IndexPilot

Privacy Policy

Last updated: March 25, 2026

IndexPilot ("we", "us", "our") operates the website indexpilot.app and the IndexPilot Chrome Extension (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you register, we collect your name, email address, and password (hashed). If you sign in via Google OAuth, we receive your name, email, and profile picture from Google.
  • Profile Information: Phone number and other optional details you add to your profile.
  • Payment Information: When you purchase credits or subscribe, payment is processed by Stripe. We do not store your full credit card number. We receive a Stripe customer ID, subscription status, and transaction records.
  • URLs and Site Data: URLs you submit for indexing, site domains you register, sitemaps you import, and indexing job results.
  • Support Communications: Messages you send via our contact form or email.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, submission counts, and timestamps.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: We use cookies for authentication sessions, theme preferences, and analytics. See our Cookie Policy for details.

1.3 Information from Third-Party Services

  • Google OAuth: When you sign in with Google, we access your Google account email, name, and profile picture. We request these scopes: openid, email, profile.
  • Google Search Console: If you connect your Google Search Console, we access URL inspection data, search analytics (clicks, impressions, CTR, position), and sitemap information for sites you authorize. We access this data using the webmasters.readonly scope via a platform service account you grant access to.
  • Stripe: Payment processing data including transaction history, subscription status, and billing details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Submit your URLs to search engines (Google, Bing, Yandex, and others via IndexNow)
  • Check and report the indexing status of your URLs
  • Process payments and manage your subscription
  • Send transactional emails (verification, password reset, submission receipts)
  • Send optional notification emails (indexing digests, failure alerts) that you can configure
  • Provide customer support
  • Monitor and improve the Service
  • Detect and prevent fraud or abuse

3. Google API Services User Data Policy

IndexPilot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Google user data to provide and improve the IndexPilot Service as described in this policy.
  • We do not sell Google user data to third parties.
  • We do not use Google user data for advertising purposes.
  • We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes, (c) it is required by law, or (d) the data is aggregated and anonymized for internal operations.
  • Google Search Console data is used solely to display search analytics and verify site ownership within your IndexPilot dashboard.

4. Chrome Extension

The IndexPilot Chrome Extension accesses the following:

  • Active Tab URL: To submit the current page for indexing or check its index status. This data is sent to the IndexPilot API only when you initiate an action.
  • All Open Tabs: For bulk submission. Tab URLs are read only when you use the "Bulk" feature and are not stored locally or transmitted until you click submit.
  • Storage: To save your API key and server URL locally in Chrome's storage. This data stays on your device.
  • Context Menus: To add "Submit to IndexPilot" and "Check Index Status" right-click options.

The extension communicates only with indexpilot.app (or a custom server URL you configure). It does not collect analytics, track browsing history, or send data to any third party.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

  • Search Engines: URLs you submit are sent to Google (via Indexing API), Bing, Yandex, Seznam, and Naver (via IndexNow protocol). Only the URL is transmitted — no personal information.
  • Payment Processor: Stripe processes your payments. See Stripe's Privacy Policy.
  • Email Provider: We use SMTP services to send transactional emails (verification, password reset). Only your email address and the email content are transmitted.
  • Legal Requirements: We may disclose data if required by law, court order, or government request.

6. Data Security

  • Passwords are hashed using bcrypt with 12 rounds before storage.
  • API keys are stored as SHA-256 hashes. The original key is shown only once at creation.
  • All connections use HTTPS/TLS encryption.
  • Database access is restricted to the application server.
  • Admin access requires email, password, and a separate PIN.

While we implement commercially reasonable security measures, no method of transmission over the Internet is 100% secure.

7. Data Retention

  • Account Data: Retained as long as your account is active. You can request deletion at any time.
  • Submission History: URL submission records are retained based on your plan (7 days for Free, 90 days for Pro, unlimited for Enterprise).
  • Indexing Jobs: Job records are retained for 90 days after completion.
  • Payment Records: Retained for 7 years as required by tax and accounting regulations.

8. Your Rights

You have the right to:

  • Access: Request a copy of your personal data.
  • Correction: Update inaccurate information via your Settings page.
  • Deletion: Request deletion of your account and associated data by contacting us.
  • Data Portability: Request your data in a structured, machine-readable format.
  • Revoke Google Access: You can revoke IndexPilot's access to your Google account at any time via Google Account Permissions.

9. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. International Data Transfers

Your data may be processed on servers located outside your country of residence. By using the Service, you consent to the transfer of your data to our servers. We take appropriate safeguards to protect your data in compliance with applicable laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us: