Privacy Policy

QueryCatch ("we", "our", or "us") is committed to protecting your privacy and ensuring transparency about how we handle data. This Privacy Policy explains our unique approach to data handling - we do not store your business data.

This Privacy Policy applies to all users of the QueryCatch platform and describes what limited information we do collect, how we protect it, and your rights regarding your data.

By using QueryCatch, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

QueryCatch is designed with privacy-by-design principles. We believe your business data should remain yours, which is why we've built our platform to operate without storing your sensitive business information.

• We establish secure API connections to your existing platforms (Google, WordPress, Shopify, etc.)

• When you access QueryCatch, we fetch your data in real-time from these platforms

• We process and display this data in our interface for your analysis

• Once you close your session or navigate away, the data is not retained on our servers

• We do not create databases of your SEO metrics, search performance, or business analytics

This approach ensures that your sensitive business data remains under your control within the platforms you already trust, while we simply provide a unified interface to view and analyze it.

While we don't store your business data, we do collect limited information necessary to operate the service:

• Email address (for authentication and communication)

• Full name (for account identification)

• Password (encrypted using industry-standard bcrypt hashing)

• Account creation date and last login time

• OAuth tokens for connected services (Google, WordPress, Shopify)

• API keys for service integrations (stored encrypted)

• Refresh tokens to maintain connections

• These tokens only grant us permission to fetch data, not to modify it

• Billing name and address

• Payment method details (processed by our payment provider, we only store last 4 digits)

• Subscription status and history

• Tax identification numbers where required

• Features accessed and frequency of use

• Integration connection/disconnection events

• Error logs for troubleshooting (without sensitive data)

• Performance metrics of the QueryCatch application

• Support ticket content and history

• Email communications with our team

• Feedback and feature requests

To be absolutely clear, QueryCatch does NOT store the following types of data on our servers:

• SEO Performance Data: Search impressions, clicks, CTR, rankings from Google Search Console

• Analytics Data: Traffic, conversions, user behavior from Google Analytics

• Content Data: Your website content, meta titles, descriptions, or images

• E-commerce Data: Product information, sales data, customer information from Shopify

• WordPress Data: Posts, pages, media library content

• Keyword Data: Search queries, keyword rankings, or competition data

All this data is fetched on-demand from your connected platforms and displayed in real-time without being stored in our databases. We act purely as a viewing interface for data that remains in your control.

The limited information we collect is used solely for:

• Authenticating your access to QueryCatch

• Maintaining secure connections to your integrated platforms

• Processing subscription payments

• Providing customer support

• Understanding feature usage to improve our interface

• Identifying and fixing technical issues

• Developing new features based on usage patterns

• Sending important service updates

• Responding to support requests

• Notifying about billing or account changes

• Marketing communications (only with your consent)

• Sell your information to third parties

• Use your business data for competitive analysis

• Share your performance metrics with other users

• Create aggregated datasets from your business information

We implement industry-standard security measures to protect the limited data we do collect:

• All data transmission is encrypted using TLS 1.3 or higher

• API tokens and sensitive data are encrypted at rest using AES-256

• Regular security audits and vulnerability assessments

• Web Application Firewall (WAF) protection

• DDoS protection through cloud infrastructure

• Multi-factor authentication available for all accounts

• Role-based access control for team members

• Regular review of access permissions

• Automatic session timeout after inactivity

• Hosted on SOC 2 compliant infrastructure

• Regular automated backups of account data (not business data)

• Disaster recovery procedures in place

• Incident response plan for security events

In the unlikely event of a data breach affecting account information, we will:

• Notify affected users within 72 hours

• Provide details about what information was compromised

• Take immediate steps to secure the breach

• Cooperate with relevant authorities as required

QueryCatch integrates with several third-party services. Here's how data flows through these integrations:

• Google Search Console: We fetch search performance data using read-only API access

• Google Analytics: We retrieve analytics data using read-only API access

• WordPress: We access post/page metadata through REST API with your credentials

• Shopify: We fetch product and store data using Shopify's API with your permission

• Kinsta: We may access hosting metrics if you provide API access

• Supabase: For authentication and account data storage (NOT business data)

• Payment Processor: For handling subscription payments (PCI compliant)

• Email Service: For transactional emails and support communications

• Analytics: We may use privacy-focused analytics to understand platform usage

Each third-party service has its own privacy policy. We only work with providers who maintain high security and privacy standards.

QueryCatch uses minimal cookies and tracking technologies:

• Authentication cookies to keep you logged in

• Session cookies to maintain your preferences during use

• Security cookies to prevent CSRF attacks

• First-party analytics to understand feature usage

• Error tracking to improve platform stability

• Performance monitoring to ensure fast load times

• Third-party advertising cookies

• Cross-site tracking cookies

• Behavioral targeting cookies

• Social media tracking pixels

You can control cookies through your browser settings. Disabling essential cookies may impact platform functionality.

