Privacy Policy
Last updated: 14 May 2026
1. Who we are
KeywordHistory is operated by Riverforge Ltd, a company registered in England and Wales (company number 16827982), with its registered office at 3rd Floor, 86–90 Paul Street, London, EC2A 4NE, United Kingdom.
Riverforge Ltd is the data controller for personal data processed through keywordhistory.com (the “Service”). For privacy-related enquiries, contact us at privacy@keywordhistory.com.
This policy applies to all visitors, registered users, and paying subscribers of keywordhistory.com. It is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data we collect and why
2.1 Account data
When you register or sign in with Google we receive and store:
- Your Google account name and email address
- Your Google profile picture URL
- A Google account identifier (sub)
- OAuth access tokens and refresh tokens needed to call Google APIs on your behalf
Purpose: to create and maintain your account, authenticate you, and call Google APIs you have authorised.
Legal basis: performance of a contract (Art. 6(1)(b) UK GDPR).
2.2 Google API data — Search Console & BigQuery
Depending on the hosting mode you choose, we access the following Google APIs using OAuth scopes you explicitly grant:
Google Search Console (all plans)
Scope: https://www.googleapis.com/auth/webmasters.readonly
Read-only access to retrieve search analytics data (queries, pages, countries, devices, clicks, impressions, average position) for properties you have verified in Google Search Console. We never write to your Search Console account.
Guided & Expert plans — service-account mode (user-hosted)
No additional OAuth scopes are requested beyond the Search Console scope above. You create your own BigQuery dataset and grant our backend service account (backend-worker@keywordhistory.iam.gserviceaccount.com) access via the Google Cloud IAM console. Your data never leaves your own GCP project. We act as a data processor; you remain the data controller for that dataset. We never request broad Google Cloud access.
KeywordHistory's use of Google API data is limited to providing and improving the Service for you. We do not use Google Workspace data to serve advertising, share it with third parties for advertising, or allow humans to read your Google data except as needed to provide the Service or when required by law.
2.3 Search Console data stored on our infrastructure (Managed plan)
If you choose our Managed hosting option, we store your Search Console data (search queries, URLs, clicks, impressions, positions, dates, devices, countries) in a BigQuery dataset on our own Google Cloud project. This is the only mode in which we hold your raw keyword data. You can request deletion of this data at any time; see Section 7.
2.4 Billing & subscription data
Payments are processed by Stripe. We share your email address, a generated user ID, and plan metadata with Stripe. We store your Stripe customer ID and subscription ID in our database. We never store full card numbers or CVV codes; these go directly to Stripe.
2.5 Usage & workspace activity data
We log the following internal events for team accounts:
- Sites added or removed
- Team members invited, joined, removed, or had their role changed
- Site access grants and revocations
These logs are used to provide an audit trail to workspace administrators. They contain user IDs and action metadata, not personal communications.
2.6 Email communications
We send transactional emails (e.g., workspace invitations) via Resend. We share your email address with Resend for this purpose. We track email delivery events (sent, opened, clicked, bounced) using Resend's webhook system for operational purposes such as confirming delivery and diagnosing issues.
2.7 Technical & log data
Our hosting infrastructure (Vercel, Turso, Upstash) may capture standard server logs including IP addresses, browser user-agent strings, and timestamps. These are retained for security and operational diagnostics and are not linked to your profile for marketing purposes.
3. Cookies
We use the following cookies:
3.1 Essential / authentication cookies (first-party)
Set by NextAuth.js to manage your login session. These are strictly necessary and cannot be disabled without breaking the Service.
| Cookie name | Purpose | Duration |
|---|---|---|
| __Secure-next-auth.session-token | Maintains your authenticated session | 30 days |
| __Secure-next-auth.callback-url | Stores your post-login redirect destination | Session |
| __Secure-next-auth.csrf-token | Prevents cross-site request forgery attacks | Session |
| __Secure-next-auth.state | OAuth state parameter (security) | 15 minutes |
| __Secure-next-auth.pkce.code_verifier | OAuth PKCE security parameter | 15 minutes |
3.2 Analytics & advertising cookies (third-party)
We use Google Tag Manager (container ID: GTM-NWVLQRXK) to manage the following tracking tags. These cookies are set when you visit our marketing pages and may track your activity across other websites:
- Google Analytics 4 (GA4) — measures site traffic, user journeys, and feature usage. Sets
_ga,_ga_*cookies (up to 2 years). - Google Ads — conversion tracking and remarketing. Sets
_gcl_au,IDE, and related cookies. - LinkedIn Insight Tag — conversion tracking and retargeting for LinkedIn campaigns. Sets
li_sugr,bcookie, and related cookies (up to 2 years). - Meta Pixel — conversion tracking and retargeting for Facebook and Instagram campaigns. Sets
_fbp,_fbc, and related cookies (up to 90 days).
