kyrosearch

Privacy Policy

Last updated: March 8, 2026

1. Introduction

KyroSearch ("we," "us," or "our") operates the kyrosearch.com website and application. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

2. Google API Services Disclosure

KyroSearch's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request read-only access to your Google Search Console and Google Analytics 4 data
  • We do not use your Google data for serving advertisements
  • We do not sell, rent, or share your Google data with third parties, except as necessary to provide and improve the Service
  • We do not use your Google data for any purpose other than providing and improving KyroSearch's SEO analytics features
  • Human access to your Google data is limited to situations where it is necessary for security purposes, to comply with applicable law, or to provide our Service — and only with your consent

3. Information We Collect

2.1 Account Information

When you sign in with Google, we receive your name, email address, and profile picture from your Google account. We do not receive or store your Google password.

2.2 Google Search Console & Analytics Data

We request read-only access to your Google Search Console and Google Analytics 4 data. This includes keyword rankings, impressions, clicks, click-through rates, page performance metrics, and traffic analytics. We never modify your Google Search Console or Analytics configuration.

2.3 OAuth Tokens

We store OAuth access tokens and refresh tokens to maintain your connection to Google services. These tokens are encrypted at rest using AES-256-GCM encryption and are only decrypted when making authorized API requests on your behalf.

2.4 Usage Data

We collect standard server logs including IP addresses, browser user-agent strings, and timestamps for security monitoring and abuse prevention.

4. How We Use Your Information

  • To provide SEO analytics, keyword analysis, cannibalization detection, content pruning recommendations, and performance trend reports
  • To cache analysis results for faster page loads (cached data expires after 24 hours)
  • To authenticate you and maintain your session
  • To send transactional emails related to your account (e.g., reports, alerts)
  • To monitor and prevent abuse of the service

5. Data Storage & Security

  • Database: Your account data is stored in a PostgreSQL database with Row Level Security (RLS), ensuring users can only access their own data.
  • Token encryption: OAuth tokens are encrypted at rest using AES-256-GCM with unique initialization vectors.
  • Transport security: All connections use HTTPS with HTTP Strict Transport Security (HSTS) enabled.
  • Cache: Temporary analysis results are stored in Redis with automatic expiration. In-memory caches are used for performance and are cleared on server restarts.
  • Audit logging: Security-relevant events (login, token refresh, data export) are logged for monitoring.

6. Data Retention

Cached analysis results expire automatically after 24 hours. Content pruning results expire after their configured retention period. Your account data and encrypted tokens are retained as long as your account is active. You can clear your cached data at any time from the Settings page.

7. Data Sharing & No Selling

We do not sell, rent, trade, or otherwise share your personal information or Google data with third parties for their marketing or advertising purposes. We do not use your data to serve advertisements.

We only share data with the third-party service providers listed in Section 8, strictly for the purpose of operating the Service. These providers are contractually obligated to handle your data securely and only as directed by us.

8. Third-Party Services

We use the following third-party services to operate KyroSearch:

  • Supabase — Database hosting and authentication
  • Vercel — Application hosting and deployment
  • Upstash — Redis caching and background job processing
  • Resend — Transactional email delivery
  • Sentry — Error monitoring (only active when configured; no personal data is sent)
  • Google APIs — Search Console and Analytics data retrieval (read-only)

9. Your Rights

You have the right to:

  • Access your data — view what we store about you in Settings
  • Delete your cached data at any time from the Settings page
  • Revoke access — disconnect KyroSearch from your Google account at any time by visiting Google Account Permissions
  • Request account deletion — contact us at hello@kyrosearch.com to have your account and all associated data permanently deleted
  • Data portability — request a copy of the data we hold about you in a machine-readable format

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with a supervisory authority. If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to opt out of the sale of personal information (we do not sell personal information).

Upon account deletion, we will permanently remove your account data, encrypted OAuth tokens, and all cached analysis results. This process is completed within 30 days of your request.

10. International Data Transfers

Your data may be processed and stored in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these locations. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Cookies

KyroSearch uses essential cookies for authentication and session management. These are strictly necessary for the service to function and cannot be disabled. We do not use advertising or tracking cookies.

12. Children's Privacy

KyroSearch is not intended for use by children under 16. We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy or your data, contact us at hello@kyrosearch.com.