We retain different types of data for different periods:

• Active accounts: Retained while your account is active

• Cancelled accounts: Basic account data retained for 30 days, then deleted

• Billing records: Retained for 7 years as required by tax law

• Active tokens: Retained while integrations are connected

• Revoked tokens: Deleted immediately upon disconnection

• Expired tokens: Automatically purged from our systems

• Support tickets: Retained for 2 years for quality assurance

• Email communications: Retained for 1 year

• Your SEO, analytics, and business data is NEVER stored, so there's no retention period

• Each time you log in, data is fetched fresh from your connected platforms

You can request deletion of your account and associated data at any time. Upon account deletion:

• Account information is removed within 30 days

• Authentication tokens are revoked immediately

• Billing records are retained only as legally required

• You'll need to create a new account to use the service again

Depending on your location, you have various rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you

• Correction: Request corrections to inaccurate personal information

• Deletion: Request deletion of your account and associated data

• Portability: Receive your account data in a machine-readable format

• Objection: Object to certain processing of your information

• Right to restrict processing of your data

• Right to withdraw consent at any time

• Right to lodge a complaint with supervisory authorities

• Right to know the source of your personal data

• Right to know what personal information is collected

• Right to know if personal information is sold (we don't sell data)

• Right to opt-out of sale of personal information

• Right to non-discrimination for exercising privacy rights

• Rights under the Australian Privacy Principles (APPs)

• Right to complain to the Office of the Australian Information Commissioner

• Right to access and correct personal information

To exercise any of these rights, contact us at privacy@querycatch.com. We'll respond within 30 days.

QueryCatch is operated from Australia but serves users globally. Here's how we handle international data:

• Account data is stored in secure data centers in Australia

• We may use content delivery networks (CDNs) for faster global access

• Support may be provided from various locations by our team

• We use Standard Contractual Clauses for transfers outside Australia

• All data transfers are encrypted in transit

• We only work with service providers who ensure adequate data protection

By using QueryCatch from outside Australia, you consent to the transfer of your account information to Australia for processing. Remember, your business data is never transferred to us - it remains with your original platforms.

QueryCatch is not intended for use by children under 18 years of age.

• We do not knowingly collect information from children under 18

• If we discover we've inadvertently collected data from a child, we'll delete it immediately

• Parents/guardians who believe we may have collected information from their child should contact us

Business services like QueryCatch are designed for adult business owners and professionals. Users must be 18 or older to create an account.

• Service updates and important announcements (essential)

• Billing and account notifications (essential)

• Product updates and new features (optional)

• Marketing and promotional emails (optional, opt-in required)

• Educational content and SEO tips (optional)

• Unsubscribe links in all marketing emails

• Communication preferences in account settings

• Email privacy@querycatch.com to update preferences

• Essential service emails cannot be opted out of while maintaining an account

• Sell your email address to third parties

• Send spam or unrelated promotional content

• Share your contact information with partners without consent

While we prioritize your privacy, we may need to disclose information in certain circumstances:

• To comply with valid legal processes (subpoenas, court orders)

• To protect the rights and safety of QueryCatch and our users

• To investigate potential violations of our Terms of Service

• To prevent fraud or security issues

• As required by applicable laws and regulations

• If QueryCatch is acquired or merged, your information may be transferred

• We'll notify you before any transfer that changes this privacy policy

• You'll have the option to delete your account before any transfer

• We'll notify you of legal requests unless prohibited by law

• We publish transparency reports about data requests when possible

• We challenge overly broad or invalid legal requests

We may update this Privacy Policy as our service evolves:

• Material changes will be notified via email and in-app notifications

• Minor changes may be made without notification but will be noted in the changelog

• The 'Last Updated' date at the top always reflects the most recent version

• Your continued use after changes constitutes acceptance

• You can always access previous versions by contacting us

We encourage you to review this policy periodically. If you disagree with any changes, you may close your account.

For privacy-related questions or to exercise your rights:

• Email: privacy@querycatch.com

• Response time: Within 5 business days

• Email: dpo@querycatch.com

• For formal privacy rights requests and compliance matters

• Email: support@querycatch.com

• Website: https://querycatch.com/contact

QueryCatch Pty Ltd

Australia

• Australia: Office of the Australian Information Commissioner (OAIC)

• EU: Your local Data Protection Authority

• California: California Privacy Protection Agency

• We DON'T store your business data - we just fetch and display it

• We DO store your account info (email, name) and login tokens

• Your SEO metrics stay in Google, your content stays in WordPress/Shopify

• We use bank-level encryption for the data we do store

• You can delete your account anytime and we'll remove your data

• We never sell your information or use it for advertising

• We're subject to Australian privacy laws and respect international standards