Analyze

Privacy Policy

Last updated: March 25, 2026

Contents

  1. Introduction & Data Controller
  2. Why and How We Process Your Data
  3. What Personal Data We Collect
  4. Email Communications
  5. Cookies and Tracking Technologies
  6. Third-Party Services (Data Processors & Recipients)
  7. International Data Transfers
  8. Data Retention and Deletion
  9. Data Security
  10. Your Rights (GDPR)
  11. Additional Provisions
  12. Contact Information

1. Introduction & Data Controller

SEO Test Online (seotest.online) is a free SEO analysis tool that allows you to evaluate the search engine optimization of any web page. The service is operated by Topranker.cz (hereinafter referred to as "we", "us", "our", or the "Operator"), which acts as the data controller for the purposes of applicable data protection legislation.

This Privacy Policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, or "GDPR") and the applicable Czech data protection legislation, including Act No. 110/2019 Coll., on Personal Data Processing. It describes how we collect, use, store, share, and protect your personal data when you use our service.

By using SEO Test Online, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our service.

In brief: We are a free SEO analysis tool operated by Topranker.cz. We collect only the minimum data necessary to perform SEO analysis and deliver your report (URL, email, language preference). We do not sell your personal data to anyone. Marketing emails (SEO tips) are sent only after explicit double opt-in consent. Full analysis data is automatically deleted after 30 days. You can request deletion of all your data at any time by emailing [email protected]. We do not require user accounts or passwords.

2. Why and How We Process Your Data

We process personal data only for specific, explicit, and legitimate purposes. The following table provides a complete overview of all processing activities, the categories of data involved, and the legal basis under the GDPR for each.

PurposeData ProcessedLegal Basis (GDPR Art.)
SEO analysis executionURL submitted, email address, language preferencePerformance of a contract — Art. 6(1)(b)
Report delivery via emailEmail addressPerformance of a contract — Art. 6(1)(b)
Rate limiting & abuse preventionIP address, User-AgentLegitimate interest — Art. 6(1)(f)
SEO tips & recommendations (marketing)Email addressConsent (double opt-in) — Art. 6(1)(a)
Service improvement & analyticsUsage data, User-AgentLegitimate interest — Art. 6(1)(f)
Legal obligation complianceAll necessary dataLegal obligation — Art. 6(1)(c)
Customer support (feedback)Message content, IP address, User-AgentLegitimate interest — Art. 6(1)(f)

Where we rely on legitimate interest as the legal basis, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interest at any time (see Section 10).

3. What Personal Data We Collect

We adhere to the principle of data minimisation and collect only the personal data necessary to provide and improve our service. Below is a detailed breakdown by category.

3.1 Identification Data

  • Email address — Provided by you when you submit a URL for analysis. Used to deliver your SEO report and, with your explicit consent, to send SEO tips and recommendations. Stored in our database and in our email service provider (SendPulse) for subscriber management.

3.2 Technical Data

  • IP address — Automatically collected when you interact with our service. Used for rate limiting (preventing abuse of the free service), logged alongside report submissions and feedback. Rate limit records are automatically purged after 24 hours.
  • User-Agent string — The browser and operating system identification sent by your browser. Used for service improvement, analytics, and logged with feedback submissions.
  • Browser information — General technical information collected by third-party services such as Cloudflare Turnstile during CAPTCHA verification.

3.3 Service Data

  • URLs analyzed — The web page addresses you submit for SEO analysis. Stored as part of report metadata and used to perform the analysis. The URL is also sent to the Google PageSpeed Insights API.
  • SEO scores and results — The analysis output including scores, identified issues, and recommendations. Full analysis data (JSON) is automatically deleted after 30 days. Summary metadata (URL, score, tags) is retained for record-keeping.
  • Language preference — Your selected language for the interface and report. Used to display content in the correct language and stored as report metadata.

3.4 Communication Data

  • Feedback messages — If you submit feedback or a bug report through our service, we collect your message content along with your IP address and User-Agent string. This data is used solely to investigate and resolve the reported issue and is retained until the matter is resolved or deleted upon your request.

3.5 Consent Records

  • Terms acceptance — A record that you accepted the Terms of Service and Privacy Policy at the time of form submission.
  • Marketing consent — Whether you opted in to receive SEO tips and recommendations via the separate consent checkbox.
  • Double opt-in confirmation status — Whether you confirmed your subscription by clicking the confirmation link in the verification email. Marketing emails are only sent after confirmed opt-in.

Consent records are retained for as long as necessary to demonstrate compliance with GDPR requirements and are deleted when the associated subscription is cancelled or upon your request.

4. Email Communications

We send two distinct types of email communications, each with a different legal basis:

4.1 Transactional Emails (Report Delivery)

When you submit a URL for SEO analysis, we immediately send you an email containing a link to your analysis report. These transactional emails are an essential part of the service you requested and are sent based on the contractual necessity legal basis (Art. 6(1)(b) GDPR). You cannot opt out of these emails while using the service, as they are required to deliver the results of your analysis.

