Privacy Policy

1. Information We Collect

We collect information you provide directly, information generated through your use of the Service, and information from third-party sources.

1.1 Account Information

When you create an account, we collect your name, email address, organization name, and any other information you choose to provide during registration. If you sign up through a third-party authentication provider (such as Google), we receive your name, email, and profile picture from that provider.

1.2 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, scan configurations, search queries within the platform, timestamps of actions, and the frequency and duration of your sessions.

1.3 Device & Technical Information

We collect device type, operating system, browser type and version, screen resolution, IP address, referring URLs, and general geographic location derived from your IP address. This data helps us optimize the Service for the devices and browsers our users rely on.

1.4 Scan & Crawl Data

When you initiate a scan, we crawl the target website(s) you specify and collect publicly available data such as HTML content, HTTP headers, response codes, page load metrics, and link structures. This data is processed to generate your SEO reports and is associated with your account.

1.5 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. We receive and store a tokenized reference, your billing address, and transaction history from Stripe for invoicing purposes.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To provide, maintain, and improve the Service, including running SEO scans, generating reports, calculating scores, and delivering audit findings.
• Account management: To manage your account, process subscriptions, handle billing, and provide customer support.
• Analytics & improvement: To understand how the Service is used, identify trends, detect errors, and improve performance and user experience.
• Communication: To send you transactional emails (scan completions, billing receipts, security alerts), product updates, and, with your consent, marketing communications.
• Security & fraud prevention: To detect, investigate, and prevent unauthorized access, abuse, or violations of our Terms of Service.
• Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. Data Storage & Security

We implement industry-standard technical and organizational measures to protect your data:

• Encryption: All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
• Infrastructure: Our Service is hosted on Google Cloud Platform with data centers located in the European Union. We use managed database services with automated backups and point-in-time recovery.
• Tenant isolation: Your data is logically isolated from other customers' data. Access controls ensure that each organization can only access its own data.
• Data retention: We retain your account data for as long as your account is active. Scan data is retained according to your subscription plan. Upon account deletion, we delete or anonymize your personal data within 30 days, except where retention is required by law.
• Access controls: Employee access to customer data is strictly limited, logged, and requires multi-factor authentication.

4. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve the Service. You can control cookies through your browser settings.

5. Third-Party Services

We use the following third-party services that may receive or process your data:

• Stripe — Payment processing. Stripe processes your payment information in accordance with their Privacy Policy.
• Google Analytics — Website analytics. We use anonymized IP addresses and have signed a Data Processing Agreement with Google. See Google's Privacy Policy.
• Firebase Authentication — User authentication and identity management. Firebase processes authentication tokens and basic profile data. See Firebase Privacy and Security.
• Google Cloud Platform — Infrastructure and hosting. All data processing occurs within EU data centers.

6. Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of inaccurate or incomplete personal data.
• Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
• Right to data portability: You may request your data in a structured, commonly used, and machine-readable format (JSON or CSV).
• Right to restriction of processing: You may request that we limit how we use your data in certain circumstances.
• Right to object: You may object to the processing of your personal data for direct marketing purposes at any time.
• Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@drurls.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

7. International Transfers

Dr Urls is headquartered in France. Your personal data is primarily processed and stored within the European Union.

Where we transfer personal data outside the European Economic Area (EEA), we ensure adequate safeguards are in place, including European Commission-approved Standard Contractual Clauses (SCCs) or reliance on the recipient's participation in recognized data transfer frameworks. We conduct transfer impact assessments as required by applicable law.

8. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such data promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@drurls.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email and/or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: