Privacy Policy
Last updated: 18 May 2026
This Privacy Policy explains how we collect, use, store, and protect your personal data when you use BEsERP (the “Service”) at beserp.com, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are (data controller)
The data controller for personal data processed through the Service is [LEGAL ENTITY NAME], a company registered in England & Wales (company number [COMPANY NUMBER]), registered office [REGISTERED ADDRESS]. We are registered with the Information Commissioner's Office (ICO) under registration number [ICO REGISTRATION NUMBER].
For any privacy questions or to exercise your rights, contact us at [PRIVACY CONTACT EMAIL].
2. What data we collect
- Account data: your name, email address, and a securely hashed password (we never store your password in plain text).
- Verification data: short-lived one-time codes (stored hashed) and the timestamp your email was verified.
- Consent records: whether and when you accepted our Terms and Privacy Policy, your marketing-email preference, and the IP address used at sign-up (proof of consent).
- Demo requests: name, work email, company, team size, and any message you submit when requesting a demo.
- Billing data: if you subscribe, your payments are handled by Stripe; we store your Stripe customer ID and subscription status, not your card details.
- Content you provide: keyword exports, URLs, and other SEO data you import or analyse using the tools.
- Technical & usage data: log data, device/browser information, and (with your consent) analytics about how you use the site.
3. Our lawful bases for processing
| Purpose | Lawful basis |
|---|---|
| Creating and running your account; providing the Service | Performance of a contract |
| Verifying your email address; account security | Legitimate interests (fraud/abuse prevention) and contract |
| Processing payments and managing subscriptions | Performance of a contract |
| Responding to demo requests and sales enquiries | Legitimate interests (responding to your request) |
| Sending marketing emails | Consent (you can withdraw at any time) |
| Analytics and product improvement | Consent (via the cookie banner) |
| Meeting legal and accounting obligations | Legal obligation |
4. Sub-processors and international transfers
We use trusted third parties to deliver the Service. Each processes personal data only on our instructions and under appropriate safeguards. Where data is transferred outside the UK, we rely on UK adequacy regulations or the International Data Transfer Agreement (IDTA) / Standard Contractual Clauses.
| Provider | Purpose |
|---|---|
| Vercel | Application hosting and content delivery |
| Neon | Database hosting (account & usage data) |
| Stripe | Payment processing and subscription billing |
| Resend | Transactional and verification emails |
| Anthropic | AI analysis of the content you submit to the tools |
| Firecrawl | Web page crawling for audits and link analysis |
| SE Ranking / DataForSEO | Keyword and SERP data providers |
| Optional sign-in (Google OAuth) and Search Console import |
5. How long we keep your data
We keep account data for as long as your account is active and for a reasonable period afterwards to meet legal, accounting, and dispute obligations. Verification codes expire within 15 minutes and are deleted or invalidated after use. Demo-request data is retained for up to 24 months unless you ask us to delete it sooner. You can request deletion of your account and associated personal data at any time.
6. Your rights
Under UK GDPR you have the right to:
- access a copy of the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased (“right to be forgotten”);
- restrict or object to processing;
- data portability;
- withdraw consent at any time (e.g. unsubscribe from marketing, or change your cookie choice);
- complain to the ICO at ico.org.uk if you believe we have mishandled your data.
To exercise any of these rights, email [PRIVACY CONTACT EMAIL]. We will respond within one month.
7. Cookies
We use essential cookies to run the site and keep you signed in — these don't require consent. With your consent we also use analytics cookies to understand how the site is used. You can accept or reject non-essential cookies via the banner shown on your first visit, and change your choice at any time by clearing the cookie or contacting us. Essential cookies include your authentication session and your cookie-consent preference.
8. Data security
Passwords are hashed with bcrypt, verification codes are stored hashed, and all traffic is encrypted in transit (HTTPS/TLS). Access to personal data is restricted to what is necessary to operate the Service.
9. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above and, where appropriate, notified to you by email.
10. Contact
Questions about this policy or your data? Contact [PRIVACY CONTACT EMAIL] or write to us at [REGISTERED ADDRESS].