Your data is protected

Privacy Policy

Last updated: April 21, 2026  ·  Effective: April 21, 2026  ·  Platform: www.nitaq.io

Nitaq ("we", "us", or "our") operates the website www.nitaq.io and the Nitaq AI-powered SEO analysis platform. This Privacy Policy explains what personal data we collect, why we collect it, how it is used and protected, and whether it is shared with third parties. By using Nitaq, you agree to the practices described in this policy.

Contents
  1. Data We Collect
  2. How We Use Your Data
  3. Third-Party Services & Data Sharing
  4. How We Protect Your Data
  5. Google API & OAuth Integrations
  6. Data Retention
  7. Your Rights
  8. Cookies & Local Storage
  9. Children's Privacy
  10. Changes to This Policy
  11. Contact Us

1. Data We Collect

We collect data in two ways: information you provide directly, and data generated automatically when you use the platform.

Account data (provided by you):

  • Full name and email address when you register via email/password or Google OAuth.
  • Your subscription tier and account status. We do not store payment card details — billing is handled entirely by our payment processor.

Website data (provided by you during analysis):

  • The URLs you submit for SEO analysis.
  • The publicly accessible content of those URLs, fetched at analysis time for processing.

Google Search Console data (provided via your OAuth consent):

  • Google Search Console: Search performance data (clicks, impressions, queries, positions) for properties you explicitly authorise. Data is read-only and used only to display insights within Nitaq.

Keyword Planner data (processed using Nitaq's own platform credentials):

  • Google Ads Keyword Planner: When you use the Keyword Planner feature, the search term or topic you enter is sent to the Google Ads API using Nitaq's own server-side credentials — not your personal Google Ads account. We retrieve keyword ideas and search volume estimates only. No connection to any Google Ads account of yours is required or requested.

Usage & log data (collected automatically):

  • Server access logs: IP address, browser type, pages visited, timestamps.
  • Error logs for debugging and platform stability.
  • Cached analysis results stored temporarily to improve performance on repeat visits.

2. How We Use Your Data

We use the data we collect strictly to provide and improve the Nitaq platform:

  • To authenticate your account and maintain your session securely.
  • To perform SEO analysis on the URLs you submit and return results to you.
  • To display your Google Search Console data within your dashboard (only when you have explicitly authorised this).
  • To generate keyword ideas via the Google Ads Keyword Planner when you use the Keyword Planner feature. This is performed using Nitaq's own platform credentials — no Google Ads account connection from you is required.
  • To process website content through Google Gemini AI to generate SEO recommendations and insights.
  • To send transactional emails such as account verification and password reset messages. We do not send marketing emails without your explicit consent.
  • To debug errors and improve platform reliability and performance.

We do not use your data for advertising, user profiling, or any purpose unrelated to the SEO analysis services you have requested.

3. Third-Party Services & Data Sharing

We do not sell, rent, or trade your personal data to any third party. Data is shared only with the sub-processors necessary to operate the platform, and only to the extent required for that specific purpose:

  • Google Firebase / Firestore — User authentication and account data storage. Governed by Google's Privacy Policy.
  • Google OAuth 2.0 — Used for sign-in with Google and for the Search Console integration. We request only the minimum scopes necessary for the feature you activate.
  • Google Gemini API — The publicly accessible content of the URL you submit is sent to Google's Gemini API to generate AI-powered SEO recommendations. No personal user data is included in these requests. Governed by Google AI Terms of Service.
  • Google PageSpeed Insights API — The URL you submit is passed to Google's PageSpeed API to retrieve Core Web Vitals and performance metrics.
  • Google Search Console API — Used when you explicitly connect your GSC account. Data is read-only and displayed only to you within your dashboard.
  • Google Ads API — Used for the Keyword Planner feature via Nitaq's own platform credentials. The keyword or topic you search for is passed to the API to retrieve ideas and volume estimates. Your personal Google Ads account is never accessed or required.

We may disclose personal data if required by applicable law, court order, or to protect the legal rights and safety of Nitaq, our users, or the public.

4. How We Protect Your Data

  • Encryption in transit: All communication between your browser and our servers is encrypted via TLS (HTTPS). Unencrypted HTTP connections are redirected to HTTPS automatically.
  • Encryption at rest: User account data stored in Google Firestore is encrypted at rest by Google's infrastructure.
  • Access control: Production systems are accessible only to authorised Nitaq personnel, with access logged and reviewed regularly.
  • OAuth token security: Google OAuth tokens are stored securely and used only for the specific integration you activated. You can revoke access at any time from your Google Account Permissions.
  • No raw password storage: Passwords are managed exclusively by Google Firebase Authentication — we never store or have access to raw passwords.
  • Security headers: Every response enforces strict HTTP security headers including HSTS, Content Security Policy, X-Frame-Options, and Referrer-Policy.

5. Google API & OAuth Integrations

Nitaq's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only request Google OAuth scopes strictly necessary for the feature you are activating.
  • Data obtained from Google APIs is used exclusively to provide the in-platform features you requested — never for advertising, profiling, or sharing with third parties.
  • We do not allow humans to read Google user data unless you explicitly request support and share that data with us, it is necessary for security purposes, or it is required by applicable law.
  • You may revoke the Google Search Console integration at any time by visiting your Google Account Permissions and removing Nitaq's access. The Keyword Planner uses only Nitaq's own platform credentials and requires no action from you to disconnect.

6. Data Retention

  • Account data: Retained for as long as your account is active. Deleted within 30 days of a verified account deletion request.
  • Analysis cache: Cached SEO analysis results are stored temporarily (typically 24–48 hours) to improve performance, then automatically purged.
  • OAuth tokens: Stored only while you have an active integration. Deleted immediately upon disconnecting the integration or deleting your account.
  • Server logs: Retained for up to 90 days for debugging and security purposes, then automatically purged.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and all associated personal data.
  • Portability: Request your data in a structured, portable format.
  • Withdrawal of consent: Disconnect any Google integration at any time, immediately stopping further data collection from that integration.
  • Objection: Object to processing of your data in certain circumstances permitted by law.

To exercise any of these rights, contact us at support@nitaq.io. We will respond within 30 days.

8. Cookies & Local Storage

Nitaq uses a minimal set of cookies strictly necessary to operate the platform:

  • Session cookie: A secure, HTTP-only cookie used to keep you authenticated. Expires when your session ends or after an inactivity period.
  • CSRF token: A security token used to protect against cross-site request forgery attacks.
  • Language preference: A cookie storing your selected interface language (English or Arabic). Contains no personal data.

We do not use third-party advertising cookies or cross-site tracking technologies.

9. Children's Privacy

Nitaq is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at support@nitaq.io and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify registered users by email. Continued use of Nitaq after an updated policy is posted constitutes your acceptance of the revised terms.

11. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please reach out: