Privacy Policy
Last updated: February 2026
1. Introduction
This Privacy Policy explains how BasecampSEO ("the Service", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our Google Search Console analytics platform. We are committed to protecting your privacy and handling your data in a transparent and responsible manner.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Service. This policy should be read in conjunction with our Terms of Service and Cookies Policy.
2. Data Controller
The data controller responsible for your personal data is:
Wioks Global, S.L.
NIF: B67621250
Calle Sant Josep 132-134
08980, Sant Feliu De Llobregat, Barcelona, Spain
Email: support@basecampseo.com
As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that such processing complies with applicable data protection laws, including the General Data Protection Regulation (GDPR).
3. Information We Collect
We collect different types of information depending on how you interact with the Service. Understanding what data we collect helps you make informed decisions about your use of our platform.
3.1 Account Information
When you create an account, we collect information necessary to establish and manage your user profile. This includes your email address, which serves as your primary identifier and is used for authentication and communication purposes. If you choose to sign in using Google OAuth, we may also receive your name and profile picture from Google, though we only store what is necessary for the Service to function.
3.2 Google Search Console Data
When you connect your Google Search Console account to the Service, we access and store search performance data on your behalf. This includes metrics such as clicks, impressions, click-through rates, and average search positions, along with the associated dimensions including search queries, landing pages, countries, and device types. This data is retrieved through Google's Search Console API and is stored in our database to provide you with historical analytics and reporting capabilities.
3.3 Usage Information
We collect information about how you interact with the Service to help us understand usage patterns and improve our product. This includes the features you access, the dashboards you view, the filters and date ranges you apply, and general interaction patterns within the application. This data helps us identify areas for improvement and develop new features that better serve our users' needs.
3.4 Technical Information
When you access the Service, we automatically collect certain technical information from your device and browser. This includes your IP address, browser type and version, operating system, device identifiers, and information about your network connection. We also maintain server logs that record requests made to our systems, which are used for security monitoring, troubleshooting, and maintaining the integrity of the Service.
3.5 Payment Information
If you subscribe to a paid plan, payment processing is handled by Stripe. We do not receive or store your complete credit card number. Stripe provides us with limited information such as the last four digits of your card, the card type, and the expiration date, which we use for displaying payment method information in your account settings and for customer support purposes.
4. Legal Basis for Processing
Under the GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases depending on the specific processing activity:
Performance of Contract: Most of our data processing is necessary to provide you with the Service you have requested. This includes processing your account information to manage your account, processing your Google Search Console data to generate analytics dashboards, and processing payment information to manage your subscription.
Legitimate Interests: We process certain data based on our legitimate interests, provided these interests are not overridden by your rights and freedoms. This includes processing for security purposes, fraud prevention, improving and developing the Service, and analyzing usage patterns to enhance user experience. We conduct balancing tests to ensure our legitimate interests do not unduly impact your privacy.
Consent: For certain processing activities, such as the use of analytics cookies and sending marketing communications, we rely on your explicit consent. You have the right to withdraw consent at any time, and doing so will not affect the lawfulness of processing carried out before the withdrawal.
Legal Obligation: In some cases, we may be required to process your data to comply with legal obligations, such as tax reporting requirements, responding to lawful requests from public authorities, or preserving data for potential legal proceedings.
5. How We Use Your Data
We use the information we collect for various purposes, all of which are aimed at providing, maintaining, and improving the Service. Primarily, we use your data to operate the Service and deliver the functionality you expect, including authenticating your identity, processing your Google Search Console data, generating analytics dashboards, and managing your subscription and payments.
We also use your information to communicate with you about the Service, including sending transactional emails related to your account, notifying you of important changes to the Service or our policies, and responding to your support requests and inquiries. Additionally, we use aggregated and anonymized data to understand how users interact with the Service, identify trends, and make data-driven decisions about product development and improvements.
We take care to use your data only for purposes that are compatible with the reasons for which it was originally collected. If we need to use your data for a new, unrelated purpose, we will notify you and, where required, obtain your consent.
6. Data Sharing and Third-Party Services
We do not sell your personal data to third parties. We share your data only in limited circumstances and with appropriate safeguards in place. The following categories describe the third parties with whom we may share your information:
Infrastructure and Hosting Providers: Our Service is built on and hosted by several third-party platforms. Supabase provides our database hosting and authentication infrastructure, storing your account information and Search Console data. Vercel hosts our frontend application and serves our website through their global content delivery network. Railway hosts our API servers and background worker processes. These providers act as data processors on our behalf and are contractually obligated to protect your data.
Authentication and API Services: When you connect your Google account, data flows through Google's OAuth and Search Console APIs. Google processes this data according to their own privacy policy. We receive only the data necessary to provide the Service and do not share your BasecampSEO usage data with Google.
Payment Processing: Stripe processes all payment transactions for paid subscriptions. When you provide payment information, it is transmitted directly to Stripe's secure servers. Stripe is certified as a PCI Level 1 Service Provider, the highest level of certification in the payment card industry.
Analytics Services: We use Plausible for privacy-focused website analytics. Plausible does not use cookies and does not collect personal data—it provides us with aggregate statistics about website traffic without identifying individual users. We also use PostHog for product analytics to understand feature usage and improve the user experience. PostHog processes usage data on our behalf as a data processor.
Legal and Safety Disclosures: We may disclose your information if required to do so by law, in response to valid legal process, to protect the rights, property, or safety of our company, users, or the public, or to enforce our Terms of Service.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations. The specific retention periods depend on the type of data and the purpose for which it was collected.
Your account information is retained for as long as your account remains active. If you delete your account, we will remove your personal information from our active systems within 30 days, though some data may persist in encrypted backups for a limited period as part of our disaster recovery procedures.
Google Search Console data is retained according to your subscription plan. Free plans retain up to 16 months of historical data, matching Google's own retention limit. Paid plans offer unlimited retention, allowing you to build a long-term historical record of your search performance. Upon account deletion or at your request, this data will be permanently removed from our systems.
Technical logs and server records are typically retained for up to 90 days for security and troubleshooting purposes. Payment records may be retained for longer periods as required by tax and accounting regulations.
8. International Data Transfers
Our Service is operated from and primarily hosted in data centers located within the European Economic Area (EEA). However, some of our third-party service providers, including hosting and infrastructure providers, may process data in locations outside the EEA, including the United States.
When personal data is transferred outside the EEA to countries that have not been deemed to provide an adequate level of data protection by the European Commission, we ensure that appropriate safeguards are in place. These safeguards typically include Standard Contractual Clauses approved by the European Commission, which are incorporated into our contracts with these service providers. Where applicable, we also rely on providers' participation in recognized data protection frameworks.
You may request additional information about the specific safeguards applied to transfers of your personal data by contacting us using the details provided in this policy.
9. Your Rights Under GDPR
If you are located in the European Economic Area, you have certain rights regarding your personal data under the General Data Protection Regulation. We are committed to facilitating the exercise of these rights in a timely and transparent manner.
Right of Access: You have the right to request confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about how it is being processed. You can access much of your data directly through your account settings, but you may also submit a formal access request to us.
Right to Rectification: If any of the personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. You can update most of your account information directly through the Service, or contact us for assistance with other corrections.
Right to Erasure: Also known as the "right to be forgotten," you may request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent on which the processing was based. You can initiate account deletion through your account settings.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.
Right to Object: You may object to the processing of your personal data where we are relying on legitimate interests as the legal basis, particularly in relation to direct marketing or profiling.
Right to Restriction: In certain circumstances, you may request that we restrict the processing of your personal data, for example while we verify the accuracy of data you have challenged or while we assess an objection you have raised.
To exercise any of these rights, please contact us at support@basecampseo.com. We will respond to your request within one month, though this period may be extended by two further months for complex requests. We may need to verify your identity before processing your request. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Security is a priority in our system design and operational practices.
All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS). OAuth refresh tokens, which grant access to your Google Search Console data, are encrypted at rest using AES-256-GCM encryption before being stored in our database. Access to production systems and databases is restricted to authorized personnel and protected by strong authentication mechanisms.
Our database employs Row Level Security (RLS) policies that ensure users can only access their own data at the database level, providing an additional layer of protection against unauthorized data access. We conduct regular security reviews and promptly address any identified vulnerabilities.
Despite our efforts, no method of electronic transmission or storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach that affects your personal data, we will notify you and the relevant supervisory authorities as required by applicable law.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to provide and improve the Service. Cookies are small text files stored on your device that help us recognize you and remember your preferences. For detailed information about the specific cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookies Policy.
12. Children's Privacy
The Service is not intended for use by individuals under the age of 18, and we do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information from our systems.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this policy, we will notify you by email at the address associated with your account and by posting a prominent notice within the Service. The "Last updated" date at the top of this policy indicates when it was last revised.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.