Back to home

Privacy Policy

Last updated: 11 February 2026

Thank you for choosing Jack's SEO MCP(“we,” “us,” or “our”). This Privacy Policy outlines how we collect, use, and protect your personal and non-personal information when you use our Service.

The Service is provided by JRER Tech Holdings Ltd (Company No. 17026241), registered at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We are the data controller for your personal data and are responsible for deciding how we hold and use your information.

1. Information We Collect

1.1 Personal Data

Essential Information:

  • Full name
  • Email address
  • Company and job title
  • Payment information (processed securely via Stripe)

Usage Information:

  • Service interaction patterns
  • Feature usage statistics
  • Search queries and analysis requests

1.2 Third-Party Research Data

The Service retrieves keyword, search volume, and SERP data from third-party data providers to power your research. This data is not personal data.

1.3 User-Provided Content

You may provide additional content to the Service, such as company descriptions, product information, or custom prompts used to generate analysis. This content is processed solely to deliver the Service to you.

1.4 Non-Personal Data

  • Device information
  • IP addresses
  • Browser type
  • Operating system
  • Usage patterns and analytics
  • Cookie data
  • Geographic location (where permitted)

2. How We Use Your Information

Primary Purposes:

  • Providing keyword research and SERP analysis
  • Generating AI-assisted content and recommendations
  • Personalising research results and recommendations
  • Improving research and content accuracy
  • Enhancing service functionality
  • Processing payments and managing subscriptions

Communication Purposes:

  • Sending service updates
  • Important announcements
  • Customer support

3. Data Storage and Security

We implement robust security measures to protect your data:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure, access-controlled cloud infrastructure
  • Role-based access controls
  • Authentication via secure OAuth providers (Google, Microsoft Azure AD)
  • Compliance with UK GDPR and Data Protection Act 2018

Data Retention:

  • Account data is retained for the duration of your subscription and for up to 30 days after account deletion
  • Analysis results and generated content are retained while your account is active
  • Payment records are retained for 7 years as required by UK tax law
  • Inactive accounts may be archived or deleted after 12 months of inactivity
  • You may request data deletion at any time, subject to legal retention requirements

4. Data Sharing and Sub-Processors

We use the following third-party service providers (sub-processors) to deliver the Service. Each processes data only as necessary for their stated purpose:

ProviderPurpose
DataForSEOKeyword and SERP data
AhrefsKeyword and backlink data
SerpApiSearch results data
SupabaseDatabase, authentication, and storage
StripePayment processing
PostHogProduct analytics
ResendTransactional email delivery

5. Artificial Intelligence and Your Data

When you use AI-assisted features, including any AI agent you connect through the MCP connector, the content and prompts you provide may be sent to third-party AI providers for processing.

Important safeguards:

  • Where we send data to a third-party AI provider, it is processed under that provider's API terms and is not used to train or improve our AI models
  • Data sent to AI providers is processed solely to generate a response and is not retained by us for model training purposes
  • If you connect your own AI agent via the MCP connector, your use of that agent is also governed by that provider's terms

We do not:

  • Sell your personal data
  • Use your data to train our own AI models
  • Share your data for marketing purposes
  • Provide data to unauthorised third parties

6. Your Data Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request data deletion
  • Opt-out of certain data processing
  • Export your data
  • Lodge complaints with supervisory authorities

7. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect or process data from minors.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Improve service functionality
  • Analyse usage patterns
  • Enhance user experience
  • Maintain service security
  • Remember preferences

9. Changes to Privacy Policy

We may update this Privacy Policy to reflect service changes, legal requirements, or operational needs.

We will notify you of significant changes via email, service notifications, and website updates.

10. Contact Information

For privacy-related enquiries:

  • Email: support@example.com
  • Website: jacks-seo.com
  • Postal address: JRER Tech Holdings Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

11. Legal Basis for Processing

We process your data based on:

  • Contract performance
  • Legal obligations
  • Legitimate interests
  • Your consent (where required)

12. Data Protection Rights

Under UK data protection law, you have rights including:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights related to automated decision making

13. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data in accordance with the law.

14. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, as required by UK GDPR.

Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

15. Data Processing Agreements

If your organisation requires a Data Processing Agreement (DPA) or has specific data protection requirements, please contact us at support@example.com. We are happy to enter into appropriate data processing arrangements with enterprise customers.

By using our Service, you acknowledge that you have read and understood this Privacy Policy.