Privacy Policy

QueryBurst Ltd. ("QueryBurst", "we", "us", or "our") provides cloud‑based software‑as‑a‑service (SAAS) products that help customers analyse and improve their search presence. Our business operated in the United Kingdom from 46 Abbot Street, Perth, UK, PH2 0EE.

This Privacy Policy explains how we collect, use, disclose and protect personal data when you use any QueryBurst service, website or mobile application (collectively, the "Services"), and the choices you have associated with that information.

Effective date: 30 April 2025

1. Who is the data controller?

For the purposes of the UK General Data Protection Regulation ("UK GDPR") and the EU GDPR where applicable, QueryBurst is the data controller of the personal data described in this policy.

2. What information do we collect?

Category	Data elements	Source
Account Information	Full name, business or personal email address	Provided by you when creating or managing an account
Google Search Console Data	Website property identifiers, search queries, impressions, clicks, ranking and related metrics	Imported via the Google Search Console API at your direction
Usage & Analytics	IP address, browser type, pages visited, time spent, referral URL	Collected automatically through cookies and similar technologies, including Google Analytics

Note: We do not intentionally collect special‑category or sensitive personal data.

3. Legal bases for processing

We rely on one or more of the following legal grounds:

Performance of a contract – to provide and operate the Services you have requested.
Consent – for optional integrations (e.g. connecting your Google Search Console) and marketing communications. You may withdraw consent at any time.
Legitimate interests – to maintain and improve the Services, prevent misuse and secure our systems, provided these interests are not overridden by your rights.
Legal obligations – where processing is necessary to comply with tax, accounting or other legal requirements.

4. How we use your information

Provide and maintain the Services: create user accounts, authenticate log‑ins, import and present Google Search Console data.
Customer support: respond to enquiries, troubleshoot issues and send service‑related notices.
Product development and analytics: understand how the Services are used, improve features, and develop new tools.
Marketing: send product updates or newsletters where you have opted‑in.
Security and fraud prevention: detect, investigate and mitigate malicious or fraudulent activity.

Google OAuth & API Services compliance

When you sign up, log in, or connect a Search Console property, we authenticate you with Google OAuth 2.0. We request only the minimal scopes required (e.g. userinfo.email, userinfo.profile, and Search Console readonly). The resulting access and refresh tokens are stored in encrypted form and are never shared with third parties. You can revoke QueryBurst’s access at any time in your Google Account security settings.

Compliance statement : Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including its Limited Use requirements.

5. Sharing and disclosure

We share personal data only when necessary:

Recipient	Purpose	Safeguards
Cloud hosting and infrastructure providers (e.g. DigitalOcean)	Operate core platform and store data	Data processing agreements & technical measures
Stripe Payments Europe Ltd. (payment processor)	Process subscription and payment transactions; store and tokenise card details accessed via our billing portal and webhooks	PCI-DSS certification, Data Processing Agreement, encrypted transmission
Google LLC	Analytics cookies; processing of Search Console data you authorise	Standard Contractual Clauses & Google Data Processing Terms
Professional advisers (legal, accounting)	Compliance, audits, dispute resolution	Confidentiality obligations
Authorities or courts	Where required by law or to protect rights	Disclosures vetted case‑by‑case

We do not sell or rent personal data.

6. International data transfers

Your information may be transferred to and processed in countries outside the UK and European Economic Area. Where we do so, we rely on:

Adequacy regulations issued by the UK Government or European Commission, or
Standard Contractual Clauses or equivalent safeguards.

7. Data security

We implement organisational and technical measures, including:

Encryption in transit (TLS 1.2+) and at rest
Role‑based access controls and least‑privilege principles
Regular penetration testing and vulnerability scanning
Continuous monitoring and logging

8. Data retention

Data category	Retention period
Account information	While your account is active and for up to 12 months after closure, unless required longer by law
Google Search Console data	Until you delete the property or disconnect the integration, plus 30 days for back‑up rotation
Analytics & log data	14 months (Google Analytics default), unless aggregated or anonymised earlier

We delete or anonymise data when the retention period expires.

9. Your rights

Depending on where you reside, you may have the right to:

Access a copy of your personal data
Correct inaccurate or incomplete data
Request erasure ("right to be forgotten")
Restrict or object to processing
Port data to another controller
Withdraw consent at any time
Lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority

Requests can be made by emailing [email protected]. We will respond within one calendar month.

10. Supplemental US State Privacy Rights (CCPA/CPRA)

California residents (and, where applicable, residents of other U.S. states with similar privacy laws) are entitled to the following additional disclosures and rights:

Categories collected and disclosed: We collect the categories of personal information set out in Section 2 and disclose them as described in Section 5.
Right to know/access: You may request details of the personal information we hold about you.
Right to delete: You may ask us to delete personal information, subject to certain statutory exceptions (e.g. to comply with legal obligations).
Right to correct: You may request correction of inaccurate personal information.
Right to opt‑out of “sale” or “sharing”: QueryBurst does not "sell" your personal information. We only "share" personal information for cross‑context behavioural advertising where you have consented to non‑essential cookies, and you may opt‑out at any time via our cookie banner.
Right to restriction / limit use of sensitive personal information: We do not use or disclose sensitive personal information for purposes that would trigger this right under California law.
Non‑discrimination: We will not discriminate against you for exercising any of these rights.

You (or your authorised agent) can exercise these rights by emailing [email protected]. We will verify your identity before fulfilling your request.

11. Cookies and similar technologies

We use cookies to operate the Site and to understand user behaviour. The primary cookie is Google Analytics (_ga, _gid, _gat) which records pseudonymous usage metrics. You can disable non‑essential cookies via our cookie banner or your browser settings. For more details, see our separate Cookie Notice.

12. Children’s privacy

The Services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Changes to this Privacy Policy

We may update this Policy from time to time. Material changes will be notified via email or prominent notice in the Services at least 30 days before they take effect. The "Effective date" at the top will always indicate the latest revision.

14. Contact us

If you have any questions about this Privacy Policy or our privacy practices, please contact:

QueryBurst
46 Abbot Street
Perth, UK, PH2 0EE
Email: [email protected]
Attn: Data Protection Officer