You can control or opt out of advertising cookies through your browser settings, the NAI opt-out tool, or by visiting Your Online Choices.
4. How we share your data
We do not sell your personal data. We share data only with the following sub-processors, and only to the extent necessary to operate the Service:
| Sub-processor | Purpose | Data shared | Location |
|---|---|---|---|
| Google LLC | OAuth authentication, Search Console API, BigQuery, Cloud hosting | OAuth tokens, Search Console data, site URLs | USA (SCCs) |
| Stripe Inc. | Payment processing | Email, user ID, plan metadata | USA (SCCs) |
| Resend Inc. | Transactional email delivery | Email address, email content | USA (SCCs) |
| Upstash Inc. | Background job queuing | Site IDs, user IDs, job parameters | USA/EU |
| Turso (ChiselStrike Inc.) | Database hosting | All user account data | EU (eu-west-1) |
| Vercel Inc. | Application hosting & CDN | HTTP request logs | USA/EU (SCCs) |
| Meta Platforms Ireland Ltd. | Advertising attribution | Pixel events (page views, conversions) | USA (SCCs) |
| LinkedIn Ireland Unlimited Company | Advertising attribution | Insight Tag events | USA (SCCs) |
SCCs = EU Standard Contractual Clauses are in place for transfers outside the UK/EEA.
5. Data retention
- Account data: retained for as long as your account exists. Upon account deletion we remove your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., Stripe billing records, which are retained for 7 years).
- Search Console data — user-hosted (Expert / Guided): we do not store your Search Console keyword data. It resides in your own BigQuery dataset. You retain full control and can delete it at any time.
- Search Console data — Managed hosting: retained in our BigQuery dataset while your subscription is active. It is automatically and permanently deleted 60 days after your paid subscription ends. You can request earlier deletion at any time; see Section 6.
- OAuth tokens: deleted from our database when your account is deleted or when you revoke Google access in your account settings.
- Workspace activity logs: retained for the lifetime of the workspace.
- Email delivery logs: retained for 12 months for operational diagnostics.
6. Your rights (UK GDPR)
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — request deletion of your personal data. You can do this by emailing privacy@keywordhistory.com or using the account deletion option in your account settings.
- Restriction — ask us to limit how we use your data while a complaint is being investigated.
- Portability — receive your data in a machine-readable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any right, email privacy@keywordhistory.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
7. Account and data deletion
You may request account deletion at any time by:
- Using the “Delete account” option in your account settings, or
- Emailing support@keywordhistory.com
On deletion we will:
- Cancel any active subscription (no automatic refund is given for unused days unless within the 14-day refund window described in the Terms of Service).
- Delete your account record, name, email, and OAuth tokens from our database within 30 days.
- For Managed hosting: delete your Search Console data from our BigQuery dataset immediately upon request.
- For user-hosted plans: your data in your own BigQuery remains under your control and is not affected.
You can separately revoke KeywordHistory's access to your Google account at any time via your Google Account permissions page. Revoking access will prevent the Service from syncing new data but will not delete data already in your BigQuery dataset.
8. Security
We implement appropriate technical and organisational measures to protect your personal data, including: TLS encryption in transit, encrypted database connections, httpOnly and Secure session cookies, CSRF protection, OAuth PKCE, and access controls on our cloud infrastructure. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
9. Children
The Service is not directed at children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at privacy@keywordhistory.com and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email and/or by a notice on the Service at least 14 days before they take effect. The “Last updated” date at the top of this page will always reflect the most recent version.
11. Contact us
For privacy-related questions or to exercise your data rights:
- Email: privacy@keywordhistory.com
- Post: Riverforge Ltd, 3rd Floor, 86–90 Paul Street, London, EC2A 4NE, United Kingdom