Menu
Features Pricing Integrations Blog About Contact
Login
Legal

GDPR & Data Protection

How TechySEO meets its obligations under the General Data Protection Regulation.

Effective date: January 1, 2026 Β Β·Β  Last updated: April 1, 2026

TechySEO takes GDPR compliance seriously. This page explains how we act as both a data controller (for our customers' personal data) and a data processor (when processing your users' data on your behalf).

1. Overview

The General Data Protection Regulation (EU) 2016/679 ("GDPR") and its UK equivalent (UK GDPR) set out strict rules for the collection, storage, and processing of personal data. TechySEO Ltd. is a data controller registered with the Information Commissioner's Office (ICO) in the United Kingdom.

We are committed to processing personal data lawfully, fairly, and transparently, and to upholding the rights of all data subjects.

2. Controller vs Processor

The distinction matters:

  • Data Controller: TechySEO is the controller for personal data we collect directly from our users β€” such as account registration details, billing information, and usage logs.
  • Data Processor: When you connect your website or Google Search Console account, TechySEO processes that data on your behalf. In this capacity, you are the controller and we act as your processor, bound by our Data Processing Agreement.

3. Lawful Basis for Processing

We rely on the following lawful bases under Article 6 GDPR:

  • Contract (Art. 6(1)(b)): Processing necessary to deliver the Service you signed up for.
  • Legitimate Interests (Art. 6(1)(f)): Security monitoring, fraud prevention, and product analytics (subject to balancing tests).
  • Legal Obligation (Art. 6(1)(c)): Retaining billing records to comply with tax law.
  • Consent (Art. 6(1)(a)): Marketing emails and non-essential cookies, where required.

4. Your Rights Under GDPR

As an EU/EEA or UK data subject, you have the following rights:

πŸ” Right of Access

Request a copy of all personal data we hold about you (Art. 15).

✏️ Right to Rectification

Request correction of inaccurate or incomplete data (Art. 16).

πŸ—‘οΈ Right to Erasure

Request deletion of your personal data where no legitimate ground for retention exists (Art. 17).

⏸️ Right to Restriction

Request that we restrict processing of your data in certain circumstances (Art. 18).

πŸ“¦ Right to Portability

Receive your data in a structured, machine-readable format (Art. 20).

🚫 Right to Object

Object to processing based on legitimate interests or for direct marketing (Art. 21).

To exercise any right, email [email protected]. We will respond within 30 days. We may require identity verification before acting on a request.

5. Data Processing Agreement

If you use TechySEO to process personal data of your own customers or website visitors (e.g., by connecting analytics tools), a Data Processing Agreement (DPA) is required under GDPR Art. 28. Our standard DPA is available on request.

  • Email [email protected] to request your DPA.
  • Enterprise customers can request a custom DPA via their account manager.

6. International Data Transfers

Our primary data infrastructure is hosted in the European Economic Area (EEA). Where we transfer personal data outside the EEA or UK, we ensure adequate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions where applicable.
  • Binding corporate rules or other approved transfer mechanisms.

7. Sub-processors

We use third-party service providers ("sub-processors") to help deliver the Service. All sub-processors are bound by data processing agreements that meet GDPR standards.

Current sub-processors include (non-exhaustive): cloud hosting providers (EU regions), Stripe (payment processing), and transactional email providers. A full list is available on request from [email protected].

8. Data Breach Procedure

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours (Art. 33 GDPR) and affected data subjects without undue delay where required (Art. 34 GDPR).

If you discover or suspect a breach involving TechySEO systems, report it immediately to [email protected].

9. Data Protection Officer

TechySEO has appointed a Data Protection Officer (DPO) responsible for overseeing GDPR compliance. The DPO can be contacted at [email protected].

10. Contact & Complaints

For any GDPR-related queries, contact us at [email protected].

If you are unsatisfied with our response, you have the right to lodge a complaint with your national supervisory authority. UK residents may contact the Information Commissioner's Office (ICO). EU residents should contact their local Data Protection Authority.