Privacy Policy
Last updated: January 1, 2025
Heaats ("we", "our", "us") is committed to protecting the privacy of users of its SEO monitoring service. This privacy policy explains how we collect, use, and protect your personal data.
1. Data Controller
The data controller for personal data is:
Heaats SAS
For any questions regarding your personal data, you can contact us at the address above.
2. Data Collected
We collect the following categories of data:
Identification data: name, surname, professional email address.
Connection data: IP address, browser type, pages visited, date and time of connection.
Billing data: for paying customers, information necessary for billing (processed by our payment provider Stripe).
Technical data: URLs of your monitored websites, SEO metrics collected during analyses.
3. Processing Purposes
Your data is processed to:
- Provide and improve our SEO monitoring service
- Manage your user account
- Send you SEO alerts and reports
- Process your payments
- Respond to your support requests
- Inform you of service updates (with your consent)
- Comply with our legal obligations
- Inform you of service updates (with your consent)
- Respond to your support requests
- Process your payments
- Send you SEO alerts and reports
4. Legal Basis
The processing of your data is based on:
- Contract performance: to provide our monitoring service
- Your consent: for sending marketing communications
- Our legitimate interest: to improve our services and ensure security
- Our legal obligations: for billing and accounting
- Our legitimate interest: to improve our services and ensure security
5. Retention Period
Your data is retained:
- Account data: for the duration of your subscription + 3 years
- Billing data: 10 years (legal obligation)
- Connection data: 1 year
- Monitoring data: duration of your subscription
- Connection data: 1 year
6. Your Rights
In accordance with GDPR, you have the following rights:
- Right of access: obtain a copy of your data
- Right to rectification: correct inaccurate data
- Right to erasure: request deletion of your data
- Right to restriction: limit the processing of your data
- Right to portability: receive your data in a structured format
- Right to object: object to the processing of your data
To exercise these rights: privacy@heaats.com
- Right to object: object to the processing of your data
- Right to portability: receive your data in a structured format
- Right to restriction: limit the processing of your data
- Right to erasure: request deletion of your data
8. Data Transfers
Your data is hosted in France (OVH). Some subcontractors may be located outside the EU:
- Stripe (payments): Privacy Shield certified, standard contractual clauses
- Resend (emails): standard contractual clauses
We ensure these transfers meet the level of protection required by GDPR.
9. Security
We implement technical and organizational measures to protect your data:
- Encryption of data in transit (TLS) and at rest
- Restricted access to personal data
- Security monitoring and alerts
- Regular backups
- Periodic security testing
- Regular backups
- Security monitoring and alerts
10. Contact and Complaints
For any questions about this policy or to exercise your rights:
Email: privacy@heaats.com
You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): www.cnil.fr