SquadSEO
← Back to home

Privacy Policy

Last updated: March 12, 2026

1. Data Controller

The controller of your personal data is AURUX LTDA (Company No. 17151120), based at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, operating under the SquadSEO brand (hereinafter, "SquadSEO", "we" or "the company"), with contact at team@squadseo.io.

SquadSEO operates the AI-assisted SEO content management platform available at squadseo.io (the "Service").

2. Legal Basis for Processing

We process your personal data on the following legal bases, in accordance with article 6 of the GDPR (Regulation (EU) 2016/679):

  • Performance of a contract (art. 6.1.b): to provide the contracted Service.
  • Legitimate interest (art. 6.1.f): to improve the Service, prevent fraud and ensure security.
  • Compliance with a legal obligation (art. 6.1.c): to comply with applicable tax and accounting regulations.
  • Consent (art. 6.1.a): to send commercial communications, where expressly requested.

3. Data We Collect

We collect the following personal data:

3.1 Data you provide directly

  • Name and surname
  • Email address
  • Company name
  • Contact information
  • Content briefings and project instructions

3.2 Data collected automatically

  • IP address
  • Service usage data (pages visited, actions performed)
  • Session and user-account identifiers
  • Session and authentication data

3.3 Payment data

Card and payment data are processed directly by Lemon Squeezy, Inc., our payment provider (Merchant of Record). SquadSEO does not store credit-card data. Lemon Squeezy acts as the entity collecting payment and issuing the invoice, and as a processor of payment data under a GDPR-compliant DPA.

4. Purposes of Processing

  • Provision of the contracted Service (SEO content generation)
  • Management of your customer account and portal access
  • Notifications about the status of your projects
  • Billing and payment management
  • Customer support
  • Service improvement and development
  • Compliance with legal obligations
  • Commercial communications (with consent only)

5. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). In such cases, we ensure that transfers are made with the appropriate safeguards, in accordance with article 46 of the GDPR:

  • Infrastructure providers (database and hosting): signed DPAs, EU-region servers selectable, EU-US Privacy Framework compliance.
  • AI providers (AI models): European Commission Standard Contractual Clauses.
  • Payment provider (Merchant of Record): PCI DSS certification, Standard Contractual Clauses.

6. Retention Period

We retain your data for as long as necessary for the described purposes:

  • Active account data: for the duration of the contractual relationship.
  • Billing data: 5 years, in accordance with Spanish and European tax regulations.
  • Usage data and logs: maximum 12 months.
  • Unconverted waitlist requests: 24 months or until you withdraw your consent.

After account cancellation, your data will be deleted within a maximum of 30 days, except where legally required to retain it.

7. Your Rights

Under the GDPR, you have the following rights over your personal data:

  • Access: obtain confirmation of whether we process your data and a copy of it.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): request the deletion of your data.
  • Restriction of processing: suspend processing in certain circumstances.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdrawal of consent: at any time, without affecting the lawfulness of prior processing.

To exercise your rights, you can contact us at team@squadseo.io. We will respond within a maximum of 30 days from receipt of your request.

If you consider that the processing of your data does not comply with the GDPR, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

8. Security

We apply appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration or disclosure, including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest in the database
  • Role-based access control (Row Level Security)
  • Magic-link authentication (no stored passwords)
  • Periodic security reviews

9. Cookies

SquadSEO uses only strictly necessary technical cookies for the operation of the Service (session management, language preferences). We do not use advertising tracking cookies and we do not share data with advertising networks.

10. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or via a prominent notice on the Service, at least 15 days in advance before they take effect.

11. Contact

For any questions about this Privacy Policy or about the processing of your data:

  • Email: team@squadseo.io
  • Web: squadseo.io