Privacy Policy
Last updated: 2026-07-11
Who we are
Crawl Compass is an SEO services agency based in Jakarta, Indonesia. Recrawl (at recrawl.co) is the tool we use to deliver SEO services to our clients. This page describes how Recrawl handles your data.
What data we collect
- Account information: your name, email address, and (when using email and password sign-in) a scrypt-hashed password. This is the minimum needed to identify you when you sign in.
- Session data: when you sign in we set a session cookie scoped only to the Recrawl domain. The session record (IP address, user agent, last activity) is stored in our Postgres database for 7 days, then automatically expires.
- Google sign-in (optional):if you click "Continue with Google" we request the basic scopes
openid email profileonly. We use these to confirm your email address matches a pre-existing invite in our system. We do NOT request access to your Gmail, Drive, Calendar, or any other Google service via this sign-in path. - Google Search Console and Google Analytics 4 data (optional, per-client): if you are a Crawl Compass client and you connect your GSC and GA4 properties via the integrations page, we request the scopes
webmasters.readonlyandanalytics.readonly. These let us read your search performance and traffic data to display it in your dashboard. Your refresh tokens are encrypted at rest using AES-256-GCM with per-provider HKDF-derived keys. Tokens never leave our server, we never share them with third parties, and you can revoke them at any time via your Google account settings.
Google API Services: Limited Use
Recrawl's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide and improve the analytics features you connect. We do not transfer this data to others except as necessary to provide those features, to comply with law, or as part of a merger or acquisition. We do not use it for advertising, and no humans read it except where you give consent, for security, to comply with law, or in aggregated and anonymized form.
How we use your data
- To let you sign in to the dashboard.
- To display your SEO performance metrics (rankings, traffic, AI visibility, and more).
- To generate the reports our team uses during client review meetings.
- To detect and prevent unauthorized access (rate limiting, audit logging).
What we do NOT do
- We do NOT sell your data.
- We do NOT use your data for advertising.
- We do NOT use your GSC or GA4 data to train AI models. Your data stays in our database for your reports only.
- We do NOT send your data to third-party SaaS analytics platforms (no Hotjar, no Mixpanel, no Segment).
Where your data lives
Our infrastructure is a dedicated server in Singapore. Encrypted offsite backups use client-side AES-256 encryption with object-lock retention. All data stays within the Singapore region, except for transit through Cloudflare's global network for performance and security.
Retention
- Session records: auto-deleted after 7 days of inactivity.
- Audit log (sign-in events, OAuth grants, security actions): retained 90 days hot plus a 2-year cold archive.
- GSC and GA4 historical snapshots: retained for the lifetime of the client relationship. Deleted within 30 days of contract termination.
- OAuth refresh tokens: deleted within 30 days of contract termination, or immediately if you revoke access via your Google account.
Your rights
You can request a copy of your data, request deletion, or revoke OAuth access at any time by emailing [email protected]. We respond within 30 days.
Contact
Crawl Compass, [email protected]
Jakarta, Indonesia