4.2 Marketing Emails (SEO Tips & Recommendations)

With your explicit consent, we may send you periodic emails containing useful SEO tips, guides, best practices, and recommendations. We use a double opt-in process to ensure your consent is genuine:

  1. You check the marketing consent checkbox on the analysis form (separate from the required Terms acceptance).
  2. After submitting the form, you receive a confirmation email from SendPulse.
  3. Marketing emails are sent only after you click the confirmation link in that email.

4.3 How to Unsubscribe

You can unsubscribe from marketing emails at any time by:

  • Clicking the unsubscribe link included at the bottom of every marketing email.
  • Contacting us at [email protected] with a request to unsubscribe.

Unsubscribing from marketing emails does not affect the delivery of transactional report emails.

We do NOT sell email lists. Your email address is never sold, rented, traded, or otherwise shared with third parties for their own marketing purposes. It is shared only with our email service provider (SendPulse) for the sole purpose of delivering emails on our behalf.

5. Cookies and Tracking Technologies

SEO Test Online uses a minimal number of cookies, all of which are strictly necessary for the proper functioning and security of the service.

Cookie / TechnologyCategoryPurposeDuration
CSRF TokenStrictly necessaryProtects against cross-site request forgery attacks. Set with Secure, HttpOnly, and SameSite=Strict flags.Session
Cloudflare TurnstileStrictly necessaryCAPTCHA verification to prevent automated abuse of the analysis form. Cloudflare may set cookies as part of their challenge process.Varies (set by Cloudflare)

We do not use:

  • Google Analytics or any other third-party analytics tracking scripts
  • Advertising or retargeting cookies or tracking pixels
  • Social media tracking cookies (Facebook Pixel, etc.)
  • Any non-essential, preference, or performance cookies

For a complete and detailed overview of all cookies used on our website, please visit our Cookie Policy page.

Legal basis for cookies: Since all cookies used on SEO Test Online are strictly necessary for the functioning and security of the service, no cookie consent is required under the ePrivacy Directive (Directive 2002/58/EC, Art. 5(3)). We disclose their use here and on our Cookie Policy page for full transparency.

6. Third-Party Services (Data Processors & Recipients)

To provide our SEO analysis service, we rely on the following third-party services that may process certain personal data on our behalf or as independent controllers. We have ensured that appropriate data processing agreements are in place where required by the GDPR.

ServicePurposeData SharedPrivacy Policy
Google PageSpeed Insights APIPerformance and Core Web Vitals analysis of submitted URLsURL submitted for analysispolicies.google.com/privacy
Cloudflare TurnstileCAPTCHA verification to prevent automated abuseIP address, browser characteristicscloudflare.com/privacypolicy
Google FontsLoading the Inter typeface for the website interfaceIP address, browser informationpolicies.google.com/privacy
SendPulseEmail delivery (reports & marketing) and CRM subscriber managementEmail address, subscriber tags, consent statussendpulse.com/legal/pp

Google PageSpeed Insights API: When you submit a URL for analysis, that URL is transmitted to Google's servers to retrieve performance metrics and Core Web Vitals data. Google processes the URL and the content of the analyzed page according to their own privacy policy.

Cloudflare Turnstile: A privacy-preserving CAPTCHA alternative. When the analysis form loads, a Cloudflare script runs in your browser to verify you are a real user. Cloudflare may collect technical data (IP address, browser characteristics) for this verification.

Google Fonts: Your browser makes requests to Google's font servers to load the Inter typeface. This means Google receives your IP address and browser information as part of the HTTP request.

SendPulse: Acts as a data processor on our behalf. Your email address is transmitted to SendPulse to deliver SEO reports, manage subscriber records, and associate tags for segmentation (e.g., language, analysis type). SendPulse processes your data in accordance with their privacy policy and our data processing agreement.

7. International Data Transfers

Some of the third-party services we use (Google, Cloudflare, SendPulse) are operated by companies headquartered outside the European Union / European Economic Area (EU/EEA). This means that your personal data may be transferred to and processed in countries outside the EU/EEA, including the United States.

Where personal data is transferred outside the EU/EEA, we ensure that appropriate safeguards are in place as required by GDPR Chapter V (Articles 44–49), including:

  • EU Standard Contractual Clauses (SCCs) — Contractual clauses approved by the European Commission that provide appropriate data protection guarantees.
  • Adequacy decisions — Where the European Commission has determined that a third country provides an adequate level of data protection (e.g., the EU-U.S. Data Privacy Framework).
  • Other appropriate safeguards — Including binding corporate rules, certifications, or codes of conduct as applicable.

You may contact us at [email protected] to request further information about the specific safeguards applied to any particular transfer of your data.

8. Data Retention and Deletion

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law. The table below provides a summary of our retention periods and deletion methods.

Data TypeRetention PeriodDeletion Method
Full analysis data (on-page data, issues, PageSpeed results as JSON)30 daysAutomatic deletion via scheduled cron job
Report metadata (URL, email, score, language, tags)Indefinite (for service records)Deleted upon request
Rate limit records (IP, email, timestamp)24 hoursAutomatic expiration
Subscription & consent records (consent status, confirmation status)Until unsubscribe or deletion requestDeleted upon request
Feedback submissions (message, IP, User-Agent)Until resolvedDeleted upon request or when no longer needed
SendPulse CRM data (email, tags, consent status)Until unsubscribe requestDeleted upon unsubscribe or deletion request

If you would like your data deleted, please contact us at [email protected]. We will process your request and confirm deletion within 30 days.

9. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption (TLS 1.2+) — All connections to seotest.online are encrypted using modern TLS protocols, ensuring that data transmitted between your browser and our servers cannot be intercepted.
  • CSRF protection — Secure, HttpOnly, SameSite=Strict tokens protect all form submissions against cross-site request forgery attacks.
  • CAPTCHA (Cloudflare Turnstile) — Prevents automated abuse and bot-driven submissions.
  • Rate limiting — Per-IP and per-email rate limits prevent abuse of the free service and protect against denial-of-service attacks.
  • SQL injection prevention — All database queries use prepared statements (PDO) to prevent SQL injection vulnerabilities.
  • Security headers — Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers are configured to mitigate common web vulnerabilities.
  • Automated data cleanup — Scheduled cron jobs automatically purge expired analysis data and rate limit records.
  • SSRF protection — Server-side request forgery protection blocks requests to private IP ranges, localhost, and cloud metadata endpoints when fetching URLs for analysis.
  • No password storage — SEO Test Online does not require user accounts or passwords, eliminating the risk of credential-related breaches.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. If you become aware of any security vulnerability or incident, please contact us immediately at [email protected].

10. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights regarding your personal data. These rights apply if you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with equivalent data protection protections.

  • Right of Access (Art. 15 GDPR) — You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to request a copy of that data along with information about the processing.
  • Right to Rectification (Art. 16 GDPR) — You have the right to request correction of inaccurate personal data or completion of incomplete data we hold about you.
  • Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR) — You have the right to request that we delete your personal data. We will comply unless we have a legal obligation to retain it or another lawful basis for continued processing.
  • Right to Restriction of Processing (Art. 18 GDPR) — You have the right to request that we restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or object to processing.
  • Right to Data Portability (Art. 20 GDPR) — You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV), and to transmit that data to another controller without hindrance.
  • Right to Object (Art. 21 GDPR) — You have the right to object to processing based on legitimate interest (Art. 6(1)(f)). We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to Withdraw Consent — Where processing is based on your consent (e.g., marketing emails), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
  • Right to Lodge a Complaint with a Supervisory Authority — If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a data protection supervisory authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

Supervisory Authority

The competent supervisory authority for data protection in the Czech Republic is:

Urad pro ochranu osobnich udaju (UOOU)
Office for Personal Data Protection
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
Website: www.uoou.cz

How to Exercise Your Rights

To exercise any of the above rights, please send your request to [email protected]. To help us process your request efficiently, please include:

  • Your email address (so we can identify the data associated with you).
  • A clear description of the right you wish to exercise.
  • Any additional information that may help us locate your data.

We will respond to all legitimate requests within 30 days. In exceptional circumstances (for example, if your request is particularly complex or involves a large volume of data), we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it within the initial 30-day period.

Data deletion request: To request deletion of all data associated with your email address — including reports, CRM subscriber records, consent records, and any associated metadata — contact us at [email protected]. We will process your request and confirm deletion within 30 days.

11. Additional Provisions

11.1 Children's Privacy

SEO Test Online is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at [email protected], and we will take prompt steps to delete such information from our systems.

11.2 Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you, as described in Article 22 of the GDPR. The SEO scores, ratings, and recommendations generated by our service are purely informational in nature. They are intended to help you improve your website's search engine optimization and do not constitute legally binding assessments or decisions.

11.3 No Data Selling

We never sell, rent, lease, or trade your personal data to third parties for their own commercial or marketing purposes. Your data is shared only with the third-party service providers listed in Section 6, solely for the purposes of providing our service to you.

11.4 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. For material changes that significantly affect your rights, we will make reasonable efforts to provide notice (e.g., via a prominent notice on our website).

We encourage you to review this page periodically to stay informed about how we protect your data. Your continued use of SEO Test Online after the publication of an updated Privacy Policy constitutes your acceptance of the changes.

12. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have any concerns about how we handle your personal data, please contact us using the details below:

We aim to respond to all legitimate requests within 30 days. In exceptional circumstances, it may take us longer, but we will notify you and keep you updated on the progress of your request.