GDPR Compliance

Last updated: February 28, 2026

Octopye is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page explains how we comply with GDPR when you use the SEOIT application and website.

1. Data Controller

Octopye is the data controller for personal data processed through the SEOIT service.

Email: privacy@octopye.com

Website: octopye.com

2. Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR Article 6:

Legitimate interest (Art. 6(1)(f)): Processing IP addresses for rate limiting and abuse prevention to maintain service availability and security.
Contract performance (Art. 6(1)(b)): Processing data necessary to deliver the scanning service you request and manage Pro subscriptions.
Consent (Art. 6(1)(a)): Where you voluntarily provide optional information such as business type and location preferences.

3. Your Rights Under GDPR

As a data subject in the European Economic Area (EEA), you have the following rights:

Right of Access

You have the right to request a copy of the personal data we hold about you (Art. 15).

Right to Rectification

You can request correction of inaccurate or incomplete personal data (Art. 16).

Right to Erasure

You can request deletion of your personal data where there is no compelling reason for continued processing (Art. 17).

Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances (Art. 18).

Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format (Art. 20).

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes (Art. 21).

4. Data We Process

We process minimal personal data:

IP addresses: Temporarily processed for rate limiting. Not stored long-term or linked to identifiable individuals.
URLs submitted for scanning: Processed in real-time to generate reports. Not retained on our servers after delivery.
Optional preferences: Business type and location, stored locally on your device only.
Subscription data: Managed by RevenueCat and the respective app store, not directly by us.

5. Data Minimization

SEOIT is designed with data minimization as a core principle:

- No account creation or login required.

- No collection of names, emails, or phone numbers.

- Scan history stored locally on your device, not on our servers.

- No advertising or behavioral tracking.

- Scan data processed in real-time and not persisted server-side.

6. Data Retention

Rate limit records: IP-based rate limit entries are held in memory only and cleared when the server restarts, typically within 24 hours.
Scan data: Not retained on our servers after the response is delivered to your device.
Local device data: Retained until you clear app data or uninstall the app.

7. International Transfers

Our servers may be located outside the EEA. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V.

8. Data Protection Impact

Given our minimal data processing (no accounts, no persistent storage of personal data, no tracking), we have assessed that our processing activities present a low risk to the rights and freedoms of data subjects.

9. Sub-processors

RevenueCat Inc. - Subscription management (USA). Data Processing Agreement
Apple Inc. - App Store distribution and payments (USA).
Google LLC - Play Store distribution, payments, and web fonts (USA).

10. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

11. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Data Protection Contact

Email: privacy@octopye.com

We will respond to your request within 30 days as required by GDPR.