Privacy Policy
Last updated: 18.05.2026
This Privacy Policy describes how OpTYXo ("we", "us", "our") collects, uses and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and applicable data protection laws.
1. Data Controller
Controller: OpTYXo
Contact: hi@optyxo.com
Website: https://optyxo.com
2. Data We Collect
- Identity data: name, email address (on registration or contact)
- Technical data: IP address, browser type, OS, pages visited, session duration
- Usage data: audit reports generated, scan history, preferences (language, theme)
- Payment data: processed exclusively via Stripe — we do not store card data on our servers
3. Purpose and Legal Basis
| Purpose | Legal Basis |
|---|---|
| Providing SEO audit services | Performance of contract (Art. 6(1)(b) GDPR) |
| Account management | Performance of contract (Art. 6(1)(b) GDPR) |
| Payment processing | Performance of contract (Art. 6(1)(b) GDPR) |
| Service communications (invoices, technical notices) | Legal obligation / Legitimate interests (Art. 6(1)(c)(f) GDPR) |
| Analytics and service improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
| Direct marketing (if subscribed) | Consent (Art. 6(1)(a) GDPR) |
4. Cookies
We use essential cookies for authentication and preferences (session, language, theme). If analytics are enabled, we use Google Analytics with anonymized IP. You can manage cookie preferences through your browser settings.
5. Recipients of Your Data
- Stripe Inc. — payment processing
- Google LLC — Analytics, reCAPTCHA, PageSpeed Insights API
- Hosting providers — server hosting in EU/EEA
- Public authorities — when legally required
We do not sell or transfer your data to third parties for commercial purposes.
6. International Transfers
Some providers (e.g. Stripe, Google) process data in the USA under the European Commission's approved mechanisms (Standard Contractual Clauses or Data Privacy Framework certification).
7. Retention Periods
- Account data: for the duration of the account + 30 days after deletion
- Audit reports: while the account is active, or until manually deleted
- Billing data: 10 years (legal obligation)
- Access logs: maximum 12 months
8. Your Rights
Under GDPR, you have the right to: access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, objection, and withdrawal of consent at any time.
To exercise your rights, contact us at: hi@optyxo.com. We respond within 30 days.
You may also lodge a complaint with your local data protection authority.
9. Security
We apply appropriate technical and organisational measures: HTTPS/TLS, bcrypt-hashed passwords, restricted data access, regular security monitoring.
10. Changes to This Policy
We may update this policy. Significant changes will be communicated by email or in-platform notification at least 15 days before taking effect.
11. Contact
For any questions regarding your data: hi@optyxo.com