PRIVACY POLICY

Mygom.tech, MB ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website mygomseo.com and use our SEO analysis services.

We act as the Data Controller for the personal data you provide to us directly (e.g., email address, account information) and as a Data Processor for the website data you submit for analysis.

This policy applies to all users of our Service, including visitors, free trial users, and paid subscribers. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

For clarity in this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
• "Data Controller" means the entity that determines the purposes and means of processing personal data (Mygom.tech, MB).
• "Data Processor" means an entity that processes data on behalf of the Data Controller.
• "Data Subject" means the individual whose personal data is being processed (you).
• "GDPR" means the General Data Protection Regulation (EU) 2016/679.
• "CCPA" means the California Consumer Privacy Act.
• "Service" means the Mygom SEO website and all related services.

We collect information in the following ways:

A. Information You Provide Directly

• Account Data: Email address, password (hashed), and account preferences when you register.
• Payment Data: Billing information processed through Stripe (we do not store full card numbers).
• Communication Data: Content of messages sent via contact forms, support requests, or emails.
• Content Data: URLs and website content you submit for SEO analysis.

B. Information Collected Automatically

• Usage Data: URLs scanned, reports generated, features used, and time spent on the site.
• Technical Data: IP address, browser type/version, device type, operating system, and screen resolution.
• Log Data: Server logs including access times, pages viewed, and referring URLs.
• Cookie Data: Information collected through cookies and similar technologies (see Cookie Policy section).

C. Information from Third Parties

• Payment Provider: Transaction status and billing information from Stripe.
• Analytics: Aggregated usage data from Google Analytics (with consent).

Under GDPR Article 6, we process your personal data based on the following legal grounds:

A. Contract Performance (Article 6(1)(b))

• Processing your email and account data to create and manage your account.
• Providing SEO audit reports and analysis you request.
• Processing payments for subscription services.
• Sending transactional emails (invoices, password resets, service notifications).

B. Legitimate Interests (Article 6(1)(f))

• Improving and optimizing our Service based on usage patterns.
• Preventing fraud, abuse, and security threats.
• Maintaining technical security and infrastructure stability.
• Business analytics and service improvement.
• Responding to support requests and inquiries.

C. Consent (Article 6(1)(a))

• Marketing communications and newsletters (you may withdraw consent at any time).
• Non-essential cookies and analytics tracking.
• Sharing testimonials or case studies with your permission.

D. Legal Obligation (Article 6(1)(c))

• Tax and accounting records retention as required by Lithuanian law.
• Responding to valid legal requests from authorities.
• Compliance with applicable data protection regulations.

We use the collected data for specific, legitimate business purposes:

• Service Provision: To generate and deliver SEO audit reports, content analysis, and recommendations to you.
• Account Management: To create, maintain, and secure your user account.
• Communication: To send your report results, respond to inquiries, and provide customer support.
• Billing: To process payments, send invoices, and manage subscriptions.
• Improvement: To analyze usage patterns and optimize our scanning algorithms and user experience.
• Security: To prevent abuse, automated bot attacks, fraud, and service disruption.
• Legal Compliance: To comply with applicable laws and respond to legal requests.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

We do not sell your personal data. We engage trusted third-party service providers to help us operate our Service, process payments, and provide infrastructure. These providers act as data processors under our instructions and are subject to strict confidentiality and data protection obligations.

Categories of Service Providers

We share data with the following categories of third parties:

• Cloud Infrastructure & Hosting Providers: To securely host our application, database, and backend services.
• Payment Processors: To securely manage billing, subscriptions, and financial transactions (we do not store full card numbers).
• Email Delivery Services: To send transactional notifications, password resets, and reports.
• Analytics Providers: To understand service usage and improve our platform (aggregated data).
• AI & LLM Providers: To generate content analysis, SEO recommendations, and automated insights.

All third-party providers are bound by Data Processing Agreements (DPAs) that require them to protect your data and process it only according to our instructions.

We may also disclose your information if required by law, court order, or to protect our rights, property, or safety.

As a company based in Lithuania (EU), we primarily store and process data within the European Economic Area (EEA). However, to provide our global service, we may engage service providers who process data in other jurisdictions, including the United States.

Transfer Safeguards

When transferring data outside the EEA, we ensure appropriate safeguards are in place to protect your privacy rights:

• Standard Contractual Clauses (SCCs): We use the European Commission's approved standard contractual clauses for data transfers.
• Adequacy Decisions: We rely on official adequacy decisions by the European Commission where applicable.
• Data Privacy Framework: Where applicable, we rely on the EU-U.S. Data Privacy Framework for transfers to certified U.S. organizations.

