The protection of your personal data is our highest priority. This Privacy Policy explains the nature, scope, and purpose of the processing of personal data (hereinafter "data") in connection with our online services. This includes the associated website (www.searchsquare.ai), the web application (app.searchsquare.ai), all functions and content, as well as external online presences such as social media profiles. Your personal data is treated confidentially and processed strictly in accordance with applicable data protection regulations and the provisions of this Privacy Policy.
This Privacy Policy gives you a comprehensive overview of what happens to your personal data when you visit and use our website or web application. Personal data includes all information that can be used to personally identify you.
Data processing on this website and in the web application is carried out by the website operator. The contact details of the data controller can be found in the "Data Controller" section of this Privacy Policy.
Personal data is collected in two ways: first, data that you actively provide, e.g. by filling out a contact form or registering in the app; and second, data that is automatically collected or collected with your consent when you visit the website through the controller's IT systems. This primarily includes technical data (e.g. internet browser, operating system, or time of page access). This data collection occurs automatically as soon as you enter the website.
Some data is collected to ensure the error-free provision of the website and the application. Other data may be used to analyze your usage behavior in order to optimize our offering and tailor it to your needs.
In the course of the controller's business activities, it may be necessary to transfer personal data to third parties. Such transfers occur only under specific conditions: where disclosure is necessary to fulfill a contract, where a legal obligation exists, where a legitimate interest pursuant to Art. 6(1)(f) GDPR applies, or where another legal basis permits the transfer. Where external service providers are engaged for data processing, personal data is shared exclusively on the basis of a valid data processing agreement (DPA) pursuant to Art. 28 GDPR.
Certain data processing operations can only be carried out with your express consent. You may withdraw such consent at any time. The lawfulness of data processing carried out prior to the withdrawal is not affected by the withdrawal.
Where the processing of your personal data is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time to such processing on grounds relating to your particular situation. This also applies to profiling based on these provisions. Upon objection, the controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).
Where your personal data is processed for direct marketing purposes, you have the right to object at any time. Following your objection, the controller will no longer use your data for such purposes (objection pursuant to Art. 21(2) GDPR).
You have the right to lodge a complaint with a competent supervisory authority in the event of GDPR violations. Personal data processed automatically on the basis of consent or for the performance of a contract may be requested in a structured, commonly used, and machine-readable format. Upon request, direct transmission of such data to another controller is also possible, provided this is technically feasible.
Every data subject has the right to receive, free of charge, information about their stored personal data, its origin, recipients, and the purpose of processing. In addition, there is a right to rectification or erasure of such data, to the extent permitted by law.
You have the right to request restriction of the processing of personal data where the accuracy of the data is contested, the processing is unlawful, the data is no longer needed but is required for the establishment of legal claims, or where you have objected to processing pursuant to Art. 21(1) GDPR pending verification.
The data controller responsible for data processing on this website and in the web application within the meaning of the GDPR is:
searchsquare UG (haftungsbeschränkt)
Represented by: Raul Dahm Cardo
Rosenstraße 14
50678 Cologne
Germany
Website: www.searchsquare.ai
Email: info@searchsquare.ai
Phone: +49 172 7286149
We work with various data processors who process data on our behalf. These service providers are contractually obligated to treat data confidentially and to use it exclusively within the scope of the respective service. There are also cases where responsibility for data processing is shared with other parties. In such cases, responsibilities are transparently regulated and documented to ensure compliance with data protection requirements.
To ensure the transparency of this Privacy Policy, we primarily use terms as defined in the GDPR (Art. 4 GDPR). The most important terms are explained below:
Personal Data: Any information relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified directly or indirectly, in particular by reference to a name, identification number, location data, an online identifier (e.g. cookie), or one or more specific characteristics.
Processing: Any operation or set of operations performed on personal data, whether or not by automated means (e.g. collection, storage, use, transmission, deletion).
Controller: The natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.
Processor: A natural or legal person who processes personal data on behalf of the controller.
Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.
Device: An electronic device capable of accessing the internet and loading web pages (e.g. computer, laptop, tablet, smartphone).
This website is hosted on the servers of an external service provider to ensure reliable and secure use. Data processing by the hosting provider is carried out pursuant to Art. 6(1)(f) GDPR.
The hosting provider is:
Webflow, Inc.
398 11th Street, 2nd Floor
San Francisco, CA 94103, USA
Further information: https://webflow.com/legal/privacy
A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with Webflow. Webflow is certified under the EU–US Data Privacy Framework (DPF).
The SaaS application at app.searchsquare.ai is operated on a separate cloud infrastructure using the following service providers:
For hosting the application we use:
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy, L-1855 Luxembourg
Server location: Frankfurt am Main, Germany (EU region eu-central-1)
A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with AWS. Since the server location is in Germany, data processing takes place within the EU/EEA. AWS is also certified under the EU–US Data Privacy Framework (DPF). Further information: https://aws.amazon.com/privacy/
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a stable and secure app infrastructure) and Art. 6(1)(b) GDPR (performance of contract with registered users).
For storing application data in the web application we use:
MongoDB, Inc.
1633 Broadway, 38th Floor, New York, NY 10019, USA
As MongoDB Inc. is based in the USA, a transfer of personal data to the USA cannot be excluded. The transfer is based on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR, which ensure an adequate level of protection for your personal data. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with MongoDB. Further information: https://www.mongodb.com/legal/privacy-policy
Legal basis: Art. 6(1)(b) GDPR and Art. 46(2)(c) GDPR (Standard Contractual Clauses).
The processing of your personal data is carried out on the basis of the GDPR and other relevant legal provisions. Depending on the purpose of processing, different legal bases apply:
For certain processing operations, national regulations such as § 25 TTDSG (German Telecommunications and Telemedia Data Protection Act) also apply (e.g. for the storage of cookies or access to information on your device). The applicable legal bases are explained in the specific sections of this Privacy Policy.
If tools from companies based in data protection-unsafe third countries are used on this website or in the application, or if US-based tools are used whose providers are not certified under the EU–US Data Privacy Framework (DPF), your personal data may be transferred to and processed in these countries. For the USA as an unsafe third country, a level of data protection comparable to that in the EU is not generally guaranteed. Data transfers to the USA are therefore only permissible if the recipient either holds certification under the EU–US Data Privacy Framework (DPF) or provides adequate additional safeguards (e.g. Standard Contractual Clauses). Detailed information on transfers to third countries can be found in the respective sections of this Privacy Policy.
Unless a specific retention period has been specified within this Privacy Policy, personal data will remain with the controller until the purpose for its processing ceases to apply. If a legitimate request for deletion is made or if consent to data processing is withdrawn, the data will be deleted unless there are other legally permissible reasons for continued storage (e.g. statutory retention periods under tax or commercial law).
The controller stores personal data only for as long as is necessary to fulfill the respective purposes. Where processing is based on consent, data is stored until that consent is withdrawn, after which data will be promptly deleted, unless statutory retention obligations or other overriding legal grounds apply.
Comprehensive technical and organizational measures (TOMs) are implemented to effectively protect your personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure. Only the data strictly necessary for each purpose is collected and processed (data minimization). Security measures are continuously updated in line with the state of the art.
In addition to the general security measures described above, the following measures apply specifically to Google user data accessed through Google API Services: All Google user data is encrypted in transit using TLS/SSL and encrypted at rest using industry-standard encryption. OAuth access tokens and refresh tokens are stored in encrypted form and are accessible only to the application's backend services. Access to Google user data within our systems is restricted to authorized personnel on a strict need-to-know basis. We do not store Google user data on end-user devices. We regularly review and update our security practices to ensure they remain aligned with current best practices and the requirements of the Google API Services User Data Policy.
To protect the security of your data during transmission, state-of-the-art encryption methods (SSL/TLS) are used via HTTPS. You can recognize an encrypted connection by the address bar of your browser changing from "http://" to "https://" and by the padlock symbol displayed in your browser's address bar.
If, after entering into a paid contract, there is an obligation to transmit payment data (e.g. account number for direct debit authorization), such data transmission is carried out in encrypted form. The use of SSL/TLS ensures that payment data is handled securely and confidentially.
Each time you access the website, general information is automatically collected that your browser transmits to the server. This information is stored in so-called log files and includes:
This data is stored for security purposes and to ensure a smooth connection. Under no circumstances is this data used to draw conclusions about your identity. Stored data is anonymized or deleted unless statutory retention obligations apply.
Legal basis: Art. 6(1)(f) GDPR
This website uses cookies. These are small files that your browser automatically creates and stores on your device when you visit the site. Cookies do not cause any damage to your device and do not contain viruses, trojans, or other malware.
Cookies are used to make your use of our offering more convenient. Session cookies are used that are automatically deleted after you leave the site, as well as temporary cookies stored for a defined period. Additionally, cookies are used to statistically record the use of the website and to optimize the offering.
Most browsers accept cookies automatically. You can configure your browser to prevent cookies from being stored on your computer. However, completely disabling cookies may prevent you from using all features of the website.
Legal basis: Art. 6(1)(f) GDPR; for consent-requiring cookies Art. 6(1)(a) GDPR
This website uses a Cookie Consent Banner to manage your consents to the use of cookies. The provider is:
CookieYes Limited
3 Warren Yard, Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom
Further information: https://www.cookieyes.com/privacy-policy/
The Cookie Consent Banner sets a technically necessary cookie to store your cookie preferences. This cookie stores exclusively your chosen settings, including consent or refusal of certain cookies, time of consent, and storage duration. You can change your settings at any time in the cookie settings of this website.
