serpctrlapp

// legal

Privacy Policy

Last updated: 7 May 2026 · Effective date: 7 May 2026

1. Who we are

SIA “Cyber Unicorn” (registration no. 40203002129, Jūrmala, Baznīcas iela 30–13, LV-2015, Latvia) operates the Chrome extensions SerpControl and SerpControl Ultra and the website serpctrl.lv / app.serpctrl.com.

We are the data controller for personal data processed in connection with your use of the website, account, subscription, and extension authentication. The extensions do not transmit audited page content to us (see § 3).

Contact: legal@serpctrl.lv

2. What data we collect and why

CategoryDataPurposeLegal basis (GDPR)
Account dataEmail address, name (if provided)Creating and managing your subscriptionContract (Art. 6(1)(b))
Payment dataBilling address, last four card digits, VAT number (if B2B) — collected and stored by Stripe as our Merchant of Record; we receive only a redacted summaryProcessing payments, issuing VAT invoices, fraud preventionContract / Legal obligation (Art. 6(1)(b)(c))
Licence dataExtension authentication token, seat assignment, activation and last-seen timestampsValidating Ultra subscription access and enforcing seat limitsContract (Art. 6(1)(b))
Support dataEmail content you send to support@serpctrl.lvResponding to support requestsLegitimate interest (Art. 6(1)(f))
Website analyticsAnonymised page views, referrer, browser type — no cookies placedUnderstanding how visitors use the siteLegitimate interest (Art. 6(1)(f))
Error telemetryError stack traces, browser/runtime metadata, page route, and diagnostic breadcrumbs. Text and media are masked in client replay.Detecting and fixing production errorsLegitimate interest (Art. 6(1)(f))

3. The extensions: audited page data stays in your browser

SerpControl and SerpControl Ultra analyse the active browser tab locally. When you click an audit tool:

  • A content script is injected into the active tab you already have open.
  • The script reads the live DOM (text, headings, links, JSON-LD, meta tags) and runs the audit in memory.
  • Results are rendered as an overlay in the same tab.
  • The page content and audit results are not sent to our servers. We never see what you audit.

The LLM Visibility tool (Ultra only) additionally issues a single fetch(location.href, {credentials:"omit"}) from the content-script context — this goes from your browser to the site you are auditing, not to us.

SerpControl Ultra contacts app.serpctrl.com only to authenticate your account, validate subscription/seat access, and issue a signed extension auth token. The extension stores that token locally in chrome.storage.localon your device.

4. Cookies and tracking

The extensions place no cookies and run no tracking scripts.

The website uses only strictly necessary cookies required for the subscription and account flow. We do not use advertising cookies or third-party tracking pixels. See our Cookie Notice for full details.

5. Sub-processors and third parties

We share personal data only with the following sub-processors, all bound by data-processing agreements:

Sub-processorRoleCountry
Stripe, Inc.Merchant of Record, payment processing, tax calculation and remittance, VAT invoicingUS (SCCs apply)
Vercel Inc.Web hostingUS (SCCs apply)
Resend Inc.Transactional emailUS (SCCs apply)
SentryError monitoring and diagnosticsUS/EU infrastructure depending on Sentry configuration (SCCs apply where required)

We do not sell or rent personal data to any third party. We do not share data with advertising networks.

6. International transfers

Where data is transferred outside the EEA (e.g. to Stripe, Vercel, Resend, or Sentry), we rely on the European Commission's Standard Contractual Clauses (SCCs) as the transfer mechanism.

7. Retention

Account and payment data is retained for the duration of the subscription plus 7 years (as required by Latvian accounting law). Support emails are retained for 2 years from the last interaction. Anonymised analytics data is retained indefinitely.

8. Your rights

Under the GDPR you have the right to: access, rectify, or erase your personal data; restrict or object to processing; data portability; and to withdraw consent where processing is based on consent.

To exercise any right, email legal@serpctrl.lv. We will respond within 30 days.

You also have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija, www.dvi.gov.lv) or with the supervisory authority in your country of habitual residence.

9. Children

The Service is not directed at children under 16. If you believe a child has provided us with personal data, email legal@serpctrl.lv and we will delete it promptly.

10. Security

We use TLS for all data in transit and access to production systems is restricted to named individuals. Payment card data is handled entirely by Stripe and never stored on our servers.

11. Changes to this policy

If we make material changes we will update the “Last updated” date and, for Subscribers, send an email notice at least 14 days before the change takes effect.

12. Contact

SIA “Cyber Unicorn”
Registration No.: 40203002129
Jūrmala, Baznīcas iela 30–13, LV-2015, Latvia
legal@serpctrl.lv