Home/Privacy Policy
Legal

Privacy Policy

CompanySEOMER Ltd
JurisdictionEngland and Wales
Effective date4 June 2026
Last updated6 June 2026

This Privacy Policy explains how SEOMER Ltd ("SEOMER", "we", "us") collects, uses, shares, retains and protects personal data when you use the NitroIndexer website, application and related services. It also summarises our security measures, data retention, subprocessors and the terms that apply when we process data on behalf of business customers.

It applies to website visitors, registered users, customers, workspace owners and invited members.

On this page
  1. 1. Who we are (controller)
  2. 2. Legal framework
  3. 3. Personal data we collect
  4. 4. How we use data and our lawful bases
  5. 5. Cookies
  6. 6. Payments and Stripe
  7. 7. Workspaces and invited users
  8. 8. How we share data
  9. 9. Subprocessors
  10. 10. International transfers
  11. 11. Data retention and deletion
  12. 12. Security
  13. 13. Personal data breaches
  14. 14. Your rights
  15. 15. Children and sensitive data
  16. 16. Automated decision-making
  17. 17. Business customers and data processing
  18. 18. Changes to this policy
  19. Contact

1. Who we are (controller)

For the personal data we process for our own purposes, the controller is SEOMER Ltd, registered in England and Wales (company number 17085064), registered office 124 City Road, London, United Kingdom, EC1V 2NX. You can reach us at [email protected].

Where a business customer uses the Service to process personal data of its own clients, staff or third parties, we may instead act as a processor on that customer's behalf; section 17 explains this.

2. Legal framework

Our processing is structured around the UK GDPR and the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (for cookies and electronic messages), the EU GDPR where it applies to users in the European Economic Area, and other applicable privacy laws. Nothing in this Policy limits data-subject rights that cannot be excluded under applicable law.

3. Personal data we collect

Depending on how you use the Service, we may process:

  • Account data: name, email, password in protected form or authentication credentials, account ID, settings, status and login history.
  • Workspace and team data: workspace name, roles, invitations, invited members' emails, permissions and activity.
  • Project and URL data: project names, domains, URLs, processing statuses, technical check and Index Check results, Googlebot visit event data, timestamps, IP or network data linked to recorded events, operation history and any notes or tags. This may be personal data where it identifies an individual.
  • Billing data: selected plan, subscription status, billing email and country, invoices, payment status, transaction identifiers, Stripe customer and subscription IDs, tax information and refund or dispute records. We do not store full payment card details.
  • Technical and log data: IP address, browser, device, operating system, user-agent, timestamps, pages and actions, session identifiers, authentication, security, error and API logs, and approximate location derived from IP.
  • Support data: email, name, message content, attachments and correspondence history.
  • Marketing and website data: newsletter email and preferences, campaign source, UTM parameters, referral source, analytics data, cookie identifiers and consent choices.
  • Compliance and fraud-prevention data: fraud signals, chargeback and dispute data, sanctions and compliance flags, abuse reports and enforcement history.

We receive data directly from you, from a workspace owner who invites you, through your use of the website and application, through cookies, through our payment provider, through support, and through security and fraud-prevention tools.

4. How we use data and our lawful bases

We process personal data only where we have a lawful basis:

PurposeLawful basis
Creating and managing your account, and providing the Service (workspaces, projects, URL operations)Contract
Billing, subscriptions, invoices and refundsContract and legal obligation
Tax and accounting recordsLegal obligation
Security, fraud prevention and abuse preventionLegitimate interests and legal obligation
Support and service communicationsContract and legitimate interests
Improving and securing the ServiceLegitimate interests
Marketing communicationsConsent or legitimate interests, depending on context
Legal claims, compliance and sanctions checksLegal obligation and legitimate interests

Where we rely on legitimate interests, those interests include operating and securing the Service, preventing fraud and abuse, improving quality, enforcing our terms and communicating with business users.

5. Cookies

We use cookies and similar technologies for authentication, security, preferences, analytics, performance and marketing attribution. Strictly necessary cookies are used to provide and secure the Service; analytics and marketing cookies are used with your consent where required. Our Cookie Policy gives full details.

6. Payments and Stripe

Payments are processed by Stripe or another provider available at checkout. We share the data needed to process payments, manage subscriptions, issue invoices, calculate taxes, prevent fraud and handle refunds and disputes. Payment providers may act as independent controllers or as processors depending on the activity, under their own terms. We do not store full payment card details on our servers.

7. Workspaces and invited users

When a workspace owner invites a user, we process that user's email, role, invitation status, permissions and workspace activity. The owner and other authorised members may see this information and actions performed in the workspace, depending on roles. Please submit only lawful, necessary data, and avoid putting credentials, secrets or unnecessary personal data into projects.

8. How we share data

We may share personal data with hosting and infrastructure providers, our payment provider (Stripe), email, analytics, support, security and fraud-prevention, and logging providers; with professional advisers such as lawyers and accountants; with authorities, courts or regulators where required; with a buyer in the event of a merger, acquisition or sale of assets; and with integrations you choose to connect. We do not sell personal data as a business model. We may disclose data where necessary to provide the Service, comply with law, enforce our terms, prevent abuse or protect rights and security.

