Last updated: March 2026

Data Policy

1. Who We Are

OctoBoost ("we", "us", "our") operates the SEO analysis API and associated services available at octo-boost.com. This policy explains what data we collect, why we collect it, and how we handle it.

2. Data We Collect

We collect the following categories of data:

  • Account data — name and email address provided via Google Sign-In (OAuth 2.0). We do not store your Google password.
  • API usage data — request timestamps, endpoints called, credit consumption, and response codes. Used for billing, rate limiting, and diagnostics.
  • URLs submitted — URLs and domains you pass to the API for analysis. These are processed transiently and not stored beyond the duration of the request.
  • Technical data — IP address, user agent, and request headers. Retained for security and abuse prevention.

3. How We Use Your Data

  • To provide and operate the OctoBoost API service
  • To manage your account, credits, and billing
  • To detect and prevent abuse, fraud, or misuse
  • To improve the service based on aggregated usage patterns

We do not sell your data. We do not use your data for advertising.

4. Data Sharing

We share data only with the following third-party processors, all bound by data processing agreements:

  • Google OAuth — for authentication only
  • Freemius — for payment processing and license management
  • Contabo GmbH — for hosting and database services (Germany, EU)

We do not share data with any other third parties unless required by law.

5. Data Retention

Account data is retained for as long as your account is active. API usage logs are retained for a maximum of 90 days. Submitted URLs are not stored after processing completes. You may request deletion of your account and associated data at any time.

6. Cookies

We use session cookies necessary for authentication. We do not use tracking cookies or third-party analytics cookies.

7. Your Rights (GDPR)

As an EU-based company, we comply with the General Data Protection Regulation (GDPR). You have the right to:

  • Access your personal data (Art. 15)
  • Correct inaccurate data (Art. 16)
  • Request deletion of your data (Art. 17)
  • Restrict or object to processing (Art. 18, 21)
  • Receive your data in a portable format (Art. 20)

To exercise any of these rights, contact us at the address listed in the Imprint.

8. Security

API keys are hashed before storage. All data in transit is encrypted via TLS. Access to production systems is restricted and logged.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. Continued use of the service after changes constitutes acceptance.

10. Contact

Questions about this policy? See the Imprint for contact details.