Privacy Policy
Last updated: 2026-06-22
This Privacy Policy explains how QueryScope ("we", "us", "our") collects, uses, and protects your personal data when you use the service at https://queryscope.dev.
We handle your data lawfully under the EU General Data Protection Regulation (GDPR).
1. Who we are
- Service: QueryScope
- Website: https://queryscope.dev
- Contact for privacy: [email protected]
- General contact: [email protected]
If you have a concern about how we handle your data and we can't resolve it directly, you can lodge a complaint with the data protection authority in your country of residence.
2. The Service in plain language
QueryScope brings Google Search Console into your AI IDE. It lets you read and analyze your own Search Console data (clicks, impressions, position, queries, countries, indexing) from the terminal where you code. The Service has two parts:
- A hosted MCP server at mcp.queryscope.dev that your AI IDE (Claude Code, Cursor, Cline, Windsurf, etc.) connects to over OAuth. It reads your Search Console data on your behalf and returns it to your IDE. Your IDE runs the AI; we do not.
- A hosted dashboard at queryscope.dev where we store your account, billing, the sites you connect, and the daily Search Console snapshots we keep so your history is not lost to Google's retention window.
This matters for privacy: we read your own Search Console data over a read-only OAuth grant you approve and can revoke. We do not run AI inference on your data, and we are not affiliated with Google.
3. What data we collect
3.1 Data you provide directly
- Account data: email address, password (hashed via bcrypt), name (optional)
- Project data: verified root domain you're working on, project name
- Billing data: billing address, VAT number (B2B), country. Payment card details are handled directly by Stripe and never touch our servers.
- Communications: emails, support tickets, feedback you send us
3.2 Data the MCP server posts back to us
When you use a tool inside your IDE, the MCP server posts a run summary to our API. These summaries include:
- Tool name and parameters (e.g., "gsc_overview", "gsc_pages")
- Run status and duration
- For ticket tools: ticket IDs and state transitions
- For audit tools: audit findings (decay, under-clicked pages, indexing issues)
- Idempotency keys to deduplicate retried requests
The MCP server does NOT post back:
- The full text of content you generate
- Your IDE's AI conversation history
- Your repository contents (unless you explicitly use a tool that needs them)
3.3 Data we collect from connected integrations (optional, with your consent)
When you connect optional integrations, we process:
- Google Search Console (OAuth): read-only access to search performance data (impressions, clicks, position, query, page) and URL indexing status for properties you authorize. We use this to show your performance and detect decay, under-clicked pages, and indexing issues. We never write to your GSC account.
You can disconnect the integration from your account settings at any time. We revoke our access immediately and delete the cached data within 30 days.
3.4 Data collected automatically
- Technical data: IP address, browser, device, operating system, request timestamps
- Usage data: which pages of the dashboard you visit, which features you use, time spent (collected via our self-hosted Umami analytics, which does not use cookies or share data with third parties)
- Audit logs: authentication events, API token use, security-relevant actions
3.5 Data we do NOT collect
- We do not buy personal data from third parties
- We do not collect special categories of data (health, racial origin, political opinions, biometrics)
- We do not run third-party advertising or marketing pixels
- We do not sell your data, ever
- We do not process your content through AI ourselves. AI inference happens in your IDE under your vendor relationship (Anthropic, OpenAI, etc.). We are not a subprocessor of those vendors on your behalf.
4. Why we collect it (legal basis under GDPR Art 6)
| Purpose | Data | Legal basis |
|---|---|---|
| Provide the Service | Account, project, run summaries | Contract performance (Art 6(1)(b)) |
| Process payments | Billing data | Contract performance |
| Send transactional emails (password resets, receipts, audit digests) | Email address | Contract performance |
| Customer support | Communications, account | Contract performance |
| Send product updates (only if you opt in) | Email address | Consent (Art 6(1)(a)) |
| Run scheduled audits on your behalf (e.g., daily GSC pull, weekly snapshot, URL inspection) | GSC data | Contract performance |
| Detect abuse and secure the Service | Technical, audit logs | Legitimate interest (Art 6(1)(f)) |
| Aggregate, anonymized product analytics | Usage | Legitimate interest |
| Comply with tax and accounting law | Billing | Legal obligation (Art 6(1)(c)) |
5. How long we keep your data
| Data category | Retention |
|---|---|
| Account data | Until you delete your account, then 30 days |
| Project data, audit history, tickets | Until you delete it or your account, then 30 days |
| Connected integration tokens (Google Search Console) | Until you disconnect, then deleted immediately |
| Stored GSC snapshots (your performance history) | Kept while your account is active, deleted within 30 days of account deletion |
| Billing and invoice records | 7 years (Dutch tax law requirement under Algemene wet inzake rijksbelastingen) |
| Support communications | 2 years |
| Email opt-in records | Until you opt out, plus 1 year (proof of consent) |
| Backups | Up to 7 days (Litestream streaming), up to 30 days (daily snapshots), then auto-deleted |
| Server logs | 30 days |
| Audit logs (security events) | 1 year |
When you delete your account, we anonymize or delete your personal data within 30 days, except where retention is required by law (invoices: 7 years).
6. Subprocessors
We share necessary data with the following processors to operate the Service:
| Vendor | Purpose | Data | Location | DPA |
|---|---|---|---|---|
| Hetzner Online GmbH | Server hosting | All hosted user data | EU (Germany / Finland) | Yes |
| Cloudflare, Inc. | DNS, CDN, security, R2 backup storage | Technical, usage, encrypted backups | Global (US-headquartered, EU PoPs) | Yes |
| Stripe Payments Europe Ltd. | Payment processing | Payment, billing | Global | Yes |
| AWS (SES) | Transactional email delivery | Email addresses, message content | EU (eu-central-1) | Yes |
| Backblaze, Inc. (B2) | Database backups | All hosted user data (encrypted at rest) | US | Yes (with SCCs) |
| Google LLC (Search Console API) | Read your GSC data on your behalf when you connect | OAuth tokens, fetched GSC data | Global | Yes |
We do NOT use the following despite some appearing in standard SaaS stacks:
- No AI model providers (Anthropic, OpenAI, Google Gemini, etc.) as subprocessors. AI inference happens in your IDE.
- No marketing automation, ad networks, or CRM that processes your personal data.
The current, dated list lives at https://queryscope.dev/subprocessors. We notify you by email at least 30 days before adding a new subprocessor that processes your personal data.
For international transfers (US-based vendors), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
7. AI processing disclosure
The Service itself does not perform AI inference on your content. The AI features you see in your IDE (Claude Code, Cursor, etc.) run under your relationship with that IDE's AI vendor (Anthropic, OpenAI, etc.). We do not send your content to AI vendors on your behalf, and we are not a subprocessor of those vendors.
This is an architectural choice: we built QueryScope as a tool layer, not an AI wrapper. Your IDE owns the AI runtime.
For the avoidance of doubt:
- Outputs you generate inside your IDE are governed by your IDE vendor's privacy policy (Anthropic, OpenAI, etc.), not ours.
- We do not train any model on your data, because we do not operate any model.
If we ever add server-side AI features (e.g., an optional AI summarization endpoint), we will update this Privacy Policy at least 30 days before that change takes effect.
8. Cookies
We use the minimum cookies needed to operate the Service:
- Strictly necessary cookies (always on): session cookies for authentication, CSRF protection, cookie consent state
- Functional cookies (on with consent): remembering theme preference, dashboard view preferences
- Analytics: we use self-hosted Umami, which does not set cookies and does not track users across sites
- Marketing cookies: we do not use any
You can manage cookie preferences via the banner shown on your first visit or via the "Cookie Preferences" link in our footer.
We do not use third-party tracking cookies, advertising cookies, or analytics cookies that share data with third parties. Our self-hosted Umami analytics does not set cookies. This means your visit to queryscope.dev does not contribute to any cross-site profile.
9. Your rights under GDPR
You have the right to:
- Access your personal data (Art 15)
- Rectify inaccurate data (Art 16)
- Erase your data, the "right to be forgotten" (Art 17)
- Restrict processing (Art 18)
- Port your data to another service (Art 20). We provide a JSON export from your account settings.
- Object to processing based on legitimate interest (Art 21)
- Withdraw consent at any time, without affecting prior processing (Art 7(3))
How to exercise these rights
Email [email protected] with your request. We respond within 30 days as required by GDPR (Art 12(3)).
If you're not satisfied with our response, you can complain to the data protection authority in your country of residence.
You can also delete your account directly from your account settings at any time. Deletion is one-click and follows the EU Digital Services Act and Consumer Rights Directive 2026 requirements for paid services.
10. Security
We implement reasonable technical and organizational measures, including:
- TLS 1.2+ encryption for all data in transit (HSTS-preloaded at the .dev TLD level, so HTTP is impossible)
- Encrypted backups at rest (Backblaze B2 + Cloudflare R2)
- Server access restricted via Tailscale VPN and SSH keys (no public SSH port open)
- Cloudflare WAF and DDoS protection
- Automatic security patching via Ubuntu unattended-upgrades
- Application-level rate limiting and bot protection (Cloudflare Turnstile on signup)
- Hashed passwords using bcrypt with strong work factor
- API authentication via revocable tokens (Laravel Sanctum)
- Audit logs of security-relevant events (1-year retention)
If we discover a data breach affecting your personal data, we notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Art 33-34.
11. Children
The Service is not intended for users under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, email [email protected] and we'll delete it.
12. International users
By using the Service, you understand that your personal data will be processed primarily in the EU and, for certain subprocessors, in the US under appropriate safeguards (Standard Contractual Clauses).
13. Changes to this Policy
We may update this Privacy Policy. Material changes will be notified via email at least 30 days before they take effect. The "Last updated" date at the top of this page always reflects the current version. If you need a copy of an earlier version, email [email protected].
14. Contact
- Privacy questions and GDPR requests: [email protected]
- General support: [email protected]