SERPpost Privacy Policy
Effective Date: April 8, 2026
This Privacy Policy explains how SERPpost collects, uses, stores, discloses, and protects personal information in connection with the Services. SERPpost is designed as a technical API platform, and our privacy posture follows a data-minimization approach wherever commercially and operationally reasonable.
Core principle: SERPpost aims to minimize retention of returned third-party content and to retain primarily the account data, billing records, and usage metadata needed to operate the platform, secure the service, investigate abuse, and meet legal obligations.
1. Information We Collect
1.1 Account Information
When you create an account or contact us, we may collect information such as your email address, password hash, name, company name, billing contact details, and any information you choose to provide in support requests.
1.2 Transaction and Billing Information
When you purchase credits or otherwise make payments, we collect transaction metadata such as billing identifiers, purchase amounts, invoices, order records, and payment references. Full payment card details are processed by third-party payment providers such as Stripe and are not stored by SERPpost.
1.3 Technical and Usage Metadata
When you use the Services, we may collect technical metadata including timestamps, IP address, browser and device signals, API key identifier, endpoint used, response status, latency, credits consumed, and related operational records.
1.4 Request Parameters and Submitted Inputs
We may log request parameters and submitted inputs such as search queries, target URLs, timeout settings, or similar API inputs for billing support, debugging, abuse prevention, fraud review, and service reliability. These records are treated as operational metadata rather than as a content database.
2. How We Handle API Data
2.1 Transient Processing
SERPpost processes search results and user-directed extraction requests in real time. Where practical, returned payload data is handled transiently for delivery and service operation rather than retained as a long-term content archive.
2.2 Account Data vs. Returned Third-Party Data
We distinguish between account data and operational metadata that belong to the SERPpost service relationship, and third-party content or search results returned through the APIs. SERPpost controls the processing of your account and billing information. For many user-directed extraction and search workflows, SERPpost acts as infrastructure executing your request rather than as a publisher or owner of the returned third-party content.
2.3 Controller and Processor Roles
SERPpost generally acts as the controller for account, billing, security, and platform-operation data. For many user-directed retrieval workflows, you act as the controller of the URLs, queries, and downstream use cases you choose, while SERPpost acts as an infrastructure provider carrying out your instructions. This description is functional only and does not create obligations beyond those required by applicable law or a separate written data processing agreement.
3. How We Use Personal Information
We use personal information and operational metadata to:
- create and manage your account;
- authenticate access and deliver the Services;
- process payments, invoices, refunds, and tax records;
- monitor service health, prevent abuse, investigate fraud, and enforce platform rules;
- troubleshoot failed requests and provide support;
- comply with legal obligations and respond to lawful requests; and
- improve the reliability, security, and usability of the platform.
4. Legal Bases for Processing
If data-protection laws such as the GDPR apply, we generally rely on the following legal bases:
| Legal Basis | Examples |
|---|---|
| Performance of a Contract | Creating accounts, authenticating API calls, maintaining balances, delivering responses, and handling billing. |
| Legitimate Interests | Security monitoring, abuse detection, troubleshooting, service analytics, and platform improvement. |
| Legal Obligation | Tax, accounting, legal retention, regulatory requests, and dispute handling. |
| Consent | Where we rely on consent for optional communications or non-essential cookies, you may withdraw that consent. |
5. Sharing and Disclosure
We do not sell personal information. We may disclose information in the following cases:
5.1 Service Providers
- Payments: Stripe or equivalent processors.
- Hosting and infrastructure: hosting, CDN, DNS, security, and related cloud vendors that help us run the platform.
- Email and support: providers that deliver transactional emails or support workflows.
- Analytics and performance: services such as Google Analytics, where enabled.
5.2 Legal, Security, and Compliance
We may disclose information when required by law, to respond to lawful requests, to protect the security or integrity of the Services, to investigate fraud or abuse, or to enforce our Terms of Service.
5.3 Corporate Events
Information may be disclosed in connection with a merger, financing, acquisition, reorganization, asset sale, or similar transaction, subject to applicable confidentiality and legal requirements.
5.4 No Sale or Behavioral Profile Resale
SERPpost does not sell personal information for money and does not operate a business model based on reselling your account-level personal information as a commercial data broker. Some laws may define "share" broadly; if such laws apply, you may contact us to exercise any available opt-out rights.
6. Data Retention
We retain data for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, keep records, resolve disputes, investigate abuse, and satisfy legal obligations. Retention periods may vary by data type and legal requirement.
- Account data: retained while your account is active and for a reasonable period afterward as required for operations, security, and compliance.
- Billing and tax records: retained as required by tax, accounting, chargeback, and legal obligations.
- Operational logs and abuse records: retained for security, troubleshooting, fraud prevention, and platform integrity for a period we consider reasonably necessary.
- Returned third-party payload data: handled with a minimization approach and not intended to serve as a long-term archive of fetched content.
- Deleted account records: may be retained to the extent required to complete legal, tax, accounting, fraud-prevention, sanctions-screening, or dispute-resolution obligations.
7. International Transfers
SERPpost may process personal information in the United States and in other jurisdictions where our providers operate. If you access the Services from outside those jurisdictions, your information may be transferred across borders.
If required by law, we rely on appropriate transfer safeguards, such as contractual protections or other recognized transfer mechanisms, for transfers of personal information from the EEA, UK, or similar jurisdictions.
8. Your Privacy Rights
Depending on your location and applicable law, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information, and to withdraw consent where consent is the basis of processing.
| Right | Description |
|---|---|
| Access | Request information about the personal data we hold about you. |
| Correction | Request correction of inaccurate or incomplete personal data. |
| Deletion | Request deletion of personal data, subject to legal and operational exceptions. |
| Portability | Request a copy of certain personal data in a portable format where applicable. |
| Restriction or Objection | Request limited processing or object to certain processing where permitted by law. |
| Withdrawal of Consent | Withdraw consent for optional processing where consent was previously given. |
To exercise privacy rights, contact support@serppost.com. We may ask for information needed to verify your identity before processing a request. Where required by law, we aim to respond within the legally required time period, which is often thirty (30) days for verifiable requests, subject to extensions permitted by law.
9. Cookies and Similar Technologies
SERPpost uses cookies, local storage, and similar technologies for essential site functionality, authentication flows, theme preferences, security, and analytics. For example, we may store theme preferences and similar site settings locally in your browser.
You can manage cookies through your browser settings. Blocking essential cookies or similar technologies may affect login, dashboard access, or other core functions. For a fuller explanation, see our Cookie Policy.
10. Security and Breach Response
We use administrative, technical, and organizational measures designed to protect personal information. No system is completely secure, and we cannot guarantee absolute security.
If a personal data incident occurs, we will assess scope, impact, and legal obligations, take reasonable remediation steps, and provide notices as required by applicable law. Where legally required, we may notify relevant supervisory authorities without undue delay, including within seventy-two (72) hours where applicable law imposes that standard.
11. Children's Privacy
The Services are intended for adult business and developer users and are not directed to children under 18. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information to SERPpost, we will take reasonable steps to delete it.
12. Policy Changes
We may update this Privacy Policy from time to time. Updated versions will be posted on this page with a revised effective date. Continued use of the Services after an updated Policy becomes effective means the updated Policy applies to your ongoing use of the Services.
13. Contact
If you have questions about this Privacy Policy or about your personal information, contact SERPpost at support@serppost.com.
This Privacy Policy forms part of and is subject to the Terms of Service. Please also review the Cookie Policy.