Last Updated: October 23, 2025

Privacy Policy

PRIVACY AND COOKIES POLICY OF THE ONLINE SERVICE
WWW.JACKSEO.IO
AND
THE APPLICATION APP.JACKSEO.IO

§ 1
GENERAL PROVISIONS

  1. The controller of personal data collected through the Website and the Application is JACKSEO spółka z ograniczoną odpowiedzialnością, entered into the Register of Entrepreneurs maintained by the District Court Poznań – Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register, under KRS number 0001169560, with its registered office and correspondence address at ul. Kościelna 33/U1, 60-537 Poznań, Poland, Tax Identification Number (NIP): 7812088313, National Business Registry Number (REGON): 541540217, e-mail address: hello@jackseo.io, phone number: +48 794 355 559, hereinafter referred to as the “Controller”, who is also the Service Provider.
  2. Personal data collected by the Controller through the Website and entrusted to it by Users are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR”), as well as the Polish Consumer Rights Act of 30 May 2014.
  3. The services of the Website and the Application are intended for individuals who are at least 16 years of age. If it is determined that data from a person under this age have been collected without the required consent of their legal guardian, the Controller will promptly delete such data.
  4. Providing personal data in the Application or on the Website is voluntary but necessary for the conclusion and performance of the agreement and the provision of services (Account, Order, License). Failure to provide the required data will make it impossible to provide the services. Where the processing is based on Article 6(1)(f) of the GDPR, the legitimate interests pursued by the Controller include system security and accountability, product analytics and development of the Application/Website, the establishment or defense of legal claims, and ongoing communication. The Controller does not make decisions based solely on automated processing that produce legal effects concerning the User or similarly significantly affect them. Any profiling carried out has a marketing and analytical character (content selection, performance measurement) and does not produce the aforementioned legal effects.
  5. All words or expressions written with a capital letter in this Privacy Policy shall be understood in accordance with their definitions set out in the Terms of Service.

§ 2
PURPOSE AND SCOPE OF DATA COLLECTION

  1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes the personal data of the Service Users in the following cases
    1. registration of an Account on the Website, for the purpose of creating and managing an individual account, based on Article 6(1)(b) of the GDPR (performance of a contract for the provision of electronic services in accordance with the Website’s Terms of Service),
    2. placing an Order, for the purpose of performing the Agreement for the provision of a Digital Service, based on Article 6(1)(b) of the GDPR (performance of a contract),
    3. subscribing to the Newsletter, for the purpose of sending commercial information by electronic means — personal data are processed upon separate consent, based on Article 6(1)(a) of the GDPR,
    4. use of the License and the provision of all other services related to the Application, for the purpose of performing the Agreement for the provision of a Digital Service, based on Article 6(1)(b) of the GDPR (performance of a contract),
    5. carrying out other actions necessary or relevant to the operation of the Website and the Application, including:
      1. product analytics and improvement of the Application/Website (measurements, A/B testing, telemetry): Article 6(1)(f) of the GDPR — the Controller’s legitimate interest in enhancing the quality and usability of services,
      2. security and prevention of abuse (logs, DDoS protection, rate limiting, incident detection): Article 6(1)(f) of the GDPR,
      3. direct B2B marketing, newsletter, and commercial communication — within the scope required under the Electronic Communications Law (PKE): Article 6(1)(a) of the GDPR (consent). Consent may be withdrawn at any time,
      4. establishment or defense of legal claims: Article 6(1)(f) of the GDPR.
  2. TYPES OF PERSONAL DATA PROCESSED. The Service User provides, as applicable:
    1. for the Account: first name and last name, tax identification number (NIP), e-mail address,
    2. for the Order: first name and last name, tax identification number (NIP), e-mail address,
    3. for the Newsletter: first name and last name, e-mail address,
    4. for the License: first name and last name, tax identification number (NIP), e-mail address.
    5. Additionally, the Controller may process the following categories of data (to the extent that they constitute personal data under the GDPR): billing data: transactional data received from the payment operator (without full card details),
    6. data entered into the Application: prompts, commands, uploaded files, project parameters, SEO/GEO preferences,
    7. technical and telemetry data: IP address, device/installation identifiers, timestamps, browser/OS type, event logs, stability and performance metrics,
    8. marketing and analytical data (based on consent or within the limits of an objection): history of message openings and clicks, segmentation data, preferences.
  3. DATA RETENTION PERIOD. The personal data of Service Users are stored by the Controller as follows:
    1. where the legal basis for processing is the performance of a contract, for as long as it is necessary to perform that contract, and thereafter for a period corresponding to the limitation period for any claims. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic performance or those related to business activity — three years,
    2. where the legal basis for processing is consent, for as long as the consent has not been withdrawn, and after its withdrawal for a period corresponding to the limitation period for any claims that may be raised by or against the Controller. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic performance or those related to business activity — three years.
  4. Data processed in connection with the use of AI functions in the Application.
    1. The Application uses artificial intelligence (AI) models to generate SEO/GEO content based on data provided by the User (such as prompts, files, and settings).
    2. AI functions may be performed using external technology providers (sub-processors), including providers of language models or cloud computing services located within and/or outside the EEA. The Controller notifies Users of planned changes to sub-processors, and the Client may raise a justified objection. Prompts and AI event logs are stored for the period necessary to ensure security, accountability, and technical support, but no longer than 90 days, unless a longer period results from the pursuit or defense of legal claims or from legal obligations. Such data are not used for model training without the User’s prior explicit consent.
    3. The Controller does not use any input data or content generated by the User for the purpose of “training” or “fine-tuning” AI models without the User’s prior explicit consent.
    4. Users should verify AI-generated content before publishing or using it. In cases required by law, the User may be obligated to disclose to recipients that the content was generated or co-created by AI.
    5. The Controller maintains records of significant system events and ensures human oversight over AI functionalities to guarantee security and accountability.
  5. Special categories of data. The Controller does not expect and requests that Users do not provide any special categories of personal data (Article 9 of the GDPR), classified information, or trade secrets within the prompts or files submitted directly to the Application.
  6. When using the Website, additional information may be collected, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.
  7. Upon separate consent and based on Article 6(1)(a) of the GDPR, data may also be processed for the purpose of sending commercial information electronically or making telephone calls for direct marketing purposes, in accordance with Article 398(1) and (2) of the Polish Electronic Communications Law of 12 July 2024, including communications resulting from profiling, provided that the User has given the relevant consent.
  8. As part of the User’s activity on the Website/Application, profiling may occur for the purpose of selecting suitable marketing content to be displayed to the User.
  9. Profiling means any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. Profiling does not produce legal effects concerning the User nor otherwise significantly affect their situation; its purpose is solely to better tailor marketing content and offers.
  10. The Controller may also collect navigational data from Users, including information about links and references they choose to click or other actions taken within the Website. The legal basis for such processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), consisting of facilitating the use of electronic services and improving their functionality.
  11. Providing personal data by the User is voluntary.
  12. The Controller exercises particular care to protect the interests of data subjects and, in particular, ensures that the data collected:
    1. are processed lawfully,
    2. are collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes,
    3. are factually correct and adequate in relation to the purposes for which they are processed, and are stored in a form that permits the identification of the data subjects for no longer than is necessary to achieve the purpose of the processing.

