Privacy Policy
Last updated: July 15, 2026
The short version: we collect the minimum needed to run a search API — your account email and your API usage. We don't sell data, we don't run advertising trackers, and we don't build profiles from the queries you send.
01Who we are
This policy describes how SERPdive (the serpdive.com website and the SERPdive API — hereinafter “we”) handles your personal data.
Data controller: Eden d'Alexis (sole proprietorship)
- 6 rue Jacquemin, 31250 Revel, France
- SIREN 931 736 805 — R.C.S. Toulouse
- Contact: hello@serpdive.com
02Data we collect
Account (when you sign up)
- Email address — used to identify your account and send sign-in codes.
- Name and avatar — only if you sign in with Google or GitHub, as provided by those services. Sign-in is passwordless: we never see or store a password.
API usage (when you call the API)
- API keys — generated by you in the dashboard, stored in a form that lets us verify them but attributes them only to your account.
- Request metadata — endpoint, model, credits consumed, timestamps and response status, used for billing, quotas, the usage dashboard and abuse prevention.
- Search queries — the queries your integration sends are processed to return results. They may appear transiently in technical logs for debugging and abuse prevention; we do not use them to profile you or your users, and we do not sell them.
Website
- Essential cookies only — a session cookie to keep you signed in. No advertising or cross-site tracking cookies.
03Legal bases (GDPR)
- Art. 6(1)(b)Performance of a contract — operating your account and serving API requests.
- Art. 6(1)(f)Legitimate interest — security, abuse prevention, aggregate service statistics.
- Art. 6(1)(a)Consent — anything optional, such as product announcements, if you opt in.
04Sharing and processors
We never sell, rent or trade your personal data.
We rely on a small set of infrastructure providers, bound by their own data-processing agreements:
- Cloudflare, Inc. (USA) — application hosting and content delivery.
- Neon, Inc. (USA) — serverless PostgreSQL database.
- Amazon Web Services — regional search infrastructure.
Where these providers process data outside the EU, transfers are covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses.
05Security
All traffic is encrypted in transit (HTTPS/TLS). Access to production systems is restricted and credential-based. Authentication is passwordless — one fewer secret to leak.
06Retention
- Account data — kept until you delete your account, or after 24 months of inactivity.
- Usage records — up to 12 months, for billing history and quota enforcement.
- Technical logs — up to 90 days, then deleted or anonymized.
07Your rights
You have the right to access, rectify, erase, restrict, object to the processing of, and port your personal data.
To exercise any of these rights, write to hello@serpdive.com. You can also lodge a complaint with the French supervisory authority, the CNIL (cnil.fr).
08Changes to this policy
We may update this policy as the service evolves. Material changes will be reflected in the “last updated” date above; continued use of the service after a change constitutes acceptance of the revised policy.