", "our", or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (serql.io) and use our software-as-a-service platform (the "Service").

1. Information We Collect

We collect information that you provide directly to us when you register for an account, use the Service, or communicate with us.

  • Account Data: When you create an account, we collect your name, email address, and authentication credentials. We use Clerk to manage authentication securely.
  • Google Search Console Data: When you connect your Google Search Console (GSC) account, we request read-only access via OAuth. We fetch and store your performance data, keywords, pages, and property metrics to provide the analytics dashboard. We never request write access and cannot modify your GSC data.
  • Usage and Analytics Data: We automatically collect certain information about your device and how you interact with our Service, including IP addresses, browser types, and pages visited.
  • Cookies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information, primarily for authentication and session management.

2. How We Use Your Information

We use the collected information for various purposes, including:

  • To provide, maintain, and improve the Service.
  • To process your GSC data to generate insights, classifications, and reports.
  • To communicate with you, including sending product updates, technical notices, and support messages.
  • To monitor and analyze usage and trends to improve user experience.
  • To protect the security and integrity of our platform.

3. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with trusted third-party service providers that perform services on our behalf:

  • Clerk: For user authentication and identity management.
  • Stripe: For payment processing and subscription management.
  • Google: For Google Search Console API access (OAuth).
  • Chatwoot: For the in-app support chat widget (loaded only with your consent).
  • Vercel: For hosting and edge network services.
  • Neon: For secure, managed Postgres database hosting.
  • Upstash: For caching and rate limiting.

We may also disclose your information if required to do so by law or in response to valid requests by public authorities.

4. Share Links and Public Reports

Serql allows you to generate shareable links for your reports. When you create a share link, the data in that specific report becomes accessible to anyone with the link, without requiring authentication. You are responsible for managing these links. You can revoke access to any share link at any time from your dashboard.

5. Data Retention and Security

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Google Search Console data: Cached performance data is retained for up to 6 hours (see cache TTLs). Historical analytics metadata is retained while your account is active.
  • Audit logs: Retained for 90 days for security and compliance purposes.
  • Backups: Database backups are managed by Neon and may persist for up to 30 days after deletion.
  • Stripe billing data: Payment records are retained by Stripe per their data retention policy. Local billing metadata is deleted with your account.

If you delete your account, we delete your GSC data, classifications, team memberships, share links, and account details from our active databases. Cascade deletions ensure all dependent records are removed.

We implement industry-standard security measures, including encryption in transit and at rest, to protect your data. For more details, please see our Security Page.

5a. Subprocessors

A current list of our subprocessors — third-party services that process data on our behalf — is maintained at docs/SUBPROCESSORS.md. We notify users of material changes to this list via updates to this Privacy Policy.

6. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.

If you have an account, you can exercise access and deletion rights directly:

  • Data export: GET /api/privacy/access (when logged in) returns your data as JSON.
  • Data deletion: POST /api/privacy/delete (when logged in) deletes your data from our systems. For full account removal, also delete your account in your authentication provider settings.

For other requests (correction, portability, objection), contact us at support@serql.io.

7. Cookies and Local Storage

We use the following cookies and local storage:

  • Essential: Clerk session cookies for authentication; required for the service to function.
  • Functional: active-theme (theme preference), serql_consent (support widget consent).
  • Conditional: Chatwoot sets cookies only when you enable the support chat widget.

Manage your preferences:

Enable to use the in-app chat for feedback and support. Disable to prevent Chatwoot from loading and setting cookies.

8. Children's Privacy

Our Service is intended for businesses and professionals. We do not knowingly collect personal information from children under the age of 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@serql.io.