Privacy Policy

1. GENERAL INFORMATION AND MANDATORY DISCLOSURES

The protection of your personal data is a fundamental concern for us. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy. When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This Privacy Policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens. We would like to point out that data transmission over the Internet (e.g., when communicating via e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

2. DATA CONTROLLER

The party responsible for data processing on this website is: Konstantin Botschmanowski, Schulstraße 72, 41372 Niederkrüchten, Germany. E-mail: support@seodad.io. The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, e-mail addresses, etc.).

3. LEGAL BASIS FOR DATA PROCESSING

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis. For the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations required for the implementation of pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 (1) lit. d GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

4. HOSTING AND CONTENT DELIVERY NETWORKS (CDN)

We host the content of our website with the following provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner). Details can be found in Hetzner's privacy policy: https://www.hetzner.com/legal/privacy-policy. The use of Hetzner is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. If a corresponding query was made, the processing takes place exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time. We have concluded a contract for order processing (AVV) with the provider. This is a contract required by data protection law, which ensures that they only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

5. DATA COLLECTION ON THIS WEBSITE AND SAAS PLATFORM

We collect data in several layers to ensure the operation of the SEODAD SaaS platform: (I) REGISTRATION AND LOGIN: When creating a user account, we collect name, e-mail address, and password (stored exclusively as a cryptographic hash). These data are required for identification and provision of the service (Art. 6 (1) lit. b GDPR). (II) CUSTOMER AND PROJECT DATA: To use our SEO tools, we store URLs, keywords, and company information entered by you. These data are processed exclusively for the provision of the service. (III) SERVER LOG FILES: The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: browser type and version, operating system used, referrer URL, host name of the accessing computer, time of server request, and IP address. A merge of this data with other data sources is not performed. The collection of this data is based on Art. 6 (1) lit. f GDPR.

6. PAYMENT PROCESSING (MERCHANT OF RECORD)

We use the service provider Paddle (Paddle.com Market Ltd, Judson House, 5th Floor, 250 City Road, London, EC1V 2PU, UK) for payment processing. Paddle acts as the "Merchant of Record", which means that your contractual partner for the purchase of subscriptions is Paddle directly. Paddle collects and processes your payment data (credit cards, PayPal, etc.) and billing data autonomously in compliance with applicable data protection standards. We only receive information from Paddle about the status of the payment (successful/failed) and the billing address for accounting purposes. The transfer of your data to Paddle is based on Art. 6 (1) lit. b GDPR (contract fulfillment). Further information can be found in Paddle's privacy policy: https://www.paddle.com/legal/privacy.

7. ARTIFICIAL INTELLIGENCE AND DATA PROCESSING BY THIRD PARTIES

SEODAD uses interfaces to AI models for content generation. The transmission of your data inputs (e.g., topics, keywords) takes place via the aggregator OpenRouter (OpenRouter.ai) to models from OpenAI, Anthropic, Meta, or Google. The processing of your data by these models is purpose-bound for content generation. We have concluded agreements that ensure your data is not used for training global models. Nevertheless, you should not enter sensitive personal data of third parties in the content generation prompts.

8. SOCIAL MEDIA INTERFACES AND MULTI-CHANNEL POSTING

(A) META APIs (FACEBOOK & INSTAGRAM): When you link your Facebook pages or Instagram accounts, we request permissions via Meta OAuth. We store encrypted access tokens to publish your scheduled content via the Graph API. We do not access private messages or unauthorized profile data. (B) TIKTOK API: To publish videos on TikTok, we use the TikTok Content Posting API. Data processing takes place exclusively for the execution of your hosting and posting commands (Art. 6 (1) lit. b GDPR). (C) GOOGLE SEARCH CONSOLE: For SEO analysis, we connect to the Google Search Console API (auth/webmasters.readonly). We extract click and impression data to create reports for you on the visibility of your website. This data is buffered locally and never passed on to advertising networks. REVOCATION: You can revoke any of these connections at any time in your dashboard or in the security settings of the respective social network. Upon disconnection, all associated tokens in our database are physically deleted.

9. SEO ANALYSIS TOOLS (DATAFORSEO & SCRAPINGROBOT)

For keyword research and SERP analysis, we transmit the keywords and URLs to be analyzed to DataForSEO (DataForSEO Ltd.) and ScrapingRobot. No personal data of the app users is transmitted; only business-related search terms and public URLs are processed.

10. COOKIES AND ANALYSIS TOOLS

Our internet pages use so-called "cookies." Cookies are small data packets and do not cause any damage to your terminal device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic deletion is performed by your web browser. In some cases, third-party cookies may also be stored on your device when you enter our site. These enable us or you to use certain third-party services (e.g., cookies for the processing of payment services). Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies serve to evaluate user behavior or display advertising.

11. RIGHTS OF THE DATA SUBJECT

Right of access (Art. 15 GDPR): You have the right to obtain confirmation from the controller as to whether personal data concerning you are being processed; if so, you have a right of access to these personal data. Right to rectification (Art. 16 GDPR): You have the right to demand from the controller without undue delay the rectification of inaccurate personal data concerning you. Right to erasure (Art. 17 GDPR): You have the right to demand from the controller that personal data concerning you be erased without undue delay. Right to restriction of processing (Art. 18 GDPR): You have the right to demand from the controller the restriction of processing. Right to object (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR.