Privacy Policy

Last updated: 26 May 2026 · Effective date: 18 May 2026

1. Who we are

AlphaSERP Tools is operated by Mattias Hagman, trading as AlphaSERP, an independent SEO consultancy based in Malta. References to “we”, “us”, or “our” in this policy refer to Mattias Hagman / AlphaSERP.

Contact: contact@alphaserp.com · Malta, European Union

2. What data we collect and why

We collect only what is necessary to provide the service:

• Email address — required to create your account and send you login links. We do not collect passwords.
• Session token — a randomly generated token stored in a cookie to keep you logged in for up to 12 months. Contains no personal information.
• Usage data — counts of certain actions (content clusters generated, article drafts, AI tool calls) used to enforce fair usage limits. Stored against your user ID, not your email.
• Country preference — an optional setting you choose within the tool. Stored in your account.
• Last login timestamp — for active usage understanding and account security.
• Payment data — payment is handled entirely by Polar.sh. We receive confirmation of your subscription status and a customer reference ID. We never see or store your card details.
• URLs and content you analyse — processed server-side to return results. We do not store or log the URLs you analyse beyond what is needed to return the result to you.

3. Legal basis for processing (GDPR)

We are based in Malta and subject to EU GDPR. Our legal bases are:

• Contract performance — processing your email and session data is necessary to provide the service (Article 6(1)(b) GDPR).
• Legitimate interests — usage logging for fair use enforcement and security (Article 6(1)(f) GDPR).
• Consent — for non-essential cookies, obtained via our cookie consent banner (Article 6(1)(a) GDPR).

4. Cookies

We use two strictly necessary cookies: alphaserp_session (keeps you logged in, expires 12 months) and a cookie consent preference cookie. We do not use advertising cookies, tracking pixels, or analytics. See our Cookie Policy for full details.

5. Third-party services

• Brevo — sends magic link login emails. Privacy Policy
• Polar.sh — processes payments. Privacy Policy
• Anthropic — powers AI features. Content submitted for analysis may be processed by their API. Privacy Policy
• DataForSEO — provides keyword, ranking, and SERP data. Privacy Policy
• Cloudflare — CDN and network proxy. All traffic passes through Cloudflare. Privacy Policy
• Hetzner — VPS hosting provider where our servers are located. Privacy Policy

6. Data retention

• Account data — retained while your account is active. Deleted within 30 days of account deletion.
• Session tokens — expire after 12 months or on sign out.
• Usage logs — retained for 13 months then deleted.
• Payment records — retained for 7 years as required by EU accounting regulations.

7. Your rights under GDPR

As an EU/EEA resident you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw cookie consent at any time. To exercise any right, email contact@alphaserp.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information and Data Protection Commissioner (IDPC) of Malta.

8. Data security

We use HTTPS everywhere, HttpOnly and Secure cookies, hashed/random session tokens, and store no plaintext passwords or payment card data. In the event of a data breach we will notify you and the relevant supervisory authority as required by GDPR.

9. Children

AlphaSERP Tools is intended for professional use and is not directed at children under 16. If you believe a child has created an account, contact us and we will delete it.

10. Changes to this policy

Material changes will be notified by email or in-app notice. The “last updated” date at the top of this page always reflects the current version.

11. Contact

Questions about this policy: contact@alphaserp.com