§ 3
RECIPIENTS OF PERSONAL DATA

  1. The personal data of Service Users are disclosed to service providers used by the Controller in the operation of the Website, in particular to:
    1. payment system providers,
    2. accounting office,
    3. hosting service providers,
    4. software providers supporting business operations,
    5. entities providing mailing systems,
    6. software providers necessary for the operation of the Website.
  2. The service providers referred to in point 1 of this section, to whom personal data are disclosed, depending on the contractual arrangements and circumstances, either act under the Controller’s instructions regarding the purposes and means of processing such data (processors) or independently determine the purposes and means of their processing (controllers).
  3. The personal data of Service Users are stored exclusively within the territory of the European Economic Area (EEA), subject to the provisions of §5(5) and §6 of this Privacy Policy.
  4. Personal data may be transferred outside the European Economic Area (EEA), in particular to the United States, in connection with the Controller’s use of analytical and marketing tool providers (e.g., Google LLC, Meta Platforms Inc.).
    Such data transfers are carried out based on the Standard Contractual Clauses (SCCs) approved by the European Commission, in accordance with Article 46(2)(c) of the GDPR.

§ 4
RIGHT OF CONTROL, ACCESS TO PERSONAL DATA, AND RECTIFICATION

  1. The data subject has the right to access their personal data, as well as the right to rectify, erase, or restrict the processing of such data, the right to data portability, the right to object to processing, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. The legal grounds for the User’s requests are as follows:

    1. access to data – Article 15 of the GDPR,
    2. rectification of data – Article 16 of the GDPR,
    3. erasure of data (the so-called “right to be forgotten”) – Article 17 of the GDPR,
    4. restriction of processing – Article 18 of the GDPR,
    5. data portability – Article 20 of the GDPR,
    6. objection to processing – Article 21 of the GDPR,
    7. withdrawal of consent – Article 7(3) of the GDPR.

  2. To exercise the rights referred to in point 2, a relevant e-mail may be sent to: hello@jackseo.io

  3. If the User exercises any of the rights mentioned above, the Controller shall fulfill the request or refuse to do so without undue delay, but no later than within one month of receiving the request. However, if—due to the complexity of the request or the number of requests—the Controller is unable to meet this deadline, the Controller shall comply within the next two months, informing the User within one month of receipt of the request about the intended extension of the deadline and the reasons for it.

  4. If it is determined that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).

§ 5
“COOKIES” FILES

  1. The Controller’s website uses “cookies.”
  2. The installation of cookies is necessary for the proper provision of services on the Website. Cookies contain information essential for the correct functioning of the Website and also make it possible to compile general statistics on website visits.
  3. Two types of cookies are used on the Website: “session” cookies and “persistent” cookies.
    1. “Session” cookies are temporary files that are stored on the User’s end device until they log out or leave the Website.
    2. “Persistent” cookies are stored on the User’s end device for the period specified in the parameters of the cookies or until they are deleted by the User.
  4. The Controller uses its own cookies to better understand how Users interact with the content of the Website. These cookies collect information about how the User uses the Website, the type of page from which the User was redirected, as well as the number of visits and the duration of each visit. This information does not record specific personal data of the User but is used to compile statistics on the use of the Website.
  5. The Controller also uses third-party cookies to collect general and anonymous statistical data through analytical tools such as Google Analytics (external cookie administrator: Google LLC, based in the USA).
  6. Cookies may also be used by advertising networks, in particular the Google network, to display advertisements tailored to the way the User uses the Website. For this purpose, information about the User’s navigation path or the time spent on a given page may be stored.
  7. The User has the right to decide on the access of cookies to their device by changing the settings in their web browser. Detailed information on the possibilities and methods of handling cookies is also available in the settings of the web browser software.

§ 6
ADDITIONAL SERVICES RELATED TO USER ACTIVITY ON THE WEBSITE

  1. The Website uses so-called social media plugins (“plugins”) from various social networking platforms. When displaying the webpage www.jackseo.io that contains such a plugin, the User’s browser establishes a direct connection with the servers of LinkedIn, Facebook, Twitter (X), and Instagram.
  2. The content of the plugin is transmitted by the respective service provider directly to the User’s browser and integrated into the Website. Through this integration, the service providers receive information that the User’s browser has displayed the www.jackseo.io page, even if the User does not have a profile with the respective provider or is not currently logged in. This information (including the User’s IP address) is transmitted by the browser directly to the provider’s server (some of which are located in the USA) and stored there.
  3. If the User is logged into one of the above-mentioned social media services, the respective provider may directly associate the visit to the www.jackseo.io website with the User’s profile on that social media platform.
  4. If the User uses a given plugin, for example by clicking the “Like” button or the “Share” button, the corresponding information will also be sent directly to the provider’s server and stored there.
  5. The purpose and scope of data collection, as well as the further processing and use of such data by the service providers, along with the User’s rights in this respect and the options for configuring settings to protect their privacy, are described in the respective provider’s privacy policy:
    1. https://www.facebook.com/policy.php
    2. https://policies.google.com/privacy?hl=pl&gl=ZZ.
    3. https://help.instagram.com/155833707900388,
    4. https://x.com/pl/privacy
    5. https://linkedin.com/legal/privacy-policy
  6. If the User does not want social media platforms to associate data collected during visits to the www.jackseo.io
  7. website directly with their profile on the respective platform, they must log out of that service before visiting www.jackseo.io. The User may also completely prevent plugins from loading on the Website by using appropriate browser extensions, such as script-blocking tools like “NoScript.”
  8. The Controller uses remarketing tools on its website, such as Google Ads and Meta Pixel, which involve the use of cookies provided by Google LLC and Meta Platforms Inc. related to their respective services. Through the cookie management mechanism, the User can decide whether the Controller may use Google Ads (external cookie administrator: Google LLC, based in the USA) and/or Meta Pixel (external cookie administrator: Meta Platforms Inc., based in the USA) in relation to them.

§ 7
FINAL PROVISIONS

  1. The Controller applies technical and organizational measures ensuring the protection of processed personal data appropriate to the risks and the category of data under protection. In particular, the Controller secures the data against unauthorized access, retrieval by unauthorized persons, processing in violation of applicable laws, as well as alteration, loss, damage, or destruction.
  2. The Controller implements appropriate technical measures to prevent unauthorized persons from acquiring or modifying personal data transmitted electronically.
  3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other applicable Polish laws shall apply accordingly.
  4. The Controller updates this Privacy Policy in connection with legal changes or the development of its business activities. Information about any modification of the Privacy Policy will be published at least 7 days before it takes effect on the Website and/or within the Application, or will be sent by e-mail to Users who use continuous Electronic Services (Account, License, Newsletter).
Terms and ConditionsPrivacy Policy
JackSEO - Privacy Policy