Privacy Policy
Last Updated: January 9, 2025
Welcome to ListSeek.ai. This Privacy Policy explains how we collect, use, protect, and share your personal information in compliance with the General Data Protection Regulation (GDPR) and French data protection laws.
1. Data Controller
Listseek.ai
424 chemin du château
13119 Saint Savournin, France
Email: razzium@live.fr
2. Data We Collect
2.1 Account Information
- Email address - Required for account creation and communication
- Password - Encrypted and stored securely
- Display name - Optional, for account personalization
- First and last name - Optional
- Profile information - Bio, location (optional)
2.2 Usage Data
- Projects - Project names and descriptions you create
- Keywords - Search terms you monitor
- Brand names - Brands you track
- Search runs - Date, time, and parameters of searches
- SERP results - Search engine results data from your searches
- Credits usage - Record of credit consumption
2.3 Technical Data
- IP address - For security and fraud prevention
- Browser type and version
- Device information
- Sign-in timestamps
- Session data - Stored in Redis for application functionality
2.4 OAuth Data (Google Sign-In)
If you sign in with Google, we collect:
- Email address
- First and last name
- Profile picture URL (if available)
3. Legal Basis for Processing (GDPR)
We process your data based on:
| Data Type | Legal Basis |
|---|---|
| Account information | Contract performance - Necessary to provide the service |
| Usage data (keywords, searches) | Contract performance - Core service functionality |
| Technical data (IP, browser) | Legitimate interest - Security, fraud prevention, service improvement |
| Marketing communications | Consent - You can opt-out at any time |
4. How We Use Your Data
We use your data to:
- Provide the service - Process searches, track keywords, generate reports
- Manage your account - Authentication, password recovery, account settings
- Send service emails - Confirmations, notifications, security alerts
- Improve our service - Analyze usage patterns (anonymized data)
- Ensure security - Detect fraud, prevent abuse, protect against attacks
- Comply with legal obligations - Tax, accounting, law enforcement requests
5. Third-Party Services
We share data with the following service providers:
5.1 SerpAPI
- Data shared: Keywords, geographic location, language preferences
- Purpose: Fetch search engine results
- Privacy Policy: https://serpapi.com/privacy
5.2 OpenAI
- Data shared: Page content from search results (for classification)
- Purpose: AI-powered content analysis
- Privacy Policy: https://openai.com/policies/privacy-policy
5.3 SendGrid
- Data shared: Email address, name
- Purpose: Transactional emails (confirmations, password resets)
- Privacy Policy: https://www.twilio.com/legal/privacy
5.4 Infrastructure Providers
- Hosting: Your application hosting provider
- Database: PostgreSQL (encrypted at rest)
- Cache: Redis (session data, temporary storage)
Note: These providers act as data processors under GDPR and are contractually obligated to protect your data.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Search runs and results | 1 year from search date |
| Session data (Redis) | 24 hours (auto-expires) |
| Logs (security, errors) | 90 days |
| Anonymized analytics | Indefinitely (no personal data) |
7. Your Rights Under GDPR
As an EU/French resident, you have the following rights:
7.1 Right to Access
Request a copy of all personal data we hold about you.
7.2 Right to Rectification
Correct inaccurate or incomplete data through your account settings.
7.3 Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data. We will comply within 30 days, except where retention is required by law.
7.4 Right to Restriction of Processing
Request limitation of how we process your data in certain circumstances.
7.5 Right to Data Portability
Receive your data in a machine-readable format (CSV export available).
7.6 Right to Object
Object to processing based on legitimate interests (e.g., marketing).
7.7 Right to Withdraw Consent
Withdraw consent for processing where consent was the legal basis.
To exercise your rights, contact us at: razzium@live.fr
We will respond to your request within 1 month as required by GDPR.
8. Data Security
We implement industry-standard security measures:
- Encryption in transit - HTTPS/TLS for all connections
- Encryption at rest - Database encryption
- Password hashing - Bcrypt algorithm
- Secure sessions - HTTP-only, secure cookies
- Access controls - Role-based permissions
- Regular backups - Encrypted database backups
- Security monitoring - Sentry error tracking, log analysis
Despite our efforts, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
9. Cookies and Tracking
9.1 Essential Cookies
We use essential cookies for:
- Session management - Keep you logged in
- Security - CSRF protection
- Preferences - Remember your settings (e.g., dark mode)
9.2 Analytics
We currently do not use Google Analytics or third-party analytics tools.
9.3 Cookie Management
You can disable cookies in your browser settings, but this may affect functionality.
10. International Data Transfers
Your data is primarily stored in [Your hosting region - e.g., EU, France].
When using third-party services (SerpAPI, OpenAI, SendGrid), data may be transferred outside the EU. These transfers are protected by:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions (where applicable)
- Service provider certifications (e.g., Privacy Shield successors)
11. Children's Privacy
ListSeek.ai is not intended for users under 18 years old. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately.
12. Data Breach Notification
In the event of a data breach affecting your personal data, we will:
- Notify you within 72 hours of becoming aware of the breach (GDPR requirement)
- Inform the CNIL (Commission Nationale de l'Informatique et des Libertés - French data protection authority)
- Provide details about the breach and remediation steps
13. Changes to This Policy
We may update this Privacy Policy to reflect:
- Changes in our practices
- Legal or regulatory requirements
- New features or services
Material changes will be notified via:
- Email to your registered address
- Notice on our website
Continued use after changes constitutes acceptance.
14. Supervisory Authority
You have the right to lodge a complaint with the French data protection authority:
CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07, France
Website: https://www.cnil.fr
15. Contact Us
For questions about this Privacy Policy or to exercise your rights:
Email: razzium@live.fr
Address: Listseek.ai, 424 chemin du château, 13119 Saint Savournin, France
By using ListSeek.ai, you acknowledge that you have read and understood this Privacy Policy.