Legal

Privacy Policy

Last updated: February 13, 2026

1. Who We Are

Indexed.page is a web-based index monitoring service. We are committed to protecting your privacy and comply with the General Data Protection Regulation (GDPR).

2. Data We Collect

Account Data

  • Email address — used for authentication, notifications, and account recovery.
  • Password — stored as a bcrypt hash, never in plain text.
  • Google account ID — stored if you choose to sign in with Google OAuth.

Service Data

  • URLs you submit for index monitoring.
  • Index check results and history.
  • Project names you create.

Payment Data

  • Payment processing is handled by Stripe. See Stripe's Privacy Policy for details.
  • We do not store credit card numbers. We store your Stripe customer ID and transaction references.

Technical Data

  • A signed session cookie is used for authentication.
  • We do not use third-party tracking cookies or analytics.

3. How We Use Your Data

  • Provide the index monitoring service.
  • Send notification emails according to your settings.
  • Process credit purchases.
  • Send account-related emails (confirmation, password reset).

4. Third-Party Processors

Provider Purpose Data Shared
Stripe Payment processing Email, payment details
DataForSEO Index status checking URLs submitted
Google OAuth sign-in Auth tokens (only if Google sign-in chosen)

5. Legal Basis (GDPR)

  • Contract performance — providing the Service as described.
  • Legitimate interest — account-related emails and abuse prevention.
  • Consent — marketing emails, which you may opt out of at any time.

6. Your Rights Under GDPR

You have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data.
  • Portability — receive your data in a portable format.
  • Objection — object to certain processing of your data.
  • Restriction — request restricted processing of your data.

To exercise any of these rights, contact [email protected]. We will respond within 30 days.

7. Data Retention

We retain your data while your account is active. Upon account deletion, your data will be deleted within 30 days. Anonymized, aggregated data may be retained for analytical purposes.

8. Data Security

We protect your data with the following measures:

  • HTTPS encryption for all connections.
  • Bcrypt hashing for passwords.
  • Signed session cookies.
  • Access controls limiting data access to authorized personnel.

9. International Transfers

Some third-party processors may process data outside the European Economic Area (EEA). These transfers are protected by Standard Contractual Clauses as approved by the European Commission.

10. Children

The Service is not intended for users under 16 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Registered users will be notified of changes by email. The "Last updated" date at the top of this page reflects the date of the latest revision.

12. Contact

For privacy-related questions or to exercise your GDPR rights, contact us at [email protected].