Legal

Privacy Notice

Last updated: April 2026

1. Who we are

Searchlight is an independent web-based SEO toolset, operated as an independent digital service based in the United Kingdom.

Data controller contact: rameez.majeed@eatechnology.com

This notice explains what personal data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

2. What data we collect

We collect and process the following personal data:

  • Google account email address — collected via Google OAuth when you sign in. Used to identify your account.
  • Google Search Console data — read-only access to your own GSC property. This data is fetched on demand and processed in-session only. It is never stored on our servers.
  • PayPal transaction data — your PayPal email address and subscription ID, received when you subscribe. Used to confirm and manage your subscription status.
  • Subscription status — your email address and subscription status are retained in our system to control access to the service.

We do not collect names, addresses, phone numbers, or any financial card data. We do not use analytics tools and do not track your behaviour within the application.

3. Legal basis for processing

  • Performance of a contract (Article 6(1)(b) UK GDPR) — processing your email and subscription data is necessary to provide the service you have subscribed to.
  • Legitimate interests (Article 6(1)(f) UK GDPR) — preventing fraud, ensuring service security, and maintaining accurate subscription records. These interests do not override your rights and freedoms.

4. How we use your data

We use your data only for the following purposes:

  • Authenticating you when you sign in via Google OAuth
  • Verifying your subscription status to grant access to the tools
  • Communicating with you about your subscription if necessary

We do not use your data for marketing, profiling, automated decision-making, or any purpose other than operating the service. We do not sell, rent, or share your personal data with third parties for their own commercial purposes.

5. Data retention

We retain your account email address and subscription status for as long as your subscription is active, plus 30 days after cancellation (to handle any disputes or refund requests). After that period, your data is deleted from our systems.

Google Search Console data is never stored on our servers. It is fetched directly from the Google Search Console API on demand, processed in real-time within your session, and discarded immediately. We have no persistent copy of your GSC data.

6. Your rights under UK GDPR

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your data where there is no compelling reason to continue processing.
  • Right to restriction — request that we limit how we use your data in certain circumstances.
  • Right to data portability — request a copy of your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.

To exercise any of these rights, contact us at rameez.majeed@eatechnology.com. We will respond within one month.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint

7. Cookies

We use only strictly necessary session cookies for authentication. These cookies are essential for the service to function and do not require your consent under PECR (Privacy and Electronic Communications Regulations 2003).

We do not use analytics, advertising, or any third-party tracking cookies. For full details, see our Cookie Notice.

8. Third-party services

We use the following third-party services, each with their own privacy policies:

  • Google LLC— provides OAuth 2.0 authentication and the Search Console API. Subject to Google's privacy policy: policies.google.com/privacy
  • PayPal (Europe) S.à r.l.— processes subscription payments. We pass only what PayPal requires to complete the transaction. Subject to PayPal's privacy policy: paypal.com/uk/legalhub/privacy-full

We do not share your personal data with any other third parties.

9. Security

We take appropriate technical measures to protect your data:

  • Authentication is handled entirely via Google OAuth 2.0 — we never see or store your Google password.
  • All connections are encrypted in transit via HTTPS/TLS.
  • We request only read-only access to your Google Search Console data; we cannot modify your GSC property.
  • Payments are processed entirely by PayPal, which is PCI DSS compliant. We do not handle or store payment card data.

10. Changes to this notice

We may update this Privacy Notice from time to time. Where changes are material, we will notify you by email before they take effect. Continued use of the service after that date constitutes acceptance of the updated notice. This notice was last updated in April 2026.

11. Contact & complaints

For any questions about this notice or to exercise your rights, contact us at: rameez.majeed@eatechnology.com

If you believe we have not handled your data correctly, you have the right to complain to the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113.