Start Free

Privacy Policy

This Privacy Policy explains how Foundea GmbH ("we", "us", "our") processes personal data when you visit seonio.com and use the services offered through it (the "Service").

Seonio.com is an SEO software service provided by Foundea GmbH.

1. Entity

The entity responsible for data processing in connection with this website and the Service is:

Foundea GmbH
Seonio.com
Lise-Meitner-Str. 9
89081 Ulm
Germany

Email: [email protected]

Represented by: Mahir Yildirim
Commercial register: Amtsgericht Ulm, HRB 731876
VAT ID: DE299284795

2. What Personal Data We Process

We process personal data only to the extent necessary to operate the website, provide the Service, process subscriptions, and communicate with users.

2.1 Data you provide to us

We may process the following data when you register, log in, subscribe, contact us, or use the Service:

  • email address
  • account credentials
  • name and profile data received from Google if you use Google sign-in
  • billing and subscription-related information
  • support requests and other communications
  • tool inputs you submit, such as keywords, URLs, domains, search queries, or similar analysis inputs
  • account settings, credit usage, and report history

2.2 Data processed automatically

When you visit or use the website, we may automatically process technical data such as:

  • IP address
  • browser type and version
  • device and operating system information
  • date and time of access
  • requested pages and files
  • referrer URL
  • server log data
  • error and security event data

This data is processed to ensure the security, stability, and proper operation of the website and the Service.

2.3 Data processed when using the tools

When you use Seonio features such as keyword research, website traffic checking, URL backlink checking, SERP scraping, URL scraping, YouTube transcript retrieval, keyword clustering, and related SEO functions, we process the data necessary to generate and display the requested results.

This may include submitted keywords, domains, URLs, report inputs, report outputs, usage history, and credit consumption.

3. Purposes and Legal Bases

We process personal data on the following legal bases under Art. 6 GDPR:

Art. 6(1)(b) GDPR — Performance of a contract

We process data where necessary to provide the Service, including:

  • creating and managing user accounts
  • authenticating users
  • providing SEO tools, reports, and saved account functionality
  • operating the credit system
  • processing subscriptions and payments
  • sending service-related emails
  • responding to support requests

Art. 6(1)(c) GDPR — Compliance with legal obligations

We process data where necessary to comply with legal obligations, especially obligations under tax, accounting, and commercial law.

Art. 6(1)(f) GDPR — Legitimate interests

We process data where necessary for our legitimate interests, in particular:

  • maintaining the security and integrity of the website and Service
  • preventing abuse, fraud, spam, and unauthorized access
  • troubleshooting and improving the Service
  • enforcing legal claims and defending against legal claims

Art. 6(1)(a) GDPR — Consent

Where processing is based on consent, you may withdraw your consent at any time with effect for the future.

4. Registration and Login

You can create an account using your email address and password.

You may also choose to sign in using Google. If you use Google sign-in, we receive the information necessary to authenticate your account, such as your name, email address, and the identifier associated with your Google account. We do not receive your Google password.

5. Payments and Subscriptions

If you purchase a paid plan, payment processing is handled by Stripe. We do not store full payment card details ourselves.

Stripe may process billing, payment, fraud-prevention, and transaction-related data under its own privacy terms where applicable.

6. Email Communications

We send transactional emails that are necessary for operating the Service, such as account-related messages, login-related messages, password reset emails, billing emails, and support communications.

For this purpose, we use Mailgun as our email delivery provider.

We do not send marketing emails unless you have separately consented to receive them, where such consent is required.

7. Cookies and Similar Technologies

We do not use advertising cookies or analytics cookies based on the information currently provided about the Service.

We use only cookies and similar technologies that are necessary to operate the website and the Service, for example:

  • login and session cookies
  • security-related cookies
  • technical cookies required for requested website functions

These technologies are used to provide the Service, maintain login sessions, and protect the website from abuse and attacks.

If non-essential cookies or tracking technologies are introduced in the future, we will update this Privacy Policy and, where legally required, request consent before using them.

8. Recipients and Service Providers

We may disclose personal data to recipients where necessary to operate the Service or comply with legal obligations.

These recipients may include:

  • Stripe for payment processing
  • Mailgun for transactional email delivery
  • Google if you use Google sign-in
  • Cloudflare for website security, performance, and protection against abuse
  • netcup for hosting and infrastructure
  • technical service providers required to operate the Service
  • legal advisers, auditors, or authorities where legally required

We do not sell, rent, or trade personal data.

9. Hosting and International Data Transfers

We use netcup as our hosting and infrastructure provider.

The Service is hosted on infrastructure located outside the European Union / European Economic Area.

Where personal data is transferred to a third country, we ensure that the transfer takes place only in accordance with applicable data protection law and that appropriate safeguards are in place, such as an adequacy decision, standard contractual clauses, or another lawful transfer mechanism.

In addition, some of the service providers we use may process data outside the EU/EEA where necessary for their services. Where this happens, we rely on the safeguards required by applicable law.

10. Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

In particular:

  • account data is generally kept for as long as your account exists
  • subscription, billing, and invoice data may be kept for the period required by tax and commercial law
  • support communications may be kept as long as necessary to process and document the request
  • server logs and security-related data are kept for a limited period as necessary for security and technical operation
  • report history, tool inputs, tool outputs, and usage data may be kept for as long as necessary to provide account functions, saved reports, service history, abuse prevention, and related product features

After the applicable retention period ends, data is deleted or anonymized unless further storage is legally required.

11. Data Security

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

However, no internet transmission or electronic storage system can be guaranteed to be completely secure.

12. Children

The Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16.

If you believe that a child has provided personal data to us, please contact us so that we can review and delete the data where appropriate.

13. Your Rights

If the GDPR applies to you, you have the following rights, subject to the statutory requirements:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object
  • right to withdraw consent at any time, where processing is based on consent
  • right to lodge a complaint with a supervisory authority

To exercise your rights, please contact us at: [email protected]

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes.

The current version will always be published on this page with the updated date shown above.

16. Contact

If you have questions about this Privacy Policy or the processing of your personal data, please contact us:

Foundea GmbH
Seonio.com
Lise-Meitner-Str. 9
89081 Ulm
Germany

Email: [email protected]

Last updated: April 14, 2026