Last updated: January 17, 2025

Privacy Policy

At LostLogic, we take your privacy seriously. This policy explains what data we collect, why we collect it, how we use it, and your rights under GDPR and other privacy regulations.

1. Information We Collect

We collect only the minimum data necessary to provide LostLogic's services.

1.1 Information You Provide Directly

When you sign up for our waitlist or create an account, we collect:

  • Email address
  • Company name
  • Number of Search Console properties (for pricing calculations)

When you use LostLogic, we collect:

  • Google Search Console property URLs you connect
  • User permission data from those properties (who has access, at what permission level)
  • Actions you take within LostLogic (audit trail for security purposes)

1.2 Information We Receive from Google

When you authenticate LostLogic with your Google account:

  • Your Google account email address
  • List of Search Console properties associated with your Google account
  • User permission metadata for those properties (usernames, permission levels, dates added)
We do NOT collect:
  • Search queries or keywords from Search Console
  • Click-through rates, impressions, or performance data
  • Any website content or analytics data
  • Google Analytics, Ads, or Tag Manager data
  • Personal data beyond what's listed above

1.3 Automatically Collected Information

When you visit our website, we may collect:

  • IP address (anonymized where possible)
  • Browser type and version
  • Device information
  • Pages visited and time spent on site
  • Referral source (how you found us)

This data is collected via cookies and similar technologies (see Section 7).

1.4 "Poke" Contact Form

When you use our "Poke" contact form, we collect:

  • Your email address
  • The page you submitted from (for context)
  • Timestamp of submission

We use this information solely to respond to your inquiry. We do not add you to marketing lists or share your email with third parties. Your email is deleted within 30 days after we respond, unless you explicitly request ongoing communication.

2. How We Use Your Information

We use your data solely to provide and improve LostLogic's services:

2.1 Service Delivery

  • Authenticate your access to LostLogic
  • Display your Search Console properties and user permissions
  • Execute bulk user management actions on your behalf
  • Send alerts about rogue owners or suspicious activity
  • Generate audit reports and compliance documentation

2.2 Communication

  • Send waitlist updates and onboarding information
  • Respond to your support requests
  • Notify you of service changes or maintenance
  • Send important security alerts

2.3 Product Improvement

  • Analyze usage patterns to improve features
  • Identify and fix bugs
  • Develop new functionality based on user needs

2.4 Legal Compliance

  • Comply with legal obligations (e.g., tax reporting, law enforcement requests)
  • Enforce our Terms of Service
  • Protect against fraud and abuse
We will NEVER:
  • Sell your data to third parties
  • Use your Search Console data for advertising
  • Share your data with competitors
  • Train AI models on your proprietary data

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your data under these legal bases:

3.1 Contract Performance (GDPR Article 6(1)(b))

Processing necessary to provide LostLogic's services as per our agreement with you.

Examples: Authenticating your account, managing GSC permissions

3.2 Legitimate Interests (GDPR Article 6(1)(f))

Processing necessary for our legitimate business interests, balanced against your rights.

Examples: Fraud prevention, service improvement, security monitoring

3.3 Legal Obligation (GDPR Article 6(1)(c))

Processing required to comply with legal requirements.

Examples: Tax reporting, law enforcement requests

3.4 Consent (GDPR Article 6(1)(a))

For non-essential processing like marketing emails, we ask for your explicit consent. You can withdraw consent anytime by clicking "unsubscribe" in any marketing email.

4. Data Storage and Security

4.1 Where We Store Your Data

All data is stored in AWS (Amazon Web Services) data centers located in the European Union (eu-north-1 / Stockholm region). We do not transfer data outside the EU except as described in Section 9.

4.2 Security Measures

We implement industry-standard security practices:

Technical Safeguards:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (AES-256)
  • Secure OAuth 2.0 authentication
  • Automated vulnerability scanning

Organizational Safeguards:

  • Access controls (role-based access within our team)
  • Audit logging of all data access
  • Employee security training
  • Incident response procedures

While we implement strong security measures, no system is 100% secure. If a data breach occurs, we will notify affected users within 24 hours and comply with all GDPR breach notification requirements (Article 33).

5. Data Retention

We retain your data only as long as necessary:

5.1 Active Accounts

  • Account data: Retained while your account is active
  • Audit logs: Retained for 2 years (for compliance and security purposes)
  • Support communications: Retained for 3 years

5.2 After Account Cancellation

  • All property and permission data: Deleted within 30 days
  • Account credentials: Deleted within 30 days
  • Billing records: Retained for 7 years (legal requirement for tax purposes)
  • Anonymized usage analytics: May be retained indefinitely

5.3 Waitlist Data

If you join our waitlist but never create an account:

  • Contact information: Retained for 1 year, then deleted
  • You can request immediate deletion anytime (see Section 6)

GDPR Compliance: Our retention practices support GDPR Article 5 (storage limitation) requirements: we don't process data longer than necessary by removing stale access and deleting data promptly after account cancellation.

