Privacy Policy

Last updated May 27, 2026

LazySEM is operated by Got Reach s.r.o. This Privacy Policy explains what personal data we collect, how we use it, how we share it, and what choices and rights users may have.

LazySEM provides SEO workflow tools, including content brief generation, URL monitoring, content analysis, clustering, and related automation features.

1. Data we collect

LazySEM may collect and process the following categories of data.

Account data

When you create or use a LazySEM account, we may collect:

  • email address
  • first and last name
  • password hash
  • optional phone number
  • authentication provider information, such as Google login identifiers
  • organization membership and role information
  • last active organization or workspace

Billing data

If you subscribe to a paid plan, billing and payment processing is handled by Stripe.

LazySEM may receive billing-related metadata, such as:

  • billing customer details
  • subscription status
  • selected plan
  • payment status
  • billing address

LazySEM does not directly store full payment card details.

Product usage data

To provide the service, LazySEM may process data submitted or created through the product, including:

  • keywords
  • brand information
  • target audience descriptions
  • user notes
  • content briefing inputs
  • URL monitoring projects
  • clustering keyword lists
  • word cloud snapshots
  • agent chat sessions
  • generated SEO outputs

Free-text fields may contain personal data if a user chooses to enter it. LazySEM does not intentionally request sensitive personal data in SEO workflow fields.

Technical and security data

LazySEM may collect technical and security-related data, including:

  • IP address
  • user agent
  • session identifiers
  • request identifiers
  • route, method, status code, and response time
  • audit log events
  • security events
  • activity events
  • error diagnostic data

This data is used for security, troubleshooting, service reliability, and abuse prevention.

Connected Google services

If you connect Google services, LazySEM may process data from:

  • Google OAuth
  • Google Analytics 4
  • Google Search Console

LazySEM may store OAuth refresh tokens for connected Google accounts. These tokens are stored encrypted in LazySEM’s database.

2. How we use data

LazySEM uses personal data and customer-provided data to:

  • create and manage user accounts
  • authenticate users
  • provide access to organizations and workspaces
  • enforce roles and permissions
  • process subscriptions and billing
  • provide SEO briefings, monitoring, clustering, and related product features
  • connect to Google Analytics or Google Search Console when enabled by the user
  • maintain audit logs and security records
  • detect abuse, fraud, or unauthorized access
  • troubleshoot errors and improve service reliability
  • communicate with users about the service

3. AI processing

Some LazySEM features use third-party AI providers to generate SEO briefings and related outputs.

Depending on the feature used, LazySEM may send the following types of data to AI providers:

  • keywords
  • brand characteristics
  • target audience descriptions
  • unique selling points
  • customer pain points
  • user notes
  • SERP-derived entities, URLs, and context

LazySEM does not intentionally send account profile information, billing information, or payment card data to AI providers.

Users should avoid entering sensitive personal data or confidential information into free-text product fields unless it is necessary for their SEO workflow.

4. Cookies and analytics

LazySEM uses essential cookies and similar technologies to operate the service, including:

  • authentication cookies
  • refresh/session cookies
  • CSRF protection cookies

LazySEM may also use analytics tools, such as Google Analytics, where consent is provided or where permitted by applicable law.

LazySEM uses error tracking tools to detect and resolve application issues. These tools may process technical diagnostic data, such as browser information, operating system metadata, request URLs, and error traces. LazySEM does not intentionally send customer content payloads to error tracking tools.

5. Third-party providers

LazySEM uses third-party providers to operate the service, including providers for:

  • cloud hosting
  • frontend delivery
  • payments and billing
  • AI processing
  • search and SEO data
  • connected Google integrations
  • error tracking and diagnostics

A current list of third-party providers is available on our Subprocessors page: /subprocessors

6. International processing

LazySEM uses third-party providers that may process data in multiple countries, including outside the European Economic Area.

These providers may include cloud infrastructure, payment, AI, search, analytics, integration, and error tracking providers.

More information is available on our Subprocessors page.

7. Data retention

LazySEM retains data for as long as necessary to provide the service, operate accounts and subscriptions, comply with legal obligations, resolve disputes, maintain security, and support legitimate business operations.

Current retention practices include:

  • account and organization data is generally retained while the account or organization remains active
  • billing records may be retained as required for accounting, tax, and legal purposes
  • audit, security, and activity logs are generally retained based on organization-level retention settings, with a default retention period of 90 days
  • support, diagnostic, and error data may be retained as needed to troubleshoot issues and maintain service reliability

LazySEM is continuing to formalize its retention and deletion procedures for all data categories.

8. Account deletion and data deletion

Users may request deletion of their account or organization data by contacting LazySEM through the support contact listed on the website.

When an account or organization is deleted or closed, LazySEM will take reasonable steps to delete or disable access to associated data, subject to:

  • legal, tax, or accounting retention requirements
  • security and fraud prevention needs
  • backup and disaster recovery processes
  • technical limitations of third-party providers

Some data may remain in backups or logs for a limited period before being deleted or overwritten according to applicable retention processes.

9. User rights

Depending on your location and applicable law, you may have rights to:

  • access your personal data
  • correct inaccurate personal data
  • request deletion of personal data
  • object to or restrict certain processing
  • request portability of certain data
  • withdraw consent where processing is based on consent
  • lodge a complaint with a data protection authority

LazySEM currently supports limited data export functionality. Some audit log data may be exported by organization owners or administrators. Broader user-data export functionality may not be available for all product data.

To make a privacy or data rights request, contact LazySEM through the support contact listed on the website.

10. Security

LazySEM uses technical and organizational measures designed to protect personal data, including:

  • HTTPS (TLS) for public traffic
  • managed infrastructure with encryption at rest
  • restricted production access
  • role-based administrative controls within the application
  • managed database backups
  • encrypted storage of connected Google OAuth tokens

More information is available on our Security page: /security

11. Changes to this policy

LazySEM may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above.

12. Contact

For privacy questions or data rights requests, please contact LazySEM through the support contact listed on our website.

Or via our email address at info@lazysem.com