Indyo

Privacy Policy

Privacy Policy

Last updated: April 7, 2026

1. Who We Are

This Privacy Policy describes how Indyo Systems Inc. ("we", "us", "our") collects, uses, and protects information when you use the Indyo SEO/GEO/AEO Analyzer ("the Service") at https://audit.indyo.com/.

2. Information We Collect

When you use the Service as a guest:

  • Your IP address and the domain(s) you analyze — stored temporarily to enforce daily search limits. Purged at midnight UTC each day.

When you create a free account:

  • Your email address
  • URLs and domains you analyze, plus the full analysis results and scores
  • Search timestamps
  • IP address and browser user-agent used during login

When you subscribe (Pro plan):

  • All of the above, plus subscription status and billing period information
  • Payment is processed by Stripe — we never see or store your full card number

When you contact us:

  • Your email address and the reason category you selected

3. How We Use Your Information

  • To provide and improve the Service
  • To enforce usage limits and prevent abuse
  • To send you one-time login codes (OTPs) — no marketing emails unless you opt in
  • To deliver email analysis reports you explicitly request
  • To process subscription payments through Stripe
  • To respond to contact requests
  • To analyze aggregate, anonymous usage patterns via Google Analytics

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Retention

  • Guest activity logs: deleted daily at midnight UTC
  • Free account search history: deleted after 30 days
  • Pro account search history: retained indefinitely while your account is active
  • Login tokens: expire after 15 minutes and are marked used after verification
  • Sessions: expire after 30 days of inactivity
  • Contact requests: retained for up to 2 years for support purposes

5. Cookies and Tracking

We use a single session cookie (seo_sess) to keep you logged in. It is an HttpOnly, Secure, SameSite=Lax cookie — it cannot be read by JavaScript and is only transmitted over HTTPS.

We use Google Analytics (GA4) to understand aggregate traffic patterns. GA4 may set its own cookies. You can opt out using the Google Analytics Opt-out Browser Add-on.

6. Third-Party Services

  • Stripe — payment processing. See Stripe's Privacy Policy.
  • Google Analytics — anonymous usage analytics. See Google's Privacy Policy.
  • Cloudflare Turnstile — CAPTCHA for abuse prevention. See Cloudflare's Privacy Policy.
  • Anthropic Claude API — used to generate AI summary reports for Pro users. Submitted page content is not used to train Anthropic's models under our API agreement.

7. Your Rights (GDPR / Privacy Laws)

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and all associated data
  • Object to or restrict processing
  • Data portability

To exercise any of these rights, contact us and select "Account deletion request". We will respond within 30 days.

8. Security

We use industry-standard measures to protect your data: HTTPS-only transmission, hashed authentication tokens, HttpOnly session cookies, and prepared statements to prevent SQL injection. No security measure is perfect — if you discover a vulnerability, please contact us immediately.

9. Changes to This Policy

We may update this policy. When we do, we will update the "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy inquiries, use our Contact page and select "General inquiry" or "Account deletion request".