ludeseo.
PricingLog in
Legal

Privacy Policy

Last updated 7 July 2026

This policy explains what data LudeSEO (seo.ludehq.com, operated by LudeHQ, Larnaca, Cyprus) collects, why, and the choices you have. We aim to collect as little as possible: the product analyzes websites, not people.

1. What we collect

  • Audit data. The URLs you submit and the resulting reports (page content findings, scores, issues). Reports are stored so links keep working and history can be tracked.
  • Account data. If you create an account: your email address, a hashed password (never the password itself), or your name, email and avatar from Google if you sign in with Google.
  • Operational data. IP addresses for rate limiting and abuse prevention, and standard server logs kept briefly for reliability and security.
  • Monitoring settings. If you enable alerts, the sites you monitor and, optionally, a Telegram chat id you provide.

We do not run advertising trackers, we do not sell data, and we do not profile you.

2. Cookies

We use one strictly necessary cookie: your session, if you log in. A local storage key remembers your light or dark theme. That is the full list; there is no cookie banner because there is nothing to opt out of.

3. How we use data

  • to generate and store the reports you request;
  • to run scheduled monitors and send the alerts you configured;
  • to secure the service (rate limiting, abuse prevention);
  • to improve the checks, using aggregate, non personal statistics.

Legal bases under the GDPR: performance of a contract (providing the service you asked for), legitimate interest (security, improvement), and consent where required.

4. Third party processors

  • Google PageSpeed Insights receives audited URLs to measure performance.
  • AI model providers (via OpenRouter) receive audit findings and page metadata to generate summaries and suggestions, only when you use an AI feature.
  • Google OAuth handles sign in with Google; we receive your basic profile (name, email) and never your Google password.
  • Telegram receives alert messages if you provide a chat id.
  • Stripe will process payments when billing launches; card details go to Stripe directly and never touch our servers.

Hosting is on our own infrastructure in the European Union.

5. Retention

Reports are kept so shareable links and score history keep working. Rate limiting records expire within hours. Server logs rotate within days. If you delete your account we delete your account record, projects, monitors and alerts; anonymous reports may persist since they are not linked to you.

6. Your rights

Under the GDPR you can request access to, correction of, export of, or deletion of your personal data, and you can object to processing. Email contact@ludehq.com and we will respond within 30 days. You also have the right to complain to your data protection authority; ours is the Office of the Commissioner for Personal Data Protection of Cyprus.

7. Site owners

If someone audited your website with LudeSEO and you would like it excluded from future audits, email us and we will block it. Our crawler already respects robots.txt.

8. Changes

We will update this policy as the product evolves and reflect changes in the date above. Material changes will be announced on the site.

See also the Terms of Service.