SEOVault AI Extension speed. Web app depth. WordPress focus.
Login Start Free
Legal

Data & Permissions

Last Updated: June 2026

This page explains what data the SEOVault AI Chrome Extension and web app access, why permissions are needed, whether data is stored and where, what website content is accessed during analysis, how screenshots and snippets work, and how the lightweight WordPress connector plugin is used.

What the Extension Does

SEOVault AI is a Chrome extension that opens as a side panel inside the WordPress post editor. It analyzes your draft content, provides SEO diagnostics, generates AI-assisted content, and helps with internal linking — all without requiring a WordPress plugin for the core extension workflow.

Why Permissions Are Needed

The extension requests the following permissions, each with a specific functional purpose:

storage

Used to save user preferences, configuration, and SEO Snippets locally in your browser. This data never leaves your machine.

tabs / activeTab

Used to detect when you are on a WordPress admin or editor page. The extension checks tabs only to identify WordPress pages and operate the side panel. We do not collect or store your general web browsing history.

scripting

Used to enable communication between the extension side panel and the Gutenberg editor. This allows the extension to read your draft content for analysis and inject generated content back into the editor.

host_permissions

Used to allow the extension to function on your WordPress installation domains. This permission is required so the extension can interact with your WordPress editor on your specific site URLs.

Whether Data Is Stored and Where

Local Storage (Extension)

  • User preferences and configuration — stored locally in your browser via the Chrome storage API
  • SEO Snippets — your research notes and highlighted text saved to the snippets notepad. Stored locally within your browser. This data never leaves your machine and is not transmitted to our servers or any third-party databases

Cloud Storage (Web App)

  • Account data — email address (via Google Authentication) and subscription status stored on our servers
  • Generated article history — saved to Firebase cloud storage for future access
  • Team/workspace data — invitations and role assignments stored on our servers

AI Processing

When you use AI-powered features, portions of your content or selected text are sent to external AI APIs (such as Gemini, OpenAI, Perplexity, Mistral) only to generate results. Data is processed on demand and is not used to train models. We do not sell, reuse, or distribute your content.

Google Search Console and Google Analytics Access

SEOVault AI accesses Google user data only after a workspace owner or administrator explicitly connects a Google account through Google OAuth and grants the requested permissions.

For this integration, SEOVault AI requests the following Google OAuth scopes:

  • openid
  • email
  • https://www.googleapis.com/auth/webmasters.readonly
  • https://www.googleapis.com/auth/analytics.readonly

SEOVault AI uses these scopes for read-only access. SEOVault AI does not write to, modify, or delete data inside a user's Google Search Console or Google Analytics account.

Data Accessed

When a user connects Google Search Console and Google Analytics, SEOVault AI may access, collect, or process the following Google user data:

  • Basic Google account information needed to identify the connected account, such as the connected Google account email address.
  • Search Console property metadata, such as site/property identifiers and permission level.
  • Search Console performance data for selected date ranges, including pages, queries, clicks, impressions, click-through rate, and average position.
  • Google Analytics 4 property metadata, including property IDs and display names.
  • Google Analytics 4 traffic and landing page data for selected date ranges, including landing page paths, session source, session medium, default channel group, sessions, engaged sessions, engagement rate, average session duration, bounce rate, conversions, and page views.
  • OAuth connection metadata, including granted scopes, connection timestamp, and an encrypted refresh token used to maintain the authorized connection.

Data Usage

SEOVault AI uses Google user data only to provide and improve user-facing SEO and AI Visibility features inside the user's workspace. This includes:

  • Allowing users to connect a Google account and select Search Console and Google Analytics properties for their workspace.
  • Mapping Search Console and Google Analytics properties to sites connected to the workspace.
  • Displaying Google Search Signals, SEO performance, traffic insights, top pages, landing pages, and observable AI referral summaries inside the AI Visibility feature.
  • Generating selected-page insights, including matching Search Console query data against the user's page content to identify SEO and AI-readiness opportunities.
  • Refreshing Google access tokens server-side when needed so the authorized connection continues to work until the user disconnects it.

SEOVault AI does not use Google user data to serve ads, for retargeting, for sale to data brokers, or to train SEOVault AI or third-party AI models.

Data Sharing

SEOVault AI does not sell Google user data and does not share Google user data with advertisers, data brokers, or unrelated third parties.

Google user data may be processed by service providers that help us operate SEOVault AI, such as hosting, database, infrastructure, monitoring, and security providers. These providers process data on our behalf only as needed to provide, secure, and maintain the service.

Within SEOVault AI, Google-derived data may be visible to authorized members of the same workspace according to the workspace's access controls.

We may disclose data when required by law or when necessary to protect users, prevent abuse, enforce our terms, or secure the service.

Data Storage and Protection

SEOVault AI stores Google connection records and selected Google-derived workspace summaries in our backend systems only as needed to provide the AI Visibility feature.

OAuth refresh tokens are encrypted before storage and stored in our backend database. Google access tokens are obtained server-side when needed and are not stored as part of the workspace connection record.

Google OAuth client credentials and token-encryption keys are stored as server-side secrets and are not exposed in the browser.

Traffic between the user's browser, SEOVault AI, our backend systems, and Google APIs is protected using HTTPS/TLS encryption.

We use access controls and operational safeguards designed to limit access to Google user data to the systems and personnel needed to provide, maintain, support, and secure the service.

Data Retention and Deletion

Temporary OAuth state records are deleted after use or expire after approximately 10 minutes.

The stored Google connection record, including the encrypted refresh token, connected email, granted scopes, and connection metadata, is retained until the workspace owner or administrator disconnects Google from the Connections page or requests deletion.

Disconnecting Google stops future access to Google Search Console and Google Analytics data and deletes the stored Google OAuth connection token record. Disconnecting Google does not automatically delete Google-derived summaries that were previously imported into the workspace.

SEOVault AI may retain previously imported Google-derived workspace summaries so the AI Visibility feature can show imported results and historical context. This may include site-to-property mappings, import logs, page-level Search Console metrics, selected-page query insight summaries, Google Analytics landing page metrics, referral/source summaries, and related AI Visibility summaries.

Users may request deletion of stored Google connection data and previously imported Google-derived workspace data by emailing support@seovaultai.com. After verifying the request, we will delete the relevant Google connection records and Google-derived workspace data, subject to legal, security, fraud-prevention, and backup retention obligations.

What Website Content Is Accessed During Analysis

When you use the extension on a WordPress post editor, it accesses:

  • Draft text
  • Headings and titles
  • Metadata (if present)
  • User-selected text

This access is used solely to provide SEO analysis, diagnostics, AI-assisted features, and internal link suggestions. We do not permanently store full article drafts, archive or reuse your content, or publish or share your drafts.

How Screenshots and Snippets Work

Screenshot Capture

The extension includes a screenshot utility accessible via right-click on any webpage. When you capture a screenshot:

  • Images are captured at 1200x628 resolution (WordPress post image size)
  • The screenshot is processed locally via your system clipboard
  • Screenshots are not uploaded to or stored on our servers
  • You can paste the screenshot directly into your WordPress post

SEO Snippets

The SEO Snippets notepad allows you to:

  • Save highlighted text from any webpage via right-click
  • Write and organize notes manually
  • Import and export all snippets at once

All snippet data is stored locally in your browser. It never leaves your machine.

How the Lightweight WordPress Plugin Is Used by the Web App

The web app uses an ultra-lightweight WordPress connector plugin for:

  • Secure API communication — the plugin acts as a bridge between the web app and your WordPress site
  • Publishing sync — enables the web app to fetch posts, save drafts, and push content to your WordPress site
  • Internal linking data — allows the web app to scan your site's posts for autolinking suggestions

The connector plugin is designed to be minimal — it adds almost no overhead to your WordPress site and exists solely for API communication. It does not add SEO features, analytics tracking, or any functionality beyond secure sync.

The extension does not require this plugin. The extension works directly with the WordPress editor without any WordPress-side installation.

Your Rights and Control

  • You may stop all data access by uninstalling the extension
  • You may clear locally stored preferences via your browser settings
  • You may disconnect the WordPress connector plugin at any time from your WordPress plugins page
  • If applicable, you may request access to or deletion of account-related data, including stored Google connection/import data, by contacting us

Contact

Questions about data handling or permissions?

support@seovaultai.com

Data Protection Officer: Nuri Ciftcioglu. For formal privacy inquiries or data deletion requests, please contact us at support@seovaultai.com.