IndexFlow

Privacy Policy

Last updated: March 11, 2026

1. Introduction

IndexFlow ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SEO indexing service.

By using IndexFlow, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

  • Email address
  • Full name
  • Password (encrypted)
  • Payment information (processed securely through Stripe)

2.2 Usage Data

When you use our Service, we automatically collect:

  • URLs you submit for checking or indexing
  • Job history and processing results
  • API usage statistics
  • Credit consumption and transaction history
  • IP address and browser information
  • Log data (timestamps, actions performed)

2.3 Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze usage patterns. You can control cookies through your browser settings.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, operate, and maintain our indexing service
  • Account Management: To manage your account, authenticate users, and process payments
  • Communication: To send you service updates, technical notices, and support messages
  • Improvement: To analyze usage patterns and improve our Service
  • Security: To detect, prevent, and address technical issues and fraudulent activity
  • Compliance: To comply with legal obligations and enforce our Terms of Service

4. Data Storage and Security

4.1 Storage Location

Your data is stored on secure servers provided by Hetzner in Germany. We implement industry-standard encryption both in transit (TLS/SSL) and at rest.

4.2 Security Measures

  • Password hashing using bcrypt
  • Encrypted database connections
  • Regular security audits and updates
  • Access controls and authentication tokens
  • Secure API key management

4.3 Data Breach Protocol

In the event of a data breach, we will notify affected users within 72 hours via email and provide guidance on protective measures.

5. Third-Party Services

We use the following third-party services that may collect or process your data:

5.1 Stripe (Payment Processing)

Payment information is processed securely through Stripe. We do not store credit card details on our servers. Please review Stripe's Privacy Policy.

5.2 Google APIs

We use Google's indexing and search APIs to check index status and submit URLs. Data sent to Google is governed by Google's Privacy Policy.

5.3 Analytics

We may use analytics services to understand usage patterns. These services collect anonymized data about your interactions with our Service.

6. Data Sharing and Disclosure

We do NOT sell your personal information. We may share your data only in the following circumstances:

  • Service Providers: With trusted third-party processors (Stripe, Google) necessary to operate our Service
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In the event of a merger, acquisition, or sale of assets
  • Protection: To protect our rights, property, or safety, and that of our users

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete your account:

  • Personal information is deleted within 30 days
  • Transaction records are retained for 7 years for accounting and legal compliance
  • Anonymized usage data may be retained indefinitely for analytics

8. Your Rights (GDPR Compliance)

If you are in the European Economic Area (EEA), you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Request transfer of data to another service
  • Object: Object to processing of your data
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at [email protected]

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place through standard contractual clauses and compliance with GDPR requirements.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Data Protection Officer: For GDPR-related inquiries, you may contact our Data Protection Officer at the same email address.

Address: Stark Enterprises, 9/A, Panjab Bank Apart, Police Line Road, Sangli, Maharashtra 416416, India