You may request further information about the specific mechanisms used for your data by contacting us at info@mygom.tech.

We use cookies and similar technologies to enhance your experience. For detailed information, see our Cookie Policy.

A. Types of Cookies We Use

• Essential Cookies: Required for core functionality (authentication, session management). Cannot be disabled.
• Analytics Cookies: Google Analytics to understand usage patterns. Require your consent.
• Preference Cookies: Remember your settings and preferences. Stored in localStorage.

B. Cookie Consent

• We display a cookie consent banner on your first visit.
• You can accept or decline non-essential cookies.
• Your preference is stored locally and respected across sessions.
• We implement Google Consent Mode v2 for GDPR compliance.

C. Managing Cookies

• You can clear cookies through your browser settings at any time.
• To change your consent preference, clear your browser's localStorage and refresh the page.
• Disabling essential cookies may prevent the Service from functioning properly.

D. Do Not Track

We currently do not respond to "Do Not Track" browser signals as there is no universal standard. However, you can control tracking through our cookie consent banner.

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Account Data: Retained while your account is active, plus 30 days after account deletion to allow for recovery.
• Scan Results & Reports: Retained while your account is active, deleted within 30 days of account termination.
• Payment Records: Retained for 7 years as required by Lithuanian tax law.
• Analytics Data: Aggregated and anonymized data retained indefinitely; identifiable data deleted after 26 months.
• Email Communications: Transactional emails retained for 2 years; marketing preferences retained until changed.
• Support Requests: Retained for 3 years after resolution for quality assurance.
• Server Logs: Retained for 90 days for security and troubleshooting purposes.

You may request deletion of your data at any time by contacting us. We will comply within 30 days, except where retention is required by law.

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

• All data transmitted via HTTPS/TLS encryption
• Database encryption at rest
• Secure password hashing (bcrypt)
• Regular security updates and patches
• Access controls and principle of least privilege
• Secure API authentication

Organizational Measures

• Limited access to personal data on a need-to-know basis
• Employee training on data protection
• Regular review of security practices
• Vendor security assessments
• Incident response procedures

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Lithuanian State Data Protection Inspectorate within 72 hours
• Notify affected users without undue delay if the breach poses a high risk
• Document all breaches and remediation steps

As a data subject in the European Economic Area, you have the following rights under GDPR:

• Right of Access (Article 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): Request deletion of your personal data ("Right to be Forgotten").
• Right to Restriction (Article 18): Request limitation of processing in certain circumstances.
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format (JSON or CSV).
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent.
• Right Not to be Subject to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing with legal effects.

To exercise these rights, contact us at info@mygom.tech. We will respond within 30 days. We may request verification of your identity before processing requests.

These rights are not absolute and may be subject to limitations under applicable law (e.g., legal obligations, legitimate interests).

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: Opt out of the "sale" of personal information. Note: We do not sell your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of Information Collected

• Identifiers: Email address, IP address, account ID
• Commercial Information: Subscription history, payment records
• Internet Activity: Browsing history, usage data, interactions with our Service
• Inferences: Usage patterns and preferences

No Sale of Personal Information

We do not sell your personal information to third parties as defined under CCPA. We share data with service providers only for operational purposes as described in this policy.

To exercise your CCPA rights, contact us at info@mygom.tech or use the contact information below.

The Service is not intended for individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly.

If you believe we have collected information from a child, please contact us immediately at info@mygom.tech.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

• Notification: For material changes, we will notify you via email or prominent notice on our website at least 30 days before the changes take effect.
• Effective Date: Changes are effective on the "Last Updated" date shown at the top of this policy.
• Review: We encourage you to review this policy periodically.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

For questions about this Privacy Policy or to exercise your data protection rights, contact us:

• Data Controller: Mygom.tech, MB
• Email: info@mygom.tech
• Address: Chemijos g. 27C-62, LT-51332 Kaunas, Lithuania

Right to Lodge a Complaint

If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with the supervisory authority:

• Authority: State Data Protection Inspectorate (Valstybine duomenu apsaugos inspekcija)
• Website: https://vdai.lrv.lt
• Address: L. Sapiegos g. 17, 10312 Vilnius, Lithuania
• Phone: +370 5 271 2804
• Email: ada@ada.lt

You may also lodge a complaint with the supervisory authority in your country of residence if you are located in the EU/EEA.