Legal // Privacy

Privacy
Policy

Written in plain English. We tell you exactly what we collect, why, and what you can do about it — without the usual 4,000 words of boilerplate.

Effective: 1 March 2026

Last updated: 14 March 2026

GDPR compliant

The short version: We collect your name and email when you submit a form. We use Google Analytics to see which pages are popular. We don’t sell your data. We don’t send spam. You can ask us to delete everything about you at any time. That’s really it — the sections below just explain each point in the detail required by law.

Who We Are

IndxQ (“IndxQ”, “we”, “us”, “our”) is a technical SEO publication and consultancy operating at indxq.com. We produce in-depth guides on WordPress SEO, local SEO, affiliate site growth, technical audits, and related topics, and we offer free SEO audit services to site owners.

For the purposes of UK and EU data protection law, IndxQ is the data controller — meaning we determine how and why personal data is processed. Our full contact details are in Section 12.

This policy applies to all personal data collected through indxq.com, our email communications, and any audit or consultation services we provide. It does not apply to third-party websites we link to — please review their privacy policies separately.

What We Collect

We only collect data that serves a specific, documented purpose. Here is everything we collect and how it arrives:

Data	How Collected	Purpose
Name (first + last)	Contact / audit request forms	Addressing you in correspondence; personalising audit reports
Email address	Contact forms, newsletter sign-up	Delivering requested audits; sending newsletter (with consent)
Website URL	Audit request forms	Running the requested SEO / speed / local audit
Business details	Audit forms (optional fields)	Contextualising audit recommendations (hosting, theme, plugins)
Message content	Contact forms, email replies	Responding to enquiries; providing the requested service
IP address	Automatically — server logs + analytics	Security (abuse prevention); approximate geographic analytics
Browser & device type	Automatically — Google Analytics	Understanding how visitors access the site; improving mobile UX
Pages visited, referrer, session duration	Automatically — Google Analytics	Understanding content performance; improving the site
Cookie identifiers	Automatically — see Section 5	Analytics session tracking; remembering consent preferences

We do not collect: payment card information (we use no paid services on-site), government identification numbers, sensitive personal data (health, ethnicity, political views, biometrics), or data from children under 16 knowingly.

How We Use It

We use the data we collect for the following purposes only:

Delivering audit services. When you submit an audit request form, we use your name, email, website URL, and any details you provide to run your SEO, speed, or local audit and send you the results.
Responding to enquiries. Contact form submissions and email replies are used solely to respond to your message.
Newsletter delivery. If you subscribe to our newsletter, we use your email to send you SEO guides and update notifications. You can unsubscribe at any time via the link in every email.
Site analytics. Aggregated, anonymised analytics data (via Google Analytics 4) helps us understand which content is useful and how to improve the site. We do not use this data to identify individuals.
Security and fraud prevention. Server logs including IP addresses are retained for a short period to detect and block abusive traffic, spam submissions, and security threats.
Legal compliance. In certain circumstances we may be required to process or retain data to comply with a legal obligation.

What we do not do: We do not sell, rent, or trade your personal data to any third party for marketing purposes. We do not use your data for automated profiling or decision-making that produces legal or significant effects. We do not send unsolicited commercial email beyond the newsletter you opted into.

Legal Basis for
Processing

Under UK GDPR and EU GDPR, we must have a valid legal basis for each type of processing. Here is our basis for each:

Processing Activity	Legal Basis	Explanation
Delivering an audit you requested	Performance of a contract	You submitted a request for a service; processing your data is necessary to deliver it.
Responding to contact form enquiries	Legitimate interests	It is our legitimate interest to respond to people who contact us. Processing is minimal and expected.
Sending the newsletter	Consent	You explicitly opted in to receive the newsletter. You may withdraw consent at any time.
Google Analytics (anonymised)	Legitimate interests	Understanding aggregated site usage to improve content. Analytics are configured to anonymise IP addresses.
Security / server logs	Legitimate interests	Protecting the site and our users from abuse and security threats is a legitimate interest.
Legal compliance	Legal obligation	Where we are required by law to retain or disclose data (e.g. tax records, court orders).

