Privacy Policy

Last updated: 7 May 2026

1. Introduction

This Privacy Policy (the "Policy") describes how Group Martin Limited, a company incorporated in Hong Kong ("we", "our", "the Company"), collects, uses, retains and protects the personal data of users ("you", "the User") of the NODE SEO+AI service (the "Service"), accessible through our websites, applications, API and extensions.

We are committed to protecting your data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") for users residing in the European Economic Area, the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486, "PDPO"), and other applicable data protection laws.

2. Data Controller

The controller of your personal data is:

Group Martin Limited
Company incorporated in Hong Kong
Data Protection Officer: dpo@oesedon.com
Privacy contact: privacy@oesedon.com

3. Data we collect

We collect the following categories of data:

3.1. Data you provide directly

  • Identification data: first and last name, email address, hashed password, preferred language.
  • Billing data: billing address, transaction identifier (payment card details are processed exclusively by our PCI-DSS-certified payment providers — Stripe, PayPal — and are never stored on our servers).
  • Professional profile: company name, industry, team size.
  • User-generated content: domains, keywords, campaigns, project configurations.
  • Support communications.

3.2. Data collected automatically

  • Technical data: IP address, browser type, operating system, device identifier, time zone.
  • Usage data: pages visited, features used, session duration, access timestamps, API calls.
  • Cookies and similar technologies (see section 7).
  • Security logs: login attempts, authentication events.

4. Purposes of processing

Your data is processed for the following purposes:

  • Provide, maintain and improve the Service.
  • Authenticate your account and secure access.
  • Process payments, subscriptions and issue invoices.
  • Communicate with you about your account, Service updates, security alerts and support.
  • Detect, prevent and address fraud, abuse and violations of our terms of service.
  • Comply with legal and regulatory obligations.
  • Conduct aggregated and anonymized statistical analyses to improve the Service.
  • With your explicit consent, send you marketing communications.

5. Legal bases (EU/EEA users)

In accordance with Article 6 GDPR, we rely on the following legal bases:

  • Performance of contract: for delivery of the subscribed Service.
  • Legitimate interest: for security, fraud prevention and Service improvement.
  • Legal obligation: for accounting and tax retention.
  • Consent: for marketing communications and non-essential cookies.

6. Data sharing

We never sell your personal data. We share it only with:

  • Technical processors: hosting (Vercel), managed PostgreSQL database, transactional email (Resend, SendGrid), payments (Stripe, PayPal), anti-fraud analysis. All are bound by a data processing agreement compliant with Article 28 GDPR.
  • Authorities: pursuant to valid judicial process or legal obligation.
  • Successors: in case of merger, acquisition or business transfer, subject to equivalent protection commitments.

7. Cookies and similar technologies

We use strictly necessary cookies (session, authentication, security), preference cookies (language, theme) and, subject to your consent, audience measurement cookies. You can modify your preferences at any time via the consent banner or your browser settings.

8. Data retention

Your data is retained for the duration of your contractual relationship with us, plus applicable statutory retention periods (notably 10 years for accounting documents, 1 to 5 years for security logs). Beyond that, data is deleted or irreversibly anonymized.

9. Security

We implement appropriate technical and organizational measures: TLS encryption in transit, encryption at rest for sensitive data, password hashing (bcrypt), role-based access control, access logging, regular backups, periodic penetration testing. Since no system is infallible, we cannot guarantee absolute security but commit to notifying you of any breach likely to result in a high risk to your rights, in accordance with Article 34 GDPR.

10. Your rights

Under the GDPR and PDPO you have the following rights:

  • Right of access to your data.
  • Right to rectification.
  • Right to erasure ("right to be forgotten").
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with your supervisory authority (e.g., CNIL in France, PCPD in Hong Kong).

To exercise these rights, contact us at privacy@oesedon.com. We will respond within one month.

11. International transfers

Since Group Martin Limited is established in Hong Kong, your data may be transferred outside the European Economic Area. Such transfers are governed by Standard Contractual Clauses adopted by the European Commission or by other recognized mechanisms ensuring an equivalent level of protection.

12. Minors

The Service is not intended for persons under 16. We do not knowingly collect personal data concerning minors. If you believe a minor has provided us with data, contact us so we can delete it.

13. Changes to the Policy

We may amend this Policy from time to time. Any substantial change will be notified by email or via the Service at least 30 days before it takes effect. The last update date appears at the top of this page.

14. Contact

For any question regarding this Policy, you may contact us at privacy@oesedon.com or, for any request to our Data Protection Officer, at dpo@oesedon.com.