9. Subprocessors

We use third parties to run, support, secure and improve the Service. A subprocessor is a third party that processes Customer Personal Data on your behalf where we act as a processor. Not every provider is a subprocessor; some act as independent controllers, and some do not process personal data at all.

CategoryProviderPurposePossible location
Payment processingStripe (or applicable Stripe group entity)Payments, subscriptions, invoices, fraud prevention, refunds and disputesUK, EEA, US or other Stripe locations

We also use providers in the following categories: hosting and infrastructure; email and notifications; analytics; logging, monitoring and error tracking; customer support; and security and fraud prevention. Under our data processing terms you grant general authorisation to engage subprocessors. We may add, replace or remove them and will give notice of material changes where required, and you may object on reasonable data-protection grounds. We may limit disclosure of specific provider details where disclosure could create a security risk.

10. International transfers

We are based in the United Kingdom, but data may be processed in other countries where we and our providers operate. Where a transfer requires it, we use appropriate safeguards, which may include UK adequacy regulations or EU adequacy decisions, the International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, or other lawful mechanisms.

11. Data retention and deletion

We keep personal data only for as long as reasonably necessary for the purposes in this Policy, unless a longer period is required or permitted by law. Retention depends on account status, active subscription, legal and tax obligations, dispute and chargeback periods, security needs and backup cycles.

When paid access ends (through cancellation, non-renewal or non-payment), workspace and project data normally enters a post-expiry retention window of up to 30 calendar days, during which we may retain it so that access can be restored if you renew. After that window, we may delete, anonymise or restrict the data, unless longer retention is needed for legal, tax, security, fraud-prevention, dispute or backup purposes.

Data categoryTypical retention
Account dataFor the life of the account and a reasonable period after closure
Billing and invoice recordsAs required for tax, accounting and legal purposes
Workspace, project and URL operation dataWhile the account is active and during the post-expiry window, then deleted or anonymised
Security and fraud logsA limited period necessary for security, fraud prevention and investigation
Support communicationsAs long as needed to handle support, disputes and service history
Marketing preferencesUntil you unsubscribe or withdraw consent, plus suppression records
BackupsDeleted on a delayed, rolling basis according to backup cycles

Deletion may not be instant across active systems, backups and logs. Where immediate deletion is not possible, we restrict further active use and delete or anonymise data according to our retention processes. We may also preserve data under a legal hold where it may be relevant to a claim, dispute, investigation or regulatory request.

12. Security

We apply reasonable technical and organisational measures, which may include HTTPS/TLS, access controls and role-based permissions, secure password hashing, logging and monitoring, encryption where appropriate, secure infrastructure providers, limited internal access, backups, vulnerability management and incident-response procedures. No online service can be perfectly secure.

You also play a part: use strong passwords, protect your email account, manage workspace access, remove former team members promptly, and do not submit credentials, secrets or unnecessary sensitive data. You can report a vulnerability or suspicious activity to [email protected]; please report responsibly and do not access other users' data or disrupt the Service.

13. Personal data breaches

If a notifiable personal data breach occurs, we will assess the affected data and risk and, where required, notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, within 72 hours of becoming aware of it. We will notify affected individuals where the breach is likely to result in a high risk to their rights, or where the law requires it. Where we act as a processor, we will notify the relevant controller without undue delay.

14. Your rights

Depending on your location and applicable law, you may have the right to access your personal data and receive a copy, correct inaccurate data, request deletion, restrict or object to processing, request portability, withdraw consent where processing relies on it, object to direct marketing, and lodge a complaint with a supervisory authority. In the UK that is the ICO; in the EEA it is your local data protection authority.

To exercise these rights, contact [email protected]. We may need to verify your identity, and some rights may be limited where we must retain data for legal, accounting, security, fraud-prevention or legitimate-business reasons.

15. Children and sensitive data

The Service is not intended for children; you must be at least 18 or have legal capacity to enter into a binding agreement. The Service is not designed for special category data (such as health, biometric or similar sensitive data), and you must not submit such data, credentials, secrets, private keys or payment card numbers through it.

16. Automated decision-making

We do not intend to make decisions based solely on automated processing that produce legal or similarly significant effects on you. We do use automated systems for security, fraud prevention, abuse detection and rate limiting, which may result in temporary restrictions or review flags. If you believe such a measure was applied incorrectly, please contact us.

17. Business customers and data processing

Where you use the Service to process personal data of your own clients, staff or third parties, you may act as controller (or processor) and we act as processor (or subprocessor) for that Customer Personal Data. In that role, we process it only on your documented instructions (these terms, your settings and your use of the Service), keep it confidential, apply the security measures described above, and engage subprocessors under the conditions in section 9.

We will assist you, as far as reasonably possible, with data-subject requests, security, breach notification and data protection impact assessments, and we will delete or return Customer Personal Data at the end of processing, subject to retention required by law, security, dispute handling and backup cycles. You remain responsible for having a lawful basis, informing your own data subjects and not submitting unnecessary or sensitive data. A full, signable Data Processing Agreement, including details of processing and the technical and organisational measures, is available on request at [email protected].

18. Changes to this policy

We may update this Privacy Policy from time to time. If changes are material, we may notify you through the website, email or account interface. Continued use after the updated Policy takes effect means you have been informed of the updated terms, except where the law requires consent or another specific action.

Contact

For questions about privacy or your personal data, you can contact us:

Email: [email protected]