Privacy Policy
Last updated: January 26, 2025
SearchLights is a client‑side only application. All requests to the Google Search Console API are made directly from your browser using the OAuth token stored in a session cookie. No Search Console data (queries, clicks, impressions, etc.) is permanently stored on our servers or in any database.
Google User Data Access
SearchLights accesses the following Google user data through the Google Search Console API:
- Search Analytics Data: Search queries, clicks, impressions, click-through rates (CTR), and average position for your verified websites
- Site List: The list of websites you have verified in your Google Search Console account
- User Profile Information: Your email address and basic profile information (name, profile picture) for authentication purposes only
How We Use Your Data
SearchLights uses the Google user data exclusively to:
- Display Analytics: Show your Search Console performance data in our dashboard interface
- Generate Insights: Analyze your data to identify SEO opportunities, keyword cannibalization, content decay, and rising queries
- Export Reports: Allow you to download your data in CSV or Excel format for your own use
- AI Analysis (optional): If you provide your own API key, generate AI-powered recommendations based on your data
We do NOT:
- Sell, share, or transfer your data to third parties
- Use your data for advertising purposes
- Store your Search Console data permanently on our servers
- Access your data when you are not actively using the application
Data Storage and Retention
What We Store
- Session Data: Minimal authentication tokens required to maintain your login session, stored in secure HTTP-only cookies. This data is deleted when you sign out.
- User Preferences: Your dashboard settings and preferences are stored locally in your browser (localStorage) and never transmitted to our servers.
What We Do NOT Store
- Your Search Console queries, pages, clicks, or impressions data
- Historical analytics data
- Your Google password or OAuth refresh tokens
Temporary Performance Cache
To improve performance and reduce API calls, certain data may be temporarily cached:
- AI analysis responses: Cached on our servers for up to 1 hour, then automatically deleted
- Core Web Vitals data: Cached locally in your browser only
- URL metrics: Cached locally in your browser for faster subsequent loads
These caches are used solely to improve application performance and are not used for any other purpose.
Third-Party API Keys
SearchLights allows you to optionally provide your own API keys for enhanced features:
- Google CrUX API: For Core Web Vitals data
- Google Knowledge Graph API: For entity detection
- Google Gemini API: For AI-powered analysis
These API keys are stored encrypted in your browser's local storage and are never transmitted to our servers. All API calls using your keys are made directly from your browser.
Data Security
We implement industry-standard security measures to protect your data:
- All communications are encrypted using HTTPS/TLS
- OAuth 2.0 authentication with Google's secure infrastructure
- No permanent storage of sensitive user data
- Session tokens are stored in secure, HTTP-only cookies
Your Rights
You have the right to:
- Revoke Access: You can revoke SearchLights' access to your Google account at any time via Google Account Permissions
- Delete Local Data: Clear your browser's local storage to remove all locally stored preferences and cached data
- Sign Out: Sign out at any time to immediately end your session and clear session cookies
Analytics
We use Vercel Analytics to collect anonymous, aggregate usage statistics. This data does not include any personal information or Search Console data, and is used solely to improve the application.
Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date.
Contact Us
If you have any questions about this privacy policy or how we handle your data, please contact us at [Javascript required to view email].