Privacy Policy

Last updated: March 2026

Introduction

Welcome to KatanaSEO, operated by Heaptech SL (NIF: B21962931). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and protect your information when you use our service.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access our service.

Information We Collect

Personal Data

We may collect personal information that you voluntarily provide to us when you register on our service, express interest in obtaining information about us or our products, or when you contact us. The personal information we collect may include:

  • Contact information (such as name, email address and phone number)
  • Account credentials (such as username and password)
  • Website and CMS information (when you connect your website to our service)
  • Business profile data (website URLs, business descriptions, SEO configuration)
  • Usage preferences and settings
  • Payment data (processed securely by our payment provider — we do not store credit card numbers)

Usage Data

We may also collect information about how the service is accessed and used. This usage data may include information such as your computer's Internet Protocol address (IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.

How We Use Your Information

We may use the information we collect for various purposes, including:

  • To provide and maintain our service, including monitoring the usage of our service
  • To manage your account and send you service-related notices and updates
  • To process transactions and send billing notifications
  • To provide customer support and respond to your requests or inquiries
  • To improve our service and user experience
  • To detect and prevent fraud or abuse

Disclosure of Your Information

We do not sell your personal information. We may share your information in the following situations:

  • Service providers: with third-party providers we use to support our business and who are bound by contractual obligations to keep personal information confidential
  • Business transactions: in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition
  • Legal requirements: when required by law or to protect our rights, privacy, safety or property
  • With your consent: or under your direction

Third-Party Website Data Protection

We will NEVER share the data of your website, CMS credentials, generated content, or any other content of connected third-party platforms with any other party under any circumstance, except when explicitly required by law. Your website data is used strictly only for providing you with our SEO automation service and is handled with the highest level of confidentiality and security.

Google User Data

KatanaSEO may request access to your Google account data through Google APIs, specifically Google Search Console and Google Analytics (GA4). We access this data solely to provide you with SEO performance dashboards, keyword ranking tracking, and content health monitoring within our application.

How we use Google user data:

  • Google Search Console data (search queries, clicks, impressions, positions) is used exclusively to display your website's search performance metrics and to detect content performance changes through deterministic algorithms (no AI processing).
  • Google Analytics data (page views, engagement metrics) is used exclusively to display traffic analytics within your dashboard and to adjust content health severity scores through rule-based calculations (no AI processing).

Google user data is NEVER sent to any artificial intelligence model, large language model, or third-party AI service. All AI features in KatanaSEO (content generation, keyword research) operate independently and do not use any data obtained from Google APIs.

KatanaSEO's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve user-facing features of our application
  • We do not transfer Google user data to third parties, except as necessary to provide the service, comply with applicable laws, or with your explicit consent
  • We do not use Google user data for advertising, marketing, or any purpose unrelated to the core functionality of our service
  • We do not allow humans to read Google user data unless we have your affirmative agreement, it is necessary for security purposes, to comply with applicable law, or for our internal operations where the data has been aggregated and anonymized

Data Security

We implement appropriate technical and organizational measures to protect the security of your personal data, including encrypted data transmission (TLS), secure authentication (JWT), encrypted storage of sensitive credentials, and SOC 2 compliant infrastructure. However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure.

Data Retention

We retain your data for as long as your account is active. Upon account deletion, your data will be archived for 90 days (grace period) and then permanently removed, except where retention is required by law.

Your Data Protection Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR).

Our goal is to take reasonable steps to allow you to correct, amend, delete or limit the use of your personal data. You have the following rights:

  • Right of access — You have the right to request copies of your personal data
  • Right of rectification — You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete
  • Right to erasure — You have the right to request that we erase your personal data, under certain conditions
  • Right to restrict processing — You have the right to request that we restrict the processing of your personal data, under certain conditions
  • Right to object to processing — You have the right to object to our processing of your personal data, under certain conditions
  • Right to data portability — You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions

Cookies and Tracking Technologies

We use essential cookies for authentication and session management. We may also use cookies and similar tracking technologies to track activity on our service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. For significant changes, we will notify you via email or in-app notification.

Contact Us

If you have any questions about this Privacy Policy, please contact us: