Your rights under EU data protection law, and our GDPR commitments.
Last updated: January 2026
JustSEO.ai is fully committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable EU data protection laws. For EU customers, personal data is primarily processed and stored within the European Union. Where sub-processors located outside the EEA are used (for example, certain AI providers), we apply appropriate safeguards, including Standard Contractual Clauses.
The data controller responsible for your personal data is Basecamp Labs, Inc (JustSEO.ai). Email: privacy@justseo.ai · GDPR Contact: dpo@justseo.ai. 2261 Market Street STE 18268, San Francisco, CA 94114, United States.
Under GDPR Article 6, we process your personal data based on contractual necessity (to provide services you request), legitimate interests (to improve our service and prevent fraud), consent (for marketing and optional cookies), and legal obligation (to comply with tax and regulatory requirements). You have the right to object to processing based on legitimate interests and to withdraw consent at any time.
We collect account and identity data (name, email, encrypted password, OAuth tokens), payment and billing data (processed by Stripe, we do not store full card details), usage and service data (URLs analyzed, reports generated, projects, usage metrics), technical and device data (browser, IP address, approximate location, logs), communications data (support tickets, contact forms), and third-party integration data (Google Search Console, Slack, with your authorization).
We process your personal data to deliver and perform the service, process billing and payments, improve the service, ensure security and prevent fraud, communicate with you (transactional and, with consent, marketing), and comply with legal obligations.
We do not sell your personal data. We share data only with trusted service providers under strict data processing agreements (Supabase for EU hosting, Stripe for payments, Google Analytics with consent, and AI providers for AI features), with integrations you explicitly authorize, when required by law, in the event of a business transfer, and as aggregated or anonymized data.
For users located in the EU, your personal data is primarily processed and stored within the EU. Some third-party providers may process data outside the EU/EEA; when transferring internationally we use Standard Contractual Clauses, adequacy decisions, and certification mechanisms such as the EU-US Data Privacy Framework. Contact dpo@justseo.ai for safeguard documentation.
We retain personal data only as long as necessary. Account data is kept for the duration of your account plus 30 days after deletion. SEO reports and analysis are kept for 90 days unless saved to projects. Payment records are kept for 7 years for tax and accounting compliance. Support tickets are kept for 3 years. Log files are kept for 90 days. When you delete your account, personal data is anonymized or deleted within 30 days, except where legal retention applies.
Under GDPR you have the right of access (Article 15), rectification (16), erasure / right to be forgotten (17), restriction of processing (18), data portability (20), the right to object (21), rights related to automated decision-making (22), and the right to withdraw consent (7(3)). To exercise these rights, email dpo@justseo.ai or use the data management features in your account settings. We respond within one month (extendable to three months for complex requests). You also have the right to lodge a complaint with your local data protection authority.
We implement appropriate technical and organizational measures under GDPR Article 32: TLS/SSL encryption in transit, encryption at rest, bcrypt password hashing, role-based access control, two-factor authentication, network firewalls and intrusion detection, continuous security monitoring, staff training, confidentiality agreements, and regular security audits. Our infrastructure is EU-hosted with SOC 2 Type II and ISO 27001 certified providers. In the event of a data breach likely to result in risk, we notify the relevant supervisory authority within 72 hours.
We use strictly necessary cookies (no consent required) for authentication and security, functional cookies (consent-based) for preferences, and analytics cookies (consent-based) for usage understanding. Manage your preferences via our cookie banner, account settings, or browser settings. See our Cookie Policy.
Our Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe your child has provided personal data, contact dpo@justseo.ai and we will delete it.
We may update this policy to reflect changes in our practices or legal requirements. We will update the “Last updated” date, notify account holders via email, and seek new consent where required by law.
Data Protection Officer: dpo@justseo.ai · General Privacy: privacy@justseo.ai · Support: support@justseo.ai. We aim to respond to all legitimate requests within one month.