Where we rely on legitimate interests, we have carried out a balancing test and concluded that our interests do not override your fundamental rights and freedoms. If you would like to see our legitimate interests assessment for any specific processing activity, please contact us.

Cookies &
Tracking

A cookie is a small text file placed on your device by a website. We use a minimal set of cookies — only those that serve a documented purpose. You can control cookies in your browser settings or via our cookie consent banner.

We do not use advertising cookies, Facebook Pixel, Google Ads remarketing tags, or any third-party tracking pixels. We do not use session recording tools (Hotjar, FullStory, etc.).

To opt out of Google Analytics across all websites, you can install the Google Analytics Opt-Out Browser Add-On. To manage all cookies, use your browser’s settings: Chrome, Firefox, Safari.

Third-Party
Services

We use a small number of third-party services to operate the site. Each is listed below with the data they receive and a link to their privacy policy.

Service	Purpose	Data Shared	Privacy Policy
Google Analytics 4	Site analytics	Anonymised IP, pages visited, device type, session data	policies.google.com
Google Fonts (self-hosted)	Typography	None — fonts are served from our own server, not Google’s CDN	N/A — no data transfer
WP Engine / Kinsta	WordPress hosting	All site data including form submissions; stored in their data centres (EU region)	See host privacy policy
Cloudflare	CDN, DDoS protection	IP addresses, request metadata (for security purposes only)	cloudflare.com
Mailchimp / ConvertKit	Newsletter delivery	Email address, first name (newsletter subscribers only)	See provider privacy policy
Contact Form 7	Form processing	Form submissions stored temporarily in WordPress database; emailed to us via SMTP	WordPress-hosted — our servers

We do not share your personal data with any other third parties. We do not sell data to data brokers, advertising networks, or marketing platforms. If we ever add a new third-party service that processes personal data, we will update this policy and, where required, seek your consent.

A note on affiliate links: Some links on IndxQ are affiliate links. Clicking an affiliate link may place a cookie on your device from the linked merchant (e.g. Ahrefs, WP Rocket). We do not receive any personal data when you click these links, and we have no control over the merchant’s tracking. Review the linked site’s privacy policy before purchasing.

Data Retention

We keep personal data only as long as necessary for the purpose it was collected, or as required by law. Specific retention periods:

Audit request form data — retained for 12 months from the date of submission, then deleted. This allows us to follow up if the audit was not completed and to improve our audit process.
General contact form enquiries — retained for 6 months from the date of last correspondence, then deleted from our email and WordPress database.
Newsletter subscriber data — retained until you unsubscribe, at which point your email is removed from our mailing list within 7 days. Suppression records (to prevent re-adding you) may be retained for longer.
Google Analytics data — retained for 14 months within Google Analytics, after which it is automatically deleted by Google. Our GA4 property is configured with the minimum retention window.
Server / access logs — retained for 30 days for security purposes, then automatically deleted by our hosting provider.
Financial and tax records — retained for 7 years as required by UK tax law (HMRC), even if your account is deleted. This applies only if a paid transaction occurred.

When retention periods expire, data is securely deleted or anonymised so it can no longer be attributed to an individual. You may request early deletion at any time under your rights in Section 8.

Your Rights

Under UK GDPR and EU GDPR you have the following rights regarding your personal data. These are real rights — not buried in a process designed to discourage you from using them. To exercise any of them, email us at privacy@indxq.com. We will respond within 30 days.

👁️

Right of Access

You can request a copy of all personal data we hold about you. We’ll send it in a readable format within 30 days, free of charge.

✏️

Right to Rectification

If any data we hold about you is inaccurate or incomplete, you can ask us to correct it. We’ll update it promptly.

🗑️

Right to Erasure

“The right to be forgotten.” You can ask us to delete all personal data we hold about you, subject to legal retention obligations.

