Abby
English Español Português Français Deutsch
Sign in Run a scan

Privacy Policy

Effective Date: April 12, 2026
Last Updated: April 12, 2026

Abby SEO ("we," "us," or "our") operates the website abbyseo.com and all related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our free SEO scanner, purchase paid products, or subscribe to monitoring services. Please read this policy carefully. By using the Service, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Information You Provide

  • URLs Submitted for Scanning: When you request an SEO or security scan, we collect the website URL you submit.
  • Email Address: If you provide your email address to receive scan reports, purchase a product, or subscribe to a service, we collect and store it.
  • Payment Information: When you make a purchase, payment details (credit card number, billing address) are collected and processed directly by our payment processor, Stripe, Inc. We receive only a transaction confirmation, last four digits of your card, and Stripe customer ID. We do not store full credit card numbers, expiration dates, or CVVs on our servers.
  • Contact Information: If you contact us via email or a contact form, we collect the information you provide in your message.
  • Data Deletion Requests: If you submit a deletion request, we collect your email, the URLs you want deleted, and the reason for your request.

1.2 Information Collected Automatically

  • IP Address: We collect your IP address for rate limiting, abuse prevention, security purposes, and to associate scan requests with sessions.
  • Browser and Device Information: We may collect your browser type, operating system, device type, and screen resolution through standard HTTP headers.
  • Usage Data: We collect information about how you interact with the Service, including pages visited, scan requests made, features used, and timestamps of activity. This data is collected through our self-hosted analytics platform (Umami) and does not track you across other websites.
  • Referrer Data: We may collect the URL of the page that referred you to our Service.

1.3 Information Generated by the Service

  • Scan Results: When you submit a URL, our scanner fetches and analyzes publicly accessible pages. The resulting data (SEO scores, check results, detected platform, security findings) is stored in our database.
  • AI-Generated Content: When you purchase a remediation guide, your scan data is sent to Anthropic's Claude API to generate personalized recommendations. The generated guide content is stored on our servers and delivered to you.
  • Purchase Records: We store records of your purchases, including product type, amount paid, download tokens, guide generation status, and download history.
  • Subscription Data: For monitoring subscribers, we store subscription status, billing period dates, scan history, report usage counts, and renewal information.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: To perform SEO and security scans, generate remediation guides, deliver monitoring reports, and process your purchases and subscriptions.
  • Payment Processing: To process payments, issue refunds, manage subscriptions, and maintain billing records.
  • Communication: To send you scan reports, guide deliveries, subscription renewal notices, purchase receipts, and responses to your inquiries.
  • Rate Limiting and Security: To prevent abuse, enforce usage limits, detect fraudulent transactions, and protect the integrity of our Service.
  • Service Improvement: To analyze usage patterns in aggregate to improve the Service's functionality and performance.
  • Legal Compliance: To comply with applicable laws, regulations, or legal processes.

3. Third-Party Services and Data Sharing

3.1 Payment Processing (Stripe)

We use Stripe, Inc. to process all payments. When you make a purchase, Stripe collects and processes your payment information under their own Privacy Policy. We share your email address and purchase details with Stripe to facilitate transactions. Stripe is PCI DSS Level 1 certified.

3.2 AI Content Generation (Anthropic)

When you purchase a remediation guide, we send your scan results (URL, detected issues, platform information) to Anthropic via their Claude API to generate personalized fix instructions. Anthropic processes this data under their Privacy Policy. We do not send your email address, payment information, or IP address to Anthropic.

3.3 Analytics (Umami)

We use a self-hosted instance of Umami for website analytics. Umami is a privacy-focused analytics tool that does not use cookies, does not track users across websites, does not collect personally identifiable information, and is fully compliant with GDPR, CCPA, and PECR. The analytics script is loaded from our own infrastructure (analytics.ai-signed.com). No analytics data is shared with third parties.

3.4 AI-Signed Trust Badge

Our website displays a trust badge from AI-Signed (ai-signed.com), a related service that verifies AI content transparency. The badge widget is loaded as an external script. AI-Signed may collect basic page-load data (URL, timestamp) to verify badge authenticity but does not set tracking cookies or collect personal information from our visitors.

3.5 Affiliated Services

Abby SEO is part of a portfolio of web tools. In the course of operating the Service, limited data may be shared between affiliated services for the following purposes:

  • Email Suppression: If you unsubscribe from communications, your email address is added to a shared suppression list to ensure you do not receive further emails from any of our affiliated services.
  • Scan Data Synchronization: Scan results may be shared between our SEO and security scanning infrastructure to provide integrated reports.

We do not share your data with unrelated third parties for their own marketing or advertising purposes.

3.6 Other Disclosures

We may disclose your information in the following limited circumstances:

  • Legal Requirements: If required by law, subpoena, court order, or governmental regulation.
  • Safety: To protect the rights, property, or safety of Abby SEO, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data under the General Data Protection Regulation (GDPR) are:

  • Contract Performance: Processing necessary to deliver products and services you have purchased (scans, guides, subscriptions).
  • Consent: Where you have voluntarily provided your email address or submitted a URL for scanning.
  • Legitimate Interest: For rate limiting, security, abuse prevention, fraud detection, and service improvement, where these interests are not overridden by your data protection rights.
  • Legal Obligation: Where we are required to process data to comply with applicable law.

5. Data Retention

  • Free Scan Results: Retained for 30 days from the date of the scan, then automatically and permanently deleted.
  • IP Addresses (Rate Limiting): Retained for no more than 7 days in rate-limiting logs, then automatically purged.
  • Email Addresses: Retained until you request deletion or unsubscribe, whichever comes first. For paying customers, retained for the duration of the business relationship plus any legally required retention period.
  • Purchase Records: Retained for 7 years from the date of purchase for tax and accounting compliance, then deleted.
  • Subscription Data: Retained for the duration of the subscription plus 90 days after cancellation, then deleted. Billing records are retained for 7 years per accounting requirements.
  • Remediation Guides (PDFs): Stored on our servers for 1 year after purchase to allow re-downloads, then deleted.
  • Suppression List: Email addresses on the suppression list are retained indefinitely to ensure continued compliance with your unsubscribe request.
  • Contact Inquiries: Retained for up to 12 months for customer service purposes, then deleted.
  • Server Logs: Retained for up to 90 days for security and debugging purposes.

6. Cookies and Tracking Technologies

We use minimal, essential cookies only. Specifically:

  • Session Cookie: A strictly necessary cookie used for CSRF (cross-site request forgery) protection. This cookie is essential for the secure operation of scan forms and payment flows. It does not track you, does not contain personal information, and is automatically deleted when you close your browser.

We do not use:

  • Advertising or marketing cookies
  • Third-party analytics cookies
  • Cross-site tracking cookies
  • Persistent identification cookies

Our self-hosted analytics platform (Umami) operates without cookies and does not use any form of persistent client-side storage for tracking purposes.

7. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including:

  • Encryption of all data in transit using TLS/HTTPS
  • Payment processing delegated to PCI DSS Level 1 certified provider (Stripe)
  • Access controls limiting data access to authorized personnel only
  • Database access restricted by network-level firewall rules
  • Regular security updates and patching of server infrastructure
  • Automated data deletion in accordance with our retention schedule

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

8. Your Rights

8.1 Rights for EEA/UK Residents (GDPR)

If you are in the EEA or UK, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data ("right to be forgotten") via our deletion request form or by emailing us.
  • Restriction: Request that we restrict processing of your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at privacy@abbyseo.com. We will respond within 30 days.

8.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know: Request what personal information we collect, use, and disclose about you.
  • Delete: Request deletion of your personal information.
  • Correct: Request correction of inaccurate personal information.
  • Opt-Out of Sale or Sharing: We do not sell or share (as defined by the CCPA/CPRA) your personal information with third parties for cross-context behavioral advertising. Because we do not engage in these practices, there is no need to opt out. If this changes in the future, we will provide a conspicuous opt-out mechanism.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA beyond what is necessary to provide the Service.

To submit a request, email privacy@abbyseo.com. We will verify your identity before processing the request and respond within 45 days.

8.3 Rights for All Users

Regardless of your location, you may:

  • Request deletion of any data associated with your email address or scans via our data deletion request form
  • Unsubscribe from any email communications at any time using the unsubscribe link in our emails
  • Request a copy of the data we hold about you
  • Contact us with questions or concerns about your data

9. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. For EEA/UK users, we rely on your explicit consent and the necessity of the transfer for performing our contract with you as the legal basis for international data transfers. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

10. Children's Privacy

The Service is not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. Purchases require users to be at least 18 years old. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child, please contact us at privacy@abbyseo.com.

11. Do Not Track Signals

Our Service does not track users across third-party websites and therefore does not respond to Do Not Track (DNT) signals. We do not use third-party tracking cookies or participate in cross-site advertising networks.

12. Third-Party Links

Our Service may contain links to third-party websites and affiliated services, including WCAG Repair, SiteDialect, AI-Signed, and NewSiteLead. Each of these services has its own privacy policy. We are not responsible for the privacy practices or content of third-party or affiliated websites. We encourage you to review the privacy policies of any sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. For active subscribers, material changes will be communicated by email. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Abby SEO
Privacy inquiries: privacy@abbyseo.com
General support: support@abbyseo.com
Website: abbyseo.com