Privacy Policy

We collect information you provide directly, such as account details, workspace settings, billing details, support requests, and the content or prompts you submit through the service.

We also collect technical and usage information such as device and browser data, authentication events, feature usage, and operational logs needed to secure and maintain the service.

We use information to operate ForestSEO, authenticate users, provide customer support, process payments, improve product performance, prevent abuse, and communicate important updates.

We may use service data in aggregated or de-identified form to understand product usage trends and improve reliability, provided that the information no longer identifies you or your organization.

Where privacy laws require a legal basis, we rely on contractual necessity to deliver the service, legitimate interests to secure and improve it, legal obligations to comply with the law, and consent where consent is specifically required.

You may withdraw consent for optional processing activities when those activities rely on consent, but that will not affect processing already carried out lawfully before withdrawal.

We share information with service providers that help us host the platform, process payments, send transactional communications, monitor uptime, and provide customer support.

We may also disclose information when required by law, to protect users and the service, or in connection with a merger, financing, or asset transfer subject to appropriate confidentiality protections.

When you connect an email channel such as Gmail or Google Workspace, you authorize ForestSEO to access that mailbox on your behalf through Google's OAuth consent flow so the service can send, receive, and thread the messages for the campaigns you run. You can review the exact permissions on Google's consent screen before granting access, and you can disconnect the account at any time.

To provide these features we request three Google OAuth scopes. The https://mail.google.com/ scope lets ForestSEO submit your outgoing messages over SMTP and read the replies and delivery information for the conversations you manage, so threads stay in sync; we use it only to send the messages you create and to track and organize their responses. The openid and email scopes let us read the email address of the account you are connecting so we can label the channel and authenticate it for sending, and we do not use them to access any other Google profile data.

We store the OAuth access and refresh tokens that Google issues, the connected account's email address, and operational metadata such as the granted scopes and token expiry needed to keep the connection working. Access and refresh tokens are encrypted at rest using AES-256-GCM, are never returned in the dashboard or in API responses, and are decrypted only momentarily when sending mail or refreshing the connection. We do not store the contents of your mailbox, and we discard Google's identity token immediately after reading the account address from it.

You can revoke ForestSEO's access at any time by disconnecting the channel in the dashboard, which deletes the stored tokens, or by removing ForestSEO from the connected-apps list in your Google Account at myaccount.google.com/permissions. Revoking access stops all further sending and message access for that mailbox.

ForestSEO's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide and improve the connected-email features you have enabled.
• We do not sell Google user data, and we do not transfer it to others except as needed to provide these features (for example, our hosting and infrastructure provider), to comply with applicable law, or in connection with a merger or acquisition where the data stays protected.
• We do not use Google user data for advertising.
• We do not use Google user data to train, develop, or improve generalized or non-personalized artificial-intelligence or machine-learning models.
• We do not allow humans to read your Google user data unless you give specific consent, it is necessary for security or to comply with the law, the data is aggregated and anonymized for internal operations, or it is otherwise permitted by the Limited Use policy.

We retain personal information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention periods depend on the type of information, your subscription status, support history, and whether we must preserve records for legal, tax, security, or fraud-prevention reasons.

ForestSEO may process and store information in countries other than the country where you live or work. When we transfer personal information internationally, we use appropriate safeguards required by applicable law.

These safeguards can include contractual commitments, vendor due diligence, and security controls designed to protect transferred information.

We use administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, or disclosure.

No system is perfectly secure, so we encourage customers to use strong authentication practices, review workspace access regularly, and notify us quickly about suspected incidents.

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, and in some cases to receive a portable copy of it.

We may need to verify your identity and the scope of your request before acting, and some requests may be limited where the law allows or requires us to keep certain records.

If you have privacy questions or want to exercise a right, contact ForestSEO using the details listed on this page. If applicable law gives you the right to complain to a regulator, you may also contact your local supervisory authority.

If you use ForestSEO through an organization, we may direct some requests to your workspace owner or administrator so they can help us validate and respond appropriately.