🚫

Right to Restrict Processing

You can ask us to pause processing your data — for example while we verify a correction request or while you exercise other rights.

📦

Right to Data Portability

Where processing is based on consent or contract, you can request your data in a machine-readable format (CSV or JSON) to transfer elsewhere.

🛑

Right to Object

You can object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.

↩️

Right to Withdraw Consent

Where processing is based on consent (e.g. newsletter), you can withdraw it at any time via the unsubscribe link or by emailing us. Withdrawal does not affect prior processing.

⚖️

Right to Lodge a Complaint

You have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk or your national supervisory authority in the EU.

How to exercise your rights: Email privacy@indxq.com with the subject line “Data Rights Request” and tell us what you’d like. We may ask you to verify your identity before acting on a request to ensure we don’t disclose or delete someone else’s data by mistake. We will never charge a fee for exercising your rights unless a request is manifestly unfounded or excessive.

International Data Transfers

IndxQ is based in the United Kingdom. Our website is hosted on servers located in the European Economic Area (EEA). Most of your data never leaves the UK/EEA.

However, some of the third-party services we use may transfer data outside the UK/EEA, most notably Google (Analytics) and Cloudflare. Both operate under the UK-US Data Bridge and EU-US Data Privacy Framework respectively, which provide an adequate level of protection under UK and EU law.

Where data is transferred to countries without an adequacy decision, we ensure appropriate safeguards are in place — typically Standard Contractual Clauses (SCCs) as approved by the UK ICO and the European Commission.

If you would like details of the safeguards in place for any specific transfer, please contact us at privacy@indxq.com.

Children’s Privacy

IndxQ is a professional SEO resource intended for adults. Our services are not directed at, and we do not knowingly collect personal data from, children under the age of 16.

If you are a parent or guardian and believe your child under 16 has submitted personal data to us, please contact us immediately at privacy@indxq.com. We will delete the data promptly upon verification.

Policy Changes

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will always update the “Last updated” date at the top of this page.

For significant changes — such as a new purpose for processing, a new third-party data recipient, or changes to how we handle consent — we will notify newsletter subscribers by email and display a prominent notice on the site for 30 days.

We recommend bookmarking this page and reviewing it periodically. Your continued use of the site after a policy change constitutes acceptance of the updated terms, subject to any changes that require fresh consent.

Previous versions of this policy are available on request by emailing privacy@indxq.com.

Contact Us

If you have any questions about this policy, want to exercise your rights, or have a concern about how we handle your data, please get in touch. We aim to respond to all privacy enquiries within 5 working days and all formal rights requests within 30 days.

Data Controller

IndxQ Ltd.
Registered in England & Wales

Privacy Enquiries

privacy@indxq.com

General Contact

indxq.com/contact-us

Supervisory Authority

UK Information Commissioner’s Office
ico.org.uk · 0303 123 1113

Complaints: We always prefer to resolve privacy concerns directly. If you have a complaint, please email us first and we’ll do our best to address it. If we are unable to resolve it to your satisfaction, you have the right to escalate to the ICO (UK) or your national data protection authority (EU) at no cost to you.

WordPress SEO that actually ranks

Privacy
Policy

Who We Are

What We Collect

How We Use It

Legal Basis for
Processing

Cookies &
Tracking

Third-Party
Services

Data Retention

Your Rights

International Data Transfers

Children’s Privacy

Policy Changes

Contact Us

Sayed Iftekharul Haque — SEO Strategist & Web Designer

WordPress SEO that actually ranks

PrivacyPolicy

Who We Are

What We Collect

How We Use It

Legal Basis forProcessing

Cookies &Tracking

Third-PartyServices

Data Retention

Your Rights

International Data Transfers

Children’s Privacy

Policy Changes

Contact Us

Sayed Iftekharul Haque — SEO Strategist & Web Designer

Privacy
Policy

Legal Basis for
Processing

Cookies &
Tracking

Third-Party
Services