IndexPilotBack to Home

Privacy Policy

Last updated: February 21, 2026

1. Introduction

IndexPilot ("we," "us," or "our") operates the IndexPilot platform, a service that helps website owners submit URLs to search engines, track indexing status, and automate indexing workflows. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By accessing or using IndexPilot, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect the following personal information:

  • Name — Your full name as provided during registration.
  • Email address — Used for authentication, notifications, and communication.
  • Password — Stored only in hashed form using bcrypt. We never store your plaintext password.
  • Google account information — If you choose to sign in via Google OAuth, we receive your name, email address, and profile picture from Google.

2.2 Site and URL Data

To provide our indexing services, we collect and store data related to your websites and URLs:

  • Domains — The website domains you register with IndexPilot.
  • URLs submitted — The specific URLs you submit for indexing across search engines.
  • Sitemaps — Sitemap URLs and their contents that you provide or that we discover for your sites.
  • Indexing status results — The results of indexing checks and submissions, including timestamps, search engine responses, and status codes.

2.3 Integration Data

When you connect third-party services, we store the following credentials, all of which are encrypted at rest:

  • Google Search Console tokens — OAuth access and refresh tokens, encrypted using AES-256-GCM.
  • Bing Webmaster API keys — Your Bing API credentials, encrypted using AES-256-GCM.
  • Service account credentials — Google service account JSON key files used for the Google Indexing API, encrypted using AES-256-GCM.

2.4 Usage Data

We automatically collect information about how you use IndexPilot:

  • Submission counts — The number of URLs submitted per period, broken down by search engine.
  • Feature usage — Which features you use, such as automation rules, bulk uploads, and sitemap monitoring.
  • API call logs — Records of API requests made through your API keys, including timestamps and endpoints accessed.

2.5 Technical Data

When you access IndexPilot, we may automatically collect technical information:

  • IP address — Used for security, rate limiting, and fraud prevention.
  • Browser type and version — Collected to ensure compatibility and diagnose issues.
  • Device information — Operating system, screen resolution, and device type.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and operate the service — To create and manage your account, authenticate your sessions, and deliver the core indexing features.
  • Submit URLs to search engines — To submit your URLs to Google, Bing, and other search engines via their respective APIs and the IndexNow protocol.
  • Check indexing status — To query search engine APIs and determine whether your URLs have been indexed.
  • Process payments — We share necessary billing information with Stripe to process subscription payments securely.
  • Send transactional emails — We use Resend to deliver account-related emails such as welcome messages, password resets, and indexing reports.
  • Improve our service — To analyze usage patterns, identify bugs, optimize performance, and develop new features.

4. Data Sharing

We share your information only with the following third parties, and only to the extent necessary to provide our services:

  • Search engine APIs — When you submit URLs for indexing, those URLs are shared with Google, Bing, and other search engines via their APIs and the IndexNow protocol. This is required for the core functionality of our service.
  • Stripe — We share billing-related information (name, email, payment method details) with Stripe to process your subscription payments. Stripe's handling of your data is governed by their own privacy policy.
  • Resend — We share your email address with Resend to deliver transactional emails. Resend's handling of your data is governed by their own privacy policy.

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

5. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption at rest — All sensitive credentials, including Google Search Console tokens, Bing API keys, and service account credentials, are encrypted using AES-256-GCM before being stored in our database.
  • Encryption in transit — All data transmitted between your browser and our servers is protected using HTTPS (TLS 1.2 or higher).
  • Password hashing — User passwords are hashed using bcrypt with an appropriate cost factor. We never store plaintext passwords.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data according to the following guidelines:

  • Active accounts — Your account information, site data, and integration credentials are retained for as long as your account remains active.
  • Plan-based history limits — Indexing history and submission logs are retained based on your subscription plan: 7 days for Free, 90 days for Pro, and unlimited for Enterprise.
  • Deleted accounts — When you delete your account, all associated personal data, site data, and integration credentials are permanently removed from our systems within 30 days. Some anonymized, aggregated data may be retained for analytics purposes.

7. Your Rights

You have the following rights regarding your personal data, subject to applicable law:

  • Right to access — You can request a copy of the personal data we hold about you.
  • Right to export — You can export your site data, URL history, and account information through the settings page.
  • Right to delete — You can delete your account and all associated data at any time from your account settings.
  • Right to object — You can object to certain processing of your data, such as usage analytics.

To exercise any of these rights, please contact us at privacy@indexpilot.com.

8. Cookies

IndexPilot uses cookies primarily for authentication and session management. We use session cookies to keep you signed in and to protect against cross-site request forgery (CSRF) attacks.

For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

9. Third-Party Services

IndexPilot integrates with the following third-party services. Each service has its own privacy policy governing their handling of your data:

  • Google APIs — Including Google Search Console API and Google Indexing API, used for index status checks and URL submissions.
  • Bing Webmaster APIs — Used for URL submissions and index status checks on Bing.
  • IndexNow endpoints — Used to notify supporting search engines (Bing, Yandex, Seznam, Naver) of new or updated URLs.
  • Stripe — Used for secure payment processing and subscription management.
  • Resend — Used for delivering transactional emails.

10. Children's Privacy

IndexPilot is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe that a child under 16 has provided us with personal information, please contact us at privacy@indexpilot.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by email at the address associated with your account at least 14 days before the changes take effect.

We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices. The "Last updated" date at the top of this page indicates when this policy was last revised.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: