Privacy Policy

Last updated: July 7, 2026

VectoSEO (“VectoSEO”, “we”, “us”) provides an AI SEO agent that connects to your Google Search Console, Google Analytics, and GitHub repositories to analyze your website’s search performance and, with your permission, prepare and ship changes to your site. This policy explains what data we collect, why, and what we do with it.

By using VectoSEO you agree to this policy. If you do not agree, please do not use the service.

1. Information we collect

Account information

When you sign up, we authenticate you through GitHub. We receive your name, email address, GitHub username, and avatar. We use this to create and secure your account.

Google user data (Search Console & Analytics)

When you connect a project, you may grant VectoSEO read-only access to your Google Search Console and Google Analytics data via Google OAuth. We request only these scopes:

  • Search Console (webmasters.readonly): clicks, impressions, average position, search queries, and page URLs for the properties you select.
  • Analytics (analytics.readonly): organic traffic metrics such as sessions, engagement, and conversions.

We store your OAuth refresh token in encrypted form so we can refresh this data on your behalf, and we cache the retrieved metrics to power your dashboard and analyses. We never request write access to your Google accounts, and we cannot change anything in Search Console or Analytics.

GitHub repository data

If you install the VectoSEO GitHub App on a repository, we access the source files of that repository to analyze on-page SEO and to prepare changes. Depending on the autonomy level you set, VectoSEO opens pull requests for you to review, or (only for fix types you explicitly enable at the highest autonomy level) commits changes directly. We use short-lived installation tokens and only access the repositories you select.

Conversations and usage

We store your chat conversations, the tasks and fixes the agent proposes, and product usage data (such as credits consumed and features used) to operate the service and improve it.

Payment information

Paid plans are processed by Stripe. Stripe handles your card details directly; we do not store full card numbers. We retain limited billing records such as your plan and invoice history.

Technical data

We collect standard technical information (IP address, browser type, device, and log data) and use privacy-respecting product analytics to understand how the service is used.

2. How we use your information

  • Provide the core service: analysis, audits, and preparing fixes.
  • Send your data and prompts to our AI provider to generate recommendations and draft changes (see Section 4).
  • Authenticate you, process payments, and provide support.
  • Maintain security, prevent abuse, and comply with the law.
  • Improve and develop the product.

We do not sell your personal information, and we do not use your Google user data for advertising.

3. Google API Services — Limited Use

VectoSEO’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, data obtained from Google Search Console and Google Analytics is used only to provide and improve user-facing features within VectoSEO. We do not transfer or sell this data to third parties except as necessary to provide the service, to comply with applicable law, or as part of a merger or acquisition. We do not use this data for advertising, and humans do not read it except with your explicit consent, for security purposes, or where required by law.

4. Sub-processors and sharing

We share data with service providers who process it on our behalf, under contractual confidentiality and security obligations:

  • Anthropic— powers the AI agent. Your prompts and the relevant Search Console/site data are sent to Anthropic’s API to generate analysis and drafts. Anthropic does not train its models on data submitted through its API.
  • Supabase — database and authentication hosting.
  • Vercel — application hosting.
  • Stripe — payment processing.
  • DataForSEO — third-party keyword and SERP data (this is market data, not your personal information).
  • Google and GitHub — the platforms you connect.

We may also disclose information if required by law or to protect the rights, safety, and security of VectoSEO and its users.

5. Data retention

We keep your data for as long as your account is active. You can disconnect any integration or delete your account at any time; when you do, we delete or anonymize your personal data and cached Google data within a reasonable period, except where we must retain records to comply with legal obligations.

6. Security

We protect your data with encryption in transit and at rest, encrypted storage of OAuth tokens, scoped and short-lived access tokens, and access controls. No method of transmission or storage is completely secure, but we work to protect your information and to limit what we collect.

7. Your rights and choices

  • Disconnectany integration (Google, GitHub) from your settings at any time. You can also revoke VectoSEO’s access directly from your Google account permissions.
  • Access, correct, or delete your personal data by contacting us or deleting your account.
  • Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA.

8. International transfers

We may process and store data in countries other than your own. Where we transfer data internationally, we rely on appropriate safeguards as required by applicable law.

9. Children

VectoSEO is not intended for anyone under 16, and we do not knowingly collect data from children.

10. Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the “Last updated” date. Material changes will be communicated where appropriate.

11. Contact

Questions about this policy or your data? Contact us at privacy@vectoseo.com.