Skip to main content

Privacy Policy

Last updated: 26 May 2026

This Privacy Policy describes how Dynamic SEO ('we', 'us') processes personal data when you visit dynamicseo.com, sign up for the waitlist, contact us, or use the product. We are committed to the principles of the EU General Data Protection Regulation (GDPR) and to handling your data fairly and transparently.

Who we are

Dynamic SEO is the brand under which we provide a search infrastructure platform. The data controller is the legal entity operating the service. For all data-protection enquiries, reach us at hello@dynamicseo.com.

What data we collect

We collect personal data in the following situations:

  • Waitlist signups: your email address (required) and any optional fields you choose to provide. Stored in our database to contact you about beta access.
  • Contact form: name, email address, optional company name, subject, and the message you write. Used to respond to your enquiry.
  • Site usage: pages viewed, referrer, approximate location (country/region from IP), device and browser type, and aggregated interaction data. Collected via Google Analytics 4 only after you grant analytics consent.
  • Campaign attribution: conversion events tied to ad clicks. Collected via Google Ads only after you grant advertising consent.
  • Error reports: technical details (stack traces, browser version, current URL) when the site encounters a problem. Collected via Sentry on the basis of legitimate interest to keep the service running.
  • Session replay: a recording of your interaction with a page (mouse movements, clicks, DOM changes). Collected via Sentry only after you grant analytics consent. Form input values are masked; visible page text may be captured to help us debug user-facing issues. Replay stops immediately when you withdraw consent — events already queued for upload may still be transmitted.

Why we process your data

We process personal data only for purposes that are clearly explained, and only on a valid legal basis under Article 6 of the GDPR.

  • To provide the website and the product to you (legal basis: performance of a contract, or our legitimate interest in operating a public website).
  • To respond to your contact-form enquiries (legitimate interest in answering questions about our product).
  • To inform you about beta access, product launches, and the early-access programme you signed up for (consent).
  • To measure how the site is used so we can improve it (consent).
  • To measure the effectiveness of our marketing campaigns (consent).
  • To detect, prevent, and address technical issues, fraud, and abuse (legitimate interest).

Third-party processors

We rely on the following providers to deliver the service. Each acts as a data processor under our instructions and is bound by a data-processing agreement.

  • Supabase (database and authentication) — hosted in the EU.
  • Vercel (hosting and content delivery) — US-based, served via global edge network. International transfers governed by Standard Contractual Clauses.
  • Resend (transactional email delivery for contact-form and waitlist communications) — US-based, SCCs apply.
  • Google (Tag Manager, Analytics 4, Ads) — US-based, SCCs apply. Loaded only after relevant consent.
  • PostHog Inc. (product analytics — page views, interactions, funnels) — events ingested via the EU instance, hosted in Frankfurt. Routed through our domain as first-party requests.
  • Functional Software Inc. (Sentry — error monitoring and session replay) — US-based, SCCs apply.
  • Cloudflare (edge network and DDoS protection) — US-based with EU presence, SCCs apply.

How long we keep your data

We retain personal data only for as long as necessary for the purposes set out above. Waitlist emails are kept until you ask us to delete them or the programme ends. Contact-form submissions are kept in our inbox for up to two years for follow-up. Analytics data is retained for 14 months (GA4 default). Error logs and session replays are retained for 90 days. Consent records are kept for as long as we have the corresponding processing relationship plus statutory limitation periods.

Your rights

Under the GDPR you have the following rights regarding personal data we hold about you:

  • Access — request a copy of your data.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data, subject to legal retention requirements.
  • Restriction — ask us to limit how we process your data.
  • Portability — ask for your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — opt out of analytics or advertising at any time via the 'Cookie settings' link in the footer.
  • Lodge a complaint with a supervisory authority (in Sweden: Integritetsskyddsmyndigheten, imy.se).

To exercise any of these rights, email hello@dynamicseo.com. We respond within 30 days.

International data transfers

Some of our providers process data outside the EU/EEA, primarily in the United States. Where this happens, the transfer is governed by the European Commission's Standard Contractual Clauses (Decision 2021/914) and, where applicable, by additional safeguards in line with the European Data Protection Board's recommendations.

Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit (TLS), encryption at rest for stored data, role-based access controls, row-level security in our database, and continuous monitoring for suspicious activity.

Changes to this policy

We may update this Privacy Policy to reflect changes to our service or legal obligations. We will communicate material changes via the website. The 'Last updated' date at the top of this page reflects the most recent revision.

Contact

For all privacy-related enquiries — including exercising your rights — email hello@dynamicseo.com.