1. Introduction
ZolukoWeb Digital LLC ("we," "us," or "our") operates SchemaReports (the "Service"), an AI-powered website audit platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using SchemaReports, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
2. Google API Services User Data Policy
Limited Use Disclosure
SchemaReports' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
2.1 What Google Data We Access
When you connect your Google account to SchemaReports, we may access the following data based on the permissions you grant:
| Google Service | Data Accessed | Purpose |
|---|---|---|
| Google Search Console | Search queries, clicks, impressions, average position, page indexing status, sitemaps | Display your search performance data in your unified dashboard |
| Google Analytics 4 | Sessions, users, page views, bounce rate, traffic sources, conversion data | Display your website analytics in your unified dashboard |
| Google Ads | Keyword performance, search terms, campaign metrics (read-only) | Provide keyword research data and performance insights |
2.2 How We Use Google Data
We use data obtained through Google APIs solely to:
- Display your analytics data within your SchemaReports dashboard
- Generate unified reports combining multiple data sources
- Provide AI-powered insights based on your performance data
- Send you optional performance alerts (if enabled)
2.3 How We Protect Google Data
We commit to the following protections for your Google data:
- No Sale of Data: We never sell, rent, or lease your Google data to third parties
- No Advertising Use: We do not use your Google data for advertising or marketing to third parties
- Limited Transfer: We only transfer Google data to third parties when necessary to provide the Service (e.g., secure cloud hosting)
- No Human Review for Unrelated Purposes: We do not allow humans to read your Google data except:
- With your explicit consent
- For security purposes (investigating abuse or security issues)
- To comply with applicable law
- When aggregated and anonymized for internal operations
2.4 Revoking Google Access
You can revoke SchemaReports' access to your Google account at any time:
- Visit Google Account Permissions
- Find "SchemaReports" in the list of connected apps
- Click "Remove Access"
Upon revocation, we will stop accessing your Google data immediately. Previously fetched data may be retained according to our data retention policies but will no longer be updated.
3. Information We Collect
3.1 Information You Provide
- Account Information: Email address, name, and password when you create an account
- Billing Information: Payment card details (processed securely by Stripe)
- Audit Targets: URLs of websites you submit for auditing
- Business Context: Business type, service area, and other context you provide for audits
- Communications: Messages you send us via email or contact forms
3.2 Information Collected Automatically
- Usage Data: Pages visited, features used, audit history, and timestamps
- Device Information: Browser type, operating system, device type, screen resolution
- IP Address: For security, fraud prevention, and approximate location
- Cookies and Tracking: See Section 7 for details
3.3 Information from Third Parties
- Google APIs: Search Console, Analytics, and Ads data (when you connect your account)
- Payment Processor: Transaction confirmations from Stripe
4. How We Use Your Information
We use collected information to:
- Provide the Service: Run website audits, generate reports, display analytics dashboards
- Process Transactions: Handle subscriptions and billing
- Improve the Service: Analyze usage patterns to improve features and user experience
- Communicate: Send transactional emails, respond to inquiries, and send optional marketing (with consent)
- Security: Detect and prevent fraud, abuse, and security threats
- Legal Compliance: Comply with legal obligations and enforce our Terms of Service
5. How We Share Your Information
We do not sell your personal information. We may share information in these limited circumstances:
5.1 Service Providers
We use trusted third-party services to operate SchemaReports:
- Cloud Hosting: Servers for data storage and processing
- Stripe: Payment processing (they only receive payment data necessary for transactions)
- Email Services: Transactional email delivery
- Analytics: Aggregated usage analytics for service improvement
These providers are contractually bound to protect your data and use it only for the purposes we specify.
5.2 Legal Requirements
We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
5.4 With Your Consent
We may share information with third parties when you explicitly consent to such sharing.
6. Data Security
We implement robust security measures to protect your information:
- Encryption: All data transmitted to and from our servers uses TLS 1.3 encryption
- Secure Storage: Data is stored on encrypted servers with access controls
- Access Controls: Employee access to user data is limited and logged
- OAuth Security: Google authentication uses industry-standard OAuth 2.0
- Token Security: OAuth tokens are encrypted at rest and never exposed to client applications
- Regular Audits: We conduct regular security assessments
While we strive to protect your information, no method of transmission over the internet is 100% secure. You use the Service at your own risk.
7. Cookies and Tracking
7.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security | Session / 7 days |
| Functional | Remember preferences, settings | 1 year |
| Analytics | Understand how users interact with the Service | 2 years |
7.2 Managing Cookies
Most browsers allow you to control cookies through settings. Note that disabling essential cookies may prevent you from using certain features of the Service.
8. Data Retention
We retain your information as follows:
- Account Data: Retained while your account is active, plus 30 days after deletion request
- Audit Reports: Retained for 2 years or until you delete them
- Google API Data: Cached for up to 24 hours for dashboard display; historical data retained as long as your account is active
- Billing Records: Retained for 7 years as required by financial regulations
- Anonymized Analytics: May be retained indefinitely
9. Your Rights
9.1 All Users
You have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and data
- Data Portability: Request your data in a machine-readable format
- Opt-Out: Unsubscribe from marketing communications
- Revoke Consent: Disconnect Google services at any time
9.2 California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to know whether personal information is sold or disclosed
- Right to say no to the sale of personal information (we do not sell)
- Right to equal service and price
9.3 European Users (GDPR)
If you are in the European Economic Area, you have rights under GDPR including:
- Right to access, rectify, or erase your data
- Right to restrict or object to processing
- Right to data portability
- Right to lodge a complaint with a supervisory authority
Our legal basis for processing your data includes: contract performance, legitimate interests, consent, and legal obligations.
9.4 Exercising Your Rights
To exercise any of these rights, contact us at privacy@schemareports.com. We will respond within 30 days.
10. Children's Privacy
SchemaReports is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. International Data Transfers
Your information may be transferred to and processed in the United States, where our servers are located. If you are accessing SchemaReports from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.
For European users, we ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.
12. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page
- Updating the "Last Updated" date
- Sending an email notification for significant changes
Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
ZolukoWeb Digital LLC
Email: privacy@schemareports.com
Legal Inquiries: legal@schemareports.com
Website: schemareports.com