Privacy Policy

IntenseSEO is operated as a free online tool. For privacy questions, email hello [at] intenseseo [dot] com.

We do not change or fix your website — advisory guidance only. Verify all information before use. You may run analyses without an account; we then store the report under a unique link for 3 days. Registered users with a verified email keep audit history in their account. AI features require registration (up to 5 lifetime suggestions on the free tier). We do not sell personal data. See also our Cookie Notice.

• Email address (used as your login identifier and for mandatory confirmation messages)
• Password stored only as a secure one-way hash — we never store plain-text passwords
• Session cookies to keep you signed in (see Cookie Notice)
• Email verification tokens until you confirm your address (typically up to 48 hours)
• Session lifetime of about 30 days while signed in, unless you log out sooner

• URLs you submit for analysis (and related page content fetched server-side for the audit)
• Optional AI suggestion requests including check context and a snapshot of page text fields (title, meta, H1, excerpt) from the prior audit

Do not submit URLs or content that contain personal data you are not authorized to process, or confidential information you do not wish to expose to our infrastructure.

AI responses are generated automatically and are not reviewed by us before display. They are advisory only; you must verify them before publishing on your site.

If you submit feedback on an AI copy suggestion, we store your account email, the audit URL, check identifiers, the suggestion text shown, optional SERP context, and your comment. This helps us improve the product. A one-time bonus AI suggestion credit may be granted per account when feedback is accepted under our reward rules.

To avoid charging credits when you reopen the same suggestion, we may store the last AI output per user, analysis, and check in our database until you delete your account or the linked analysis is removed.

• IP address (and derived identifiers) for rate limiting, abuse prevention, and security
• Browser type, request timestamps, and standard HTTP logs from hosting
• Approximate usage metrics needed to operate and debug the application
• Signals that a request comes from our website UI (for example same-site fetch headers) to reduce scripted API abuse

See our Cookie Notice. In summary: sign-in uses seo_session; optional ad funding may use seo_ad_support after integrity checks; cookie preference is stored in localStorage; guest legal consent for analyze may be stored in sessionStorage for about 30 minutes before you run an audit.

Guest audits: saved with a random share token, accessible at /report/…, automatically deleted after 3 days (or when expired records are purged).

Registered users: reports are linked to your user ID in Analysis history for 3 days unless you mark a report as kept (up to 5 permanent) until you delete your account.

You may delete your account from the Account page by confirming your password. This removes your profile, password, sessions, verification tokens, and all stored analyses linked to your account.

Fair-use record after deletion: To prevent abuse of the free service (for example, deleting and re-registering to obtain another 5 lifetime AI copy suggestions), we retain a minimal record separate from your account for up to 36 months after deletion. That record includes:

• Your email address as last used on the account, and a canonical email identifier (the same logical inbox after normalizing Gmail dots/plus-tags and similar aliases)
• The number of free AI copy suggestions already used on that identifier
• The date of deletion and an automatic expiry date for this retention

If you try to register again with an email that maps to the same canonical identifier before the record expires, registration is blocked (not only AI credits — you cannot open a new account with that address during retention). If registration were allowed after retention without erasure, your previous AI usage count would still apply. After the retention period, the record is deleted automatically and a new registration is treated as a first-time account for quota purposes.

We also store a one-way hash of the network used at registration (derived with AUTH_SECRET) to limit how many accounts can be created from the same connection in a rolling window. This does not identify you by name; it only slows automated multi-account sign-ups.

You may request erasure of this fair-use record as well (see Your rights below). We may need proof of identity. Erasing it resets free-tier quota for that email if you register again.

If you forget your password, you can request a time-limited reset link by email. Reset tokens expire after about 2 hours and invalidate active sessions when used.

We use the above information to:

• Create and manage your account and verify your email
• Perform SEO analysis and return results to your browser
• Save and display your past analyses when you are signed in
• Enforce fair-use limits (e.g. analyses per minute, lifetime AI suggestions per account, and anti-abuse records after account deletion)
• Generate optional AI copy suggestions when configured by the operator
• Maintain, secure, and improve the service
• Comply with legal obligations where applicable

Where GDPR or similar laws apply, we rely on:

• Legitimate interests — operating, securing, and improving a free tool you choose to use; preventing misuse of free tiers (including retaining a minimal post-deletion fair-use record as described above)
• Contract / steps at your request — processing necessary to provide the analysis you ask for
• Consent — where required for non-essential cookies or ads (see Cookie Notice)

Account data and saved analysis reports are kept until you delete your account or we remove them as part of service maintenance or legal compliance. Server logs and rate-limit counters may be kept for a limited period for security, then rotated or deleted according to hosting practices.

Post-deletion fair-use records (canonical email identifier, last email, AI usage count) are kept for up to 36 months from the deletion date, then automatically removed unless a longer period is required by law.

Depending on deployment, data may be processed by:

• Hosting and CDN providers (e.g. Vercel or similar)
• Email delivery (e.g. Brevo SMTP) for verification and password reset messages
• Advertising partners if ads are enabled (e.g. Google AdSense)
• Analytics (Google Analytics) if you accept optional cookies — measurement ID G-L4V9550FJW
• Google reCAPTCHA (when configured) for guest analyze abuse prevention
• AI or search API providers configured by the site operator (e.g. Google Gemini, OpenAI, Serper) — only when those features are active

Third parties process data under their own policies when their scripts or APIs are invoked. We are not responsible for third-party privacy practices.

Infrastructure and subprocessors may be located outside your country. Where required, appropriate safeguards (such as standard contractual clauses) may be used by those providers.

Depending on your location, you may have rights to access, rectify, erase, restrict, object, or port personal data, and to lodge a complaint with a supervisory authority. To exercise rights, contact the site operator. We may need to verify your request.

The service is not directed at children under 16. Do not use it if you are below the age required to consent to data processing in your jurisdiction.

We may update this policy by posting a new version with an updated date. Material changes will be reflected on this page.