Legal basis: Art. 6(1)(f) GDPR; where consent has been obtained Art. 6(1)(a) GDPR
For any inquiries, you may contact us via the form provided on this website. Required fields are: first name, last name, email address, website, message.
Data processing for the purpose of making contact is carried out pursuant to Art. 6(1)(a) GDPR on the basis of voluntarily granted consent. The personal data collected will be deleted once the inquiry has been resolved.
You may direct inquiries to the controller by email or phone. The personal data transmitted in this context (e.g. name, email address, phone number, and the inquiry itself) will be processed and stored by the controller solely for the purpose of handling the inquiry and any follow-up questions.
Legal basis: Art. 6(1)(b) GDPR for contract-related inquiries; otherwise Art. 6(1)(f) GDPR.
You may direct inquiries to the controller via WhatsApp. Please note that WhatsApp stores transmitted data on servers in the USA. Therefore, no sensitive information should be shared via this channel. The personal data you transmit (e.g. name, phone number, and the inquiry itself) will be processed and stored solely for the purpose of handling your inquiry.
Legal basis: Art. 6(1)(b) GDPR for contract-related inquiries; otherwise Art. 6(1)(f) GDPR.
WhatsApp Privacy Policy: https://www.whatsapp.com/legal/
The use of the contact details published in the legal notice for the transmission of unsolicited advertising and informational materials is hereby prohibited. The operator expressly reserves the right to take legal action in the event of violations.
You may register on the website or in the web application. The data entered will be used by the controller only for the purpose of using the respective offering or service for which registration is made. All mandatory fields required during registration must be completed in full.
Within the SaaS platform, the following data is processed: registration data (name, email address), access credentials, platform usage data, and contract and billing data.
Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (performance of contract).
Users have the option to sign in using their Google account. In doing so, certain personal data is transmitted from Google to the website to facilitate the sign-in. This data is used exclusively to carry out and manage the sign-in and to provide the offered services.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google is certified under the EU–US DPF.
Privacy Policy: https://policies.google.com/privacy
Legal basis: Art. 6(1)(a) GDPR
The searchsquare web application (app.searchsquare.ai) integrates with Google API Services to provide core analytics features to registered users. Access to Google user data is requested only after the user explicitly grants permission via the Google OAuth consent screen. This section describes in detail how searchsquare accesses, uses, stores, and shares Google user data.
searchsquare requests read-only access to two Google services:
Google Search Console (Scope: auth/webmasters.readonly)
Through the Google Search Console API, we access the following data from the user's verified Search Console properties:
Google Analytics 4 (Scope: auth/analytics.readonly)
Through the Google Analytics 4 Data API, we access the following data from the user's GA4 properties:
We request only read-only access and do not modify, write, or delete any data in the user's Google Search Console or Google Analytics accounts.
Google user data obtained through the Google Search Console API and Google Analytics 4 API is used solely to provide the user-facing features of the searchsquare application. Specifically:
We do not use Google user data for any purpose other than providing and improving the user-facing features described above. In particular, we do not:
Google user data accessed through the Search Console API and Analytics API is stored on our application infrastructure hosted on Amazon Web Services (AWS) in the EU region (Frankfurt, Germany, eu-central-1) and in our MongoDB database infrastructure, as described in Section 5b of this Privacy Policy.
Google user data is stored only for as long as the user maintains an active account on the searchsquare platform and the OAuth connection to the respective Google service remains active. When a user disconnects their Google account from searchsquare or deletes their searchsquare account, the associated Google user data is deleted from our systems within 30 days.
OAuth access tokens and refresh tokens obtained through the Google OAuth process are stored encrypted at rest and are used exclusively to maintain the authorized API connection on behalf of the user. Tokens are revoked and deleted when the user disconnects the respective Google service or deletes their searchsquare account.
Google user data is not shared with, transferred to, or disclosed to any third parties, except for the infrastructure service providers necessary to operate the searchsquare application (Amazon Web Services and MongoDB, as described in Section 5b of this Privacy Policy). These providers act as data processors under data processing agreements (DPAs) pursuant to Art. 28 GDPR and process data exclusively on our behalf and according to our instructions.
We do not allow any third party to read individual Google user data. Access to Google user data within our organization is restricted to authorized personnel and only permitted in the following cases:
Google user data obtained through the Google Search Console API and Google Analytics 4 API is not used for training, developing, or improving any artificial intelligence or machine learning models. This applies to both our own models and any third-party models. Google user data is used exclusively to provide the user-facing analytics features described in this Privacy Policy.
You can revoke searchsquare's access to your Google user data at any time by:
Upon revocation, we will cease accessing your Google user data and delete the stored Google user data from our systems within