GDPR Compliance
Last updated: March 2026
Our Commitment
sERPFALL is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines how we handle personal data for users in the European Economic Area (EEA).
Data We Collect
- Account data: Email address, name, and password hash
- Usage data: Keywords tracked, alert configurations, and rank history
- Payment data: Processed securely through Stripe (we never store card details)
- Technical data: IP address, browser type, and session information
Legal Basis
We process personal data under the following legal bases:
- Contract performance: To provide our rank tracking services
- Legitimate interest: To improve our services and prevent fraud
- Consent: For marketing communications (opt-in only)
Your Rights
Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interest
- Restriction: Request limited processing of your data
Data Retention
We retain your data for as long as your account is active. After account deletion, we remove personal data within 30 days. Anonymized analytics data may be retained for service improvement.
Data Transfers
Your data is stored on servers in the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission for transfers outside the EEA.
Contact
For GDPR-related requests, contact our Data Protection Officer at privacy@serpfall.com.