SEOMaster

GDPR Compliance

Last updated: January 10, 2026

1. Introduction

SEO Master, operated by AtaForge Inc., is committed to complying with the General Data Protection Regulation (GDPR) and protecting the personal data of our users in the European Economic Area (EEA). This page explains how we comply with GDPR requirements and your rights under this regulation.

2. Data Controller

AtaForge Inc. acts as the data controller for personal data collected through SEO Master.

  • Company: AtaForge Inc.
  • Address: 1234 Technology Drive, Suite 500, San Francisco, CA 94105, USA
  • Data Protection Contact: dpo@seomaster.com

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

3.1 Contract Performance (Article 6(1)(b))

Processing necessary to provide our services, including:

  • Account creation and management
  • Service delivery and functionality
  • Payment processing
  • Customer support

3.2 Consent (Article 6(1)(a))

Processing based on your explicit consent:

  • Marketing communications
  • Non-essential cookies
  • Third-party integrations (e.g., Google Search Console)

3.3 Legitimate Interests (Article 6(1)(f))

Processing for our legitimate business interests:

  • Service improvement and analytics
  • Fraud prevention and security
  • Business communications

3.4 Legal Obligation (Article 6(1)(c))

Processing required by law:

  • Tax and accounting requirements
  • Legal proceedings
  • Regulatory compliance

4. Your Rights Under GDPR

As a data subject in the EEA, you have the following rights:

4.1 Right of Access (Article 15)

You can request a copy of your personal data we hold and information about how we process it.

4.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

4.3 Right to Erasure (Article 17)

You can request deletion of your personal data under certain circumstances ("right to be forgotten").

4.4 Right to Restriction (Article 18)

You can request limitation of processing in certain situations.

4.5 Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format.

4.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

4.7 Right to Withdraw Consent

You can withdraw consent at any time without affecting prior processing.

4.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

  • Email our Data Protection Officer at dpo@seomaster.com
  • Use the data management options in your account settings
  • Submit a request through our contact form

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

6. International Data Transfers

As a US-based company, we may transfer data outside the EEA. We protect such transfers through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all sub-processors
  • Technical and organizational security measures

7. Data Processing Agreements

We have Data Processing Agreements (DPAs) with all our sub-processors, including:

  • Cloud hosting providers (Railway)
  • Payment processors (Stripe)
  • AI service providers (OpenAI)
  • Email service providers
  • Analytics providers

8. Data Retention

We retain personal data only as long as necessary:

  • Active accounts: For the duration of the account
  • Closed accounts: Up to 90 days for recovery purposes
  • Financial records: As required by law (typically 7 years)
  • Analytics data: Up to 26 months (anonymized)

9. Data Security Measures

We implement appropriate technical and organizational measures:

  • Encryption of data in transit (TLS 1.3) and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours
  • We will notify affected users without undue delay if there is a high risk
  • We maintain records of all data breaches

11. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms.

12. Contact Our Data Protection Officer

For any GDPR-related inquiries or to exercise your rights:

  • Email: dpo@seomaster.com
  • Mail: Data Protection Officer, AtaForge Inc., 1234 Technology Drive, Suite 500, San Francisco, CA 94105, USA

13. Supervisory Authority

If you are located in the EEA, you have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities can be found at: European Data Protection Board