CodeQuest.workSEO

Privacy Policy

Last updated: March 5, 2026

Our Commitment to Privacy

Protecting your personal information is our top priority. We enforce technical safeguards including password hashing, IP address hashing, and mandatory HTTPS encryption. We collect only the minimum data necessary to provide our service and never collect personal information beyond what is required.

1. Information We Collect

We collect the following information:

  • Account information: Email address, password (stored as hash)
  • Usage data: URLs checked, check results, usage count
  • Payment information: Processed via Stripe. We do not store credit card numbers directly
  • Access logs: IP address, browser information (for rate limiting free users)
  • Anonymous usage data (non-personally identifiable): Chat widget inputs, aggregated search keywords, and aggregated checked domains. This data is stored anonymously for service quality improvement and is not used to identify individuals

2. Purpose of Use

Collected information is used for the following purposes:

  • Providing and operating the SEO check service
  • Managing usage limits and plan-based feature control
  • Sending SEO report emails (paid plan users)
  • Sending account management emails such as password reset
  • Service improvement and new feature development
  • Preventing unauthorized use

3. Disclosure to Third Parties

We do not provide users' personal information to third parties except in the following cases:

  • When the user has given consent
  • When required by law
  • When necessary for service provision to contracted parties (Stripe, Resend, etc.)

4. External Services Used

  • Stripe: Payment processing
  • Resend: Email delivery (password reset, report delivery)
  • Cloudflare: API hosting, CDN, database
  • Vercel: Frontend hosting
  • Google Analytics (GA4): Web analytics
  • Google PageSpeed Insights API: Core Web Vitals measurement
  • OpenPageRank: Domain power data retrieval
  • WhoisXML API: Domain age retrieval
  • DataForSEO: Search volume and ranked keywords retrieval

5. Cookie Usage

We use the following cookies:

  • Session Cookie (HttpOnly): Used to maintain login state. Deleted when the browser is closed
  • Google Analytics Cookie: Google sets cookies for web analytics. Data collected is subject to Google's Privacy Policy

6. Data Storage and Retention

User data is stored in Cloudflare D1 database. Passwords are hashed using the PBKDF2 algorithm and are never stored in plain text.

  • Account information & check history: Retained until account deletion
  • Chat logs (anonymous): Automatically deleted after 30 days
  • Rate limit records: Automatically deleted after 1 day
  • Domain age cache: Retained for 180 days

7. Data Deletion

Users can delete their account at any time from the settings page. Upon account deletion, all user information, check history, and usage data will be deleted. Stripe subscriptions will also be automatically canceled.

8. Your Rights

Users have the following rights:

  • Right of access: You can view your data from the settings page
  • Right to rectification: You can update your account information from the settings page
  • Right to erasure: You can delete all your data by deleting your account
  • Right to object: Inquiries about data handling can be made via email

9. International Data Transfers

External services used by this service (Cloudflare, Vercel, Stripe, Google, etc.) have servers located in countries including the United States. Each of these services implements appropriate data protection measures.

10. Security

We implement the following security measures:

  • Enforced HTTPS communication (HSTS enabled)
  • Password hashing (PBKDF2, 100,000 iterations)
  • JWT authentication token expiration management
  • CORS configuration to prevent unauthorized cross-origin requests
  • Content Security Policy (CSP) for XSS protection
  • IP address hashing for privacy protection
  • Rate limiting on admin authentication (brute-force protection)

11. Changes to This Policy

We may update this policy as necessary. In the event of significant changes, we will notify users through an announcement on the service or via email. The updated policy takes effect upon publication on this page.

12. Contact

For privacy-related inquiries, please contact us at the following email address:

info@orecticdesign.com