Learn how AutoKeywords collects, uses, and protects your personal information.
Last updated: March 2026
We collect the following categories of information: (a) Account data you provide directly, including your name, email address, and payment information when creating an account or subscribing. (b) Research inputs you submit, including website URLs and business context provided for keyword analysis. (c) Research outputs we store on your behalf, including keyword results, chosen keywords, and run history generated during your use of the service. (d) Technical data collected automatically, including your IP address, browser type, device information, and how you interact with our service.
We use your information for the following purposes, each with the stated lawful basis under UK GDPR Article 6: to provide and deliver the service and manage your account (contract performance, Article 6(1)(b)); to process payments and manage subscriptions (contract performance, Article 6(1)(b)); to record browser sessions for technical support and issue resolution (legitimate interest, Article 6(1)(f)); to analyse usage patterns and improve the service (legitimate interest, Article 6(1)(f)); to send you marketing communications where you have opted in (consent, Article 6(1)(a)); and to comply with legal obligations including financial record-keeping (legal obligation, Article 6(1)(c)).
We do not sell your personal information to third parties. We work with the following data processors who handle your data on our behalf, each bound by data processing agreements consistent with UK GDPR requirements: Supabase (database hosting and authentication, EU); Stripe (payment processing, US); PostHog (session recording and product analytics, EU); DataForSEO (keyword data and SERP retrieval, EU); OpenAI (keyword embedding generation for semantic search, US); Railway (background worker hosting, US); Vercel (frontend hosting and edge functions, US); Resend (transactional email delivery, US); Google Analytics (web analytics, US, consent-gated). We may also disclose your information where required by law or to protect our legal rights.
We implement industry-standard security measures to protect your personal information, including encryption, secure servers, and regular security audits. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
We use cookies and similar tracking technologies to enhance your experience, remember your preferences, and analyse usage patterns. You can control cookie settings through your browser, though disabling cookies may affect some functionality of our service.
When you are signed into your AutoKeywords account, we use PostHog to record your browser session for the purpose of providing technical support and resolving issues you may encounter. All text entered into input fields — including passwords and personal details — is masked and is not captured in recordings. Session recordings are retained for a maximum of 90 days, after which they are automatically deleted. The lawful basis for this processing is our legitimate interest in providing effective customer support (UK GDPR Article 6(1)(f)). Under UK GDPR Article 21, you have the right to object to this processing. To exercise this right, contact us at privacy@autokeywords.com — we will respond within one calendar month (extendable by a further two months for complex requests, with notification).
Under UK GDPR, you have the following rights regarding your personal data: the right to be informed about how your data is used (which this policy fulfils); the right of access to a copy of your personal data (Subject Access Request); the right to rectification of inaccurate or incomplete data; the right to erasure of your data ("right to be forgotten") in certain circumstances; the right to restrict processing of your data; the right to data portability in a structured, commonly used format; the right to object to processing based on legitimate interest; and rights related to automated decision-making. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. To exercise any of these rights, contact us at privacy@autokeywords.com.
We retain your data for the following periods: account data is retained while your account is active and for 12 months after account closure for legal and fraud prevention purposes; keyword run data and research results are retained while your account is active and deleted upon account deletion; payment records are retained for 7 years as required by UK financial record-keeping law; session recordings are retained for a maximum of 90 days on a rolling basis; marketing consent records are retained until consent is withdrawn and for 12 months thereafter (the post-withdrawal period is maintained as evidence of the consent record, for audit and compliance purposes).
Our service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services you interact with.
AutoKeywords is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information.
Some of our data processors are based outside the UK. Transfers to EU-based processors (including DataForSEO, PostHog, and Supabase operating in EU regions) are covered by UK adequacy decisions for the European Economic Area. Transfers to US-based processors (including Stripe, OpenAI, Railway, Vercel, Resend, and Google Analytics) are made under Standard Contractual Clauses as incorporated within the UK International Data Transfer Agreement (IDTA) framework. Each of these processors has agreed to data processing terms consistent with UK GDPR requirements.
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the effective date. Your continued use of our service after changes are posted constitutes acceptance of the updated policy.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@autokeywords.com or through our contact page. We will respond to your inquiry within a reasonable timeframe.