← Back to homeLegal
Privacy policy
Interweb.SEO — operated by Interweb Media · Effective date: 2 May 2026 · Last updated: 2 May 2026
1. Introduction
Interweb.SEO ("the Service", "we", "us") is a search engine optimisation platform accessible at app.interweb.media. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have over your data.
By creating an account or using the Service, you agree to the practices described in this policy.
2. Who we are
Interweb Media
South Africa
Contact: support@interweb.media
3. Information we collect
3.1 Account information
When you register, we collect your email address and a hashed password (managed by Supabase Auth). We do not store plaintext passwords.
3.2 Site and crawl data
When you add a domain to the Service, we collect:
- The domain URL you provide
- Publicly accessible page content fetched during crawls (HTML, meta tags, headings, link structure, status codes, load times)
- Audit scores, recommendations, and crawl snapshots derived from that content
We only crawl URLs you explicitly add to your account. We do not crawl private, password-protected, or disallowed pages.
3.3 Google Search Console (GSC) data
If you connect a Google Search Console property, we request OAuth access to:
- Search analytics (clicks, impressions, average position, CTR) for your verified property
- URL indexing status
We store OAuth access and refresh tokens in encrypted form. You can disconnect GSC at any time from your account settings, which revokes our access.
3.4 Keyword and competitor data
You may manually add tracked keywords and competitor domains. We store these along with ranking history and any analysis results we generate.
3.5 Usage and activity data
We collect:
- XP earned, level, credit balance, and streak history as part of the gamification system
- Quest progress and completion records
- Feature usage events via PostHog analytics (anonymised where possible)
3.6 Payment data
Payments are processed by Paystack. We do not store card numbers or payment credentials. We receive a payment confirmation event from Paystack and record the resulting credit grant in our ledger. Transaction reference numbers are stored for reconciliation.
3.7 Technical data
Standard server logs may capture IP addresses, browser type, referring URLs, and timestamps. These are used for security monitoring and are not used for profiling.
4. How we use your information
| Purpose | Legal basis |
|---|---|
| Providing and personalising the Service (crawls, recommendations, quests) | Contract performance |
| Processing credit purchases and maintaining your credit wallet | Contract performance |
| Sending audit reports and transactional emails | Contract performance |
| Calculating XP, levels, streaks, and badges | Contract performance |
| Improving the platform through aggregated usage analytics | Legitimate interest |
| Detecting fraud, abuse, and security threats | Legitimate interest |
| Complying with legal obligations | Legal obligation |
We do not use your data for advertising, and we do not sell or rent personal data to third parties.
5. AI and automated processing
The Service uses a large language model (Gemini 2.5 Flash-Lite) to generate natural-language summaries, growth recommendations, and simulation narratives. All scoring, issue detection, and severity classification is performed by our rule engine — the AI never makes decisions that directly affect your data. AI-generated content is clearly contextual output and does not constitute professional SEO advice.
Your site content may be submitted to the AI provider's API as part of prompt context. We do not knowingly submit sensitive personal data in these prompts.
6. Third-party services
| Service | Purpose | Privacy policy |
|---|---|---|
| Supabase | Database, authentication, and file storage | supabase.com/privacy |
| Google (OAuth + PageSpeed API) | GSC integration, page speed data | policies.google.com/privacy |
| Paystack | Payment processing | paystack.com/privacy |
| Resend | Transactional email delivery | resend.com/privacy |
| PostHog | Product analytics | posthog.com/privacy |
| Google Gemini API | AI prose generation | ai.google.dev (Google Privacy Policy) |
Each third party operates under its own privacy policy. We encourage you to review them.
7. Data retention
| Data type | Retention period |
|---|---|
| Account data (profile, XP, credits) | Until you delete your account |
| Site crawl data and audit snapshots | Until you delete the site or account |
| Free audit results (public tool) | 1 year from creation, then auto-deleted |
| Credit transaction ledger | 7 years (financial record-keeping) |
| GSC OAuth tokens | Until you disconnect GSC or delete your account |
| Server logs | 90 days rolling |
When you delete your account, your site data, recommendations, and personal profile are permanently removed via our delete_user_data() procedure within 30 days. The credit transaction ledger is retained for legal compliance.
8. Data security
- All data in transit is encrypted via TLS.
- Database access is protected by row-level security (RLS) — you can only access your own data.
- OAuth tokens are stored encrypted.
- Admin access is restricted to a single, hardcoded user ID verified server-side.
- We perform no cross-user data sharing or aggregation that could re-identify individuals.
9. Your rights
Depending on your jurisdiction, you may have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — delete your account and associated data from your account settings page, or contact us to request deletion
- Portability — request your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — disconnect GSC or revoke any data permission at any time
To exercise any right, email us at support@interweb.media. We will respond within 30 days.
10. Children
The Service is not directed at children under 13. We do not knowingly collect personal data from minors. If you believe a minor has registered, contact us and we will delete the account promptly.
11. International transfers
We are based in South Africa. Data is stored on Supabase infrastructure, which may be located outside South Africa. By using the Service, you consent to this transfer. We rely on Supabase's data processing agreements to ensure appropriate safeguards.
12. Changes to this policy
We may update this policy when we add new features or when legal requirements change. We will update the "Last updated" date at the top and, for material changes, notify you by email. Continued use of the Service after changes constitutes acceptance.
13. Contact
For privacy-related questions or requests:
Email: support@interweb.media
Service: app.interweb.media