• Account data — your name, email, company, and phone number, provided at sign-up.
• Usage data — the search queries you submit, request metadata (engine, country, timestamps, result counts), API-key identifiers, and IP address, used to operate, secure, and meter the Service.
• Payment data — handled by Paddle, our merchant of record. We do not store your card number; we receive only subscription status and the identifiers needed to manage your plan.

We use data to provide and secure the Service, authenticate requests, enforce quotas and rate limits, prevent abuse, send transactional email (verification, password reset, billing notices), provide support, and improve the product. We process search queries only to return results and to operate the Service.

Where the GDPR applies, we process data to perform our contract with you (providing the Service), to pursue legitimate interests (security, abuse prevention, product improvement), to comply with legal obligations, and on the basis of consent where required.

We share data with vendors that help us run the Service, under contracts that limit their use of it:

• Paddle — payments and subscription billing;
• Resend — transactional email delivery;
• Hosting and infrastructure providers — to run the API, database, and dashboard;
• Search and proxy providers — the engines we query on your behalf and the network used to reach them.

We do not sell your personal data. We may disclose data if required by law or to protect the rights, safety, and security of RawSerp and its users.

The dashboard uses a strictly necessary, http-only session cookie to keep you signed in. Our marketing site may use privacy-respecting analytics to understand aggregate traffic. We do not use advertising trackers.

We keep account data for as long as your account is active and as needed to comply with legal, tax, and accounting obligations. Request logs are retained for a limited operational window for security and debugging, then deleted or aggregated. You can request deletion of your account at any time.

We protect data with encryption in transit, hashed credentials and API keys, scoped access, and standard operational safeguards. No system is perfectly secure, but we work to protect your data and to respond promptly to incidents.

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, email support@rawserp.com. We will respond within the time required by applicable law.

We and our providers may process data in countries other than yours. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for international transfers.

The Service is not directed to children under 16, and we do not knowingly collect their data. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy from time to time; material changes will be reflected by updating the date above. Questions or requests? Email support@rawserp.com. See also our Terms of Service.