1. Who We Are
Serplet is operated by Zanforge LTD, a company registered in the Republic of Cyprus ("we," "us," or "our"). We are the data controller for all personal data processed through the website at serplet.com and the SERP tracking service (the "Service").
Contact for privacy matters: [email protected]
2. Information We Collect
Information You Provide
- Account Information: Name, email address, and password when you register.
- Billing Information: Payment details processed securely by Stripe. We do not store card numbers on our servers.
- Workspace Data: Campaign names, keywords, domain names, and tags you create within the Service.
Information Collected Automatically
- Usage Data: Pages visited, features used, timestamps, and interaction patterns.
- Device Information: Browser type, operating system, and IP address.
- Cookies: Essential cookies for authentication and session management. See §9 for details.
3. Legal Basis for Processing
We process your personal data only where we have a legal basis under GDPR Article 6:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and service delivery | Performance of a contract (Art. 6(1)(b)) |
| Payment processing and billing | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional emails | Performance of a contract (Art. 6(1)(b)) |
| Security monitoring and abuse prevention | Legitimate interest (Art. 6(1)(f)) |
| Usage analytics to improve the Service | Legitimate interest (Art. 6(1)(f)) |
| Compliance with tax and legal obligations | Legal obligation (Art. 6(1)(c)) |
4. How We Use Your Information
We use collected data to:
- Provide, maintain, and improve the Service.
- Process payments and send billing receipts.
- Send transactional emails (verification, password resets).
- Detect and prevent abuse, fraud, and security incidents.
We do not sell your personal information to third parties.
5. Service Providers
We share data with the following third-party processors acting on our behalf, bound by data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | United States |
| Mailgun | Transactional email delivery | United States |
| OAuth sign-in (optional) | United States | |
| Railway | Application and database hosting | United States |
We may also disclose data when required by law, regulation, or legal process, or in connection with a merger or acquisition.
6. International Data Transfers
Our service providers are located in the United States. Transfers of personal data from the European Economic Area to these providers are carried out under the EU-US Data Privacy Framework (European Commission adequacy decision, July 2023), to which Stripe, Mailgun, Google, and Railway are certified participants. Where the DPF does not apply, we use Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Data Retention
We retain your personal data for as long as your account is active. On account deletion, personal data is removed within 30 days, except where retention is required by law (e.g., tax records) or to resolve disputes.
SERP tracking data (keyword positions, historical rankings) is retained for the lifetime of your account to provide analytics, and deleted with your account.
8. Data Security
We apply industry-standard security measures including:
- TLS/SSL encryption for all data in transit.
- bcrypt hashing for stored passwords.
- Access controls and authentication on all API endpoints.
No electronic transmission or storage is 100% secure. We will notify you of any breach affecting your personal data as required by law.
9. Cookies
| Type | Purpose | Can be disabled? |
|---|---|---|
| Essential | Authentication and session management | No |
| Analytics | Usage trends and performance monitoring | Yes, via browser settings |
We do not use advertising or cross-site tracking cookies.
10. Your Rights
As a data subject under GDPR, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your account and associated personal data.
- Export your data in a portable format (data portability).
- Object to or restrict certain processing activities.
- Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, email [email protected]. We will respond within one month of receipt.
You also have the right to lodge a complaint with the supervisory authority in your country. Our lead authority is:
Commissioner for Personal Data Protection (Cyprus) Website: www.dataprotection.gov.cy Email: [email protected]
11. No Automated Decision-Making
We do not make any decisions about you solely through automated means that produce legal or similarly significant effects.
12. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us so we can delete it promptly.
13. Changes to This Policy
We may update this policy periodically. We will notify you of material changes by email or by posting a notice in the Service. The "Last Updated" date at the top reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
14. Contact
Zanforge LTD Privacy inquiries: [email protected]