6. Your Privacy Rights

Under GDPR and other privacy laws, you have the following rights:

6.1 Right to Access (GDPR Article 15)

Request a copy of all personal data we hold about you.

Response time: Within 30 days

6.2 Right to Rectification (GDPR Article 16)

Correct inaccurate or incomplete data. You can update most information directly in your account settings.

6.3 Right to Erasure / "Right to be Forgotten" (GDPR Article 17)

Request deletion of your data.

Note: We may retain some data for legal compliance (e.g., billing records for tax purposes).

6.4 Right to Data Portability (GDPR Article 20)

Receive your data in a structured, machine-readable format (JSON or CSV).

6.5 Right to Restrict Processing (GDPR Article 18)

Limit how we use your data while we verify accuracy or investigate a complaint.

6.6 Right to Object (GDPR Article 21)

Object to processing based on legitimate interests. We will stop processing unless we have compelling legal grounds.

6.7 Right to Withdraw Consent

Withdraw consent for marketing emails or optional features anytime.

6.8 Right to Lodge a Complaint

If you believe we've violated your privacy rights, you can complain to your local data protection authority:

  • EU/EEA: Your national supervisory authority (list at edpb.europa.eu)
  • UK: Information Commissioner's Office (ico.org.uk)
  • Sweden: Integritetsskyddsmyndigheten (IMY) at imy.se

To exercise any of these rights, contact us at: privacy@lostlogic.io
We will respond within 30 days.

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device by your browser. We use cookies to:

  • Remember your login session
  • Analyze website traffic and usage patterns
  • Improve user experience

7.2 Types of Cookies We Use

Essential Cookies (Required):

  • Session authentication (keeps you logged in)
  • Security tokens (prevents CSRF attacks)

These cannot be disabled without breaking core functionality.

Analytics Cookies (Optional):

  • Google Analytics 4 (anonymized IP addresses)
  • Tracks: Pages viewed, time on site, user flows
  • Purpose: Understand how people use our site to improve it

Marketing Cookies (Optional):

Currently none. If we add marketing pixels in the future, we'll ask for explicit consent.

7.3 Your Cookie Choices

You can manage cookie preferences:

  • Via our cookie consent banner (first visit)
  • In your browser settings (disable all cookies)
  • Using privacy tools like uBlock Origin or Privacy Badger
  • By invoking the cookie consent banner - by clicking a link in the footer

Note: Disabling essential cookies will prevent you from using LostLogic.

8. Third-Party Services We Use

We share limited data with these trusted service providers:

8.1 Google (OAuth Authentication)

Purpose: Authenticate your access to Search Console

Data shared: Your Google account email, GSC property list

Privacy policy: policies.google.com/privacy

8.2 Amazon Web Services (AWS)

Purpose: Hosting and data storage

Data shared: All data stored in LostLogic

Location: EU data centers (eu-north-1 / Stockholm)

Privacy policy: aws.amazon.com/privacy

8.3 Email Service Provider

Purpose: Send transactional emails (alerts, account notifications)

Data shared: Your email address

Provider: MailerSend or AWS SES

8.4 Analytics (Google Analytics 4)

Purpose: Website traffic analysis

Data shared: Anonymized IP address, pages visited, browser info

Privacy policy: policies.google.com/privacy

Opt-out: tools.google.com/dlpage/gaoptout

All third-party providers are contractually required to comply with GDPR and protect your data.

9. International Data Transfers

9.1 Primary Storage Location

All data is stored in AWS EU data centers (Stockholm). We do not routinely transfer data outside the EU/EEA.

9.2 Limited Exceptions

In rare cases, data may be accessed from outside the EU:

  • Customer support (if you contact us and our team member is traveling)
  • Emergency incident response
  • Legal compliance (e.g., valid law enforcement request)

When transfers occur, we use GDPR-approved safeguards:

  • Standard Contractual Clauses (SCCs)
  • Encryption in transit
  • Minimization of data transferred

9.3 US-Based Service Providers

Some providers (AWS, Google) are US companies subject to the EU-US Data Privacy Framework. We verify compliance before using any US provider.

10. Children's Privacy

LostLogic is not intended for children under 16 (or under 13 in the US). We do not knowingly collect data from children.

If you believe we've inadvertently collected data from a child, contact us immediately at privacy@lostlogic.io and we will delete it within 48 hours.

11. Changes to This Privacy Policy

We may update this policy to reflect:

  • New features or services
  • Changes in legal requirements
  • User feedback

When we make material changes:

  • We'll update the "Last updated" date at the top
  • We'll notify active users via email
  • For significant changes, we'll ask for renewed consent where required

Previous versions of this policy are available on request.

12. Contact Information

For privacy-related questions, data requests, or complaints:

Privacy Inquiries:
Email: privacy@lostlogic.io
Response time: Within 30 days (usually faster)

Supervisory Authority (Sweden):
Integritetsskyddsmyndigheten (IMY)
Website: imy.se
Email: imy@imy.se