English version

Privacy Policy

Effective date: May 26, 2026

This Privacy Policy describes how Retail-Media SEO AI (the "Service", "we"), operated at app.retail-media.co.il, collects, uses, protects, and shares your personal information. It applies to all users, including those who sign in with a Google account and connect their Google Search Console (GSC) account to the Service.

1. Who we are

The Service is operated by Amazos, a company registered in Israel. Contact: [email protected].

2. Data we collect

2.1 Data you provide

• Account details: name, email, profile picture (from Google sign-in).
• Domain details, country, language.
• Keywords you choose to track.
• Other content you enter manually (notes, settings, etc.).

2.2 Data from Google APIs

When you connect a Google account to the Service, with your consent we receive:

• Google Account profile: name, email, picture, user ID (sub) — used to authenticate your identity.
• Google Search Console (scope webmasters.readonly):
  • The list of properties you manage in Google Search Console.
  • Search performance data: queries, clicks, impressions, average position, CTR — by date, for the last 90 days only.
  We only read this data. We never modify, delete, or write anything to your Google Search Console account.

2.3 Automatically-collected data

• Usage data: sign-ins, actions performed, timestamps.
• IP address, browser type (for security and logging).
• Minimal cookies: authentication cookies only. We do not use third-party marketing or tracking cookies.

3. How we use the data

• Authentication — Google sign-in data identifies your session.
• SEO insights — Search Console data is displayed in your dashboard, including keyword performance charts and ranking trends.
• AI analysis — When you explicitly request an AI insight, we send a small subset of your data (domain name, the keyword in question, aggregated performance statistics) to a third-party AI provider (Anthropic Claude) for strategic analysis. This data is not used to train AI models.
• Service improvement — Aggregated, de-identified usage data helps us detect issues and improve the product.
• Billing — Email and purchase records are used for subscription management.

4. Compliance with Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

• We do not transfer your Google data to third parties except as required by law.
• We do not use your Google data for advertising or marketing.
• We do not let humans read your data unless: (a) we have your explicit consent, (b) it is necessary for service operations (such as security or debugging a specific issue), or (c) we are required to by law.
• We do not use your Google data to develop, improve, or train generalized AI models.

5. Sharing

We share data only as follows:

• Infrastructure providers: Contabo (server hosting), Cloudflare (CDN & security), Anthropic (AI for user-initiated actions). All providers are bound by standard data-protection terms.
• PayPlus — for payment processing (paid plans only). PayPlus handles financial data per PCI-DSS.
• As required by law — court order, legal investigation, etc.

We do not sell personal data. We do not share it for advertising.

6. Storage & security

We classify Google API data (Search Console, Analytics, Tag Manager) as "sensitive data" and apply all of the safeguards described below.

6.1 Encryption in transit

• All browser ↔ server traffic is encrypted with TLS 1.3 only.
• HSTS (HTTP Strict Transport Security) is enforced on every path.
• SSL certificates are validated and auto-renewed via Let's Encrypt.
• Outbound connections to Google APIs and our AI provider (Anthropic) also use TLS 1.3.

6.2 Encryption at rest

• Google refresh tokens are encrypted per-record with AES-256-GCM, using a key managed separately from the database.
• Admin passwords are hashed with argon2id (OWASP-recommended parameters).
• Backups are encrypted before being shipped to off-site storage.

6.3 Access controls

• User access to their own Google API data is enforced via row-level security in the database — a user cannot read another account's data.
• Staff access to the admin panel requires IP allow-listing + a strong password + an authorized role.
• Every staff action is recorded in an append-only audit log.
• User JWT tokens expire after 24 hours and require a verified signature.

6.4 Network & infrastructure security

• Application servers and the database are hosted in Europe (Germany) on Contabo VPS.
• WAN traffic is protected by Cloudflare WAF + Bot Management.
• SSH to the server is restricted to a single allowed IP and protected by fail2ban with automatic banning.
• Internal panels (admin) are reachable only after geo-filtering to Israel-only IPs.
• Internal ports (DB, Redis) are never exposed to the public internet.

6.5 Application security

• CSP (Content Security Policy) is enforced to mitigate XSS.
• CSRF is mitigated via SameSite cookies + an explicit state token in the OAuth flow.
• All input is validated with Zod schemas.
• Only parameterized queries are used — immune to SQL injection.
• Per-endpoint rate-limiting prevents abuse.

6.6 Data minimization

• From the Google APIs we only pull the specific metrics a user requests to view (clicks, impressions, queries) — no page content, no PII beyond what the user identifies themselves with.
• Aggregated results are retained for 90 days only, then automatically deleted.
• OAuth tokens are kept only until the user revokes access.

6.7 Incident handling

• In the event of a breach, we will notify affected users within 72 hours.
• Monthly review of logs and admin actions.
• Software and dependency updates (npm audit) are applied on an ongoing basis.

7. Your rights

You can at any time:

• Revoke our Google access at myaccount.google.com/permissions — we will lose access to your Search Console data within 5 minutes.
• Delete your account — email [email protected] and we will erase your data within 30 days.
• Export your data — same email.
• Correct inaccurate data — via your account settings or by contacting us.

8. Data retention

• Account data: while your account is active + 30 days after deletion.
• Aggregated Search Console data: 90 days from last fetch.
• Logs: 12 months for security and debugging.
• Billing records: 7 years (accounting law requirement).

9. Children

The Service is not intended for children under 16.

10. Changes

We will notify you by email at least 14 days in advance of any material changes. Minor changes (wording fixes, adding equivalent-tier providers) take effect on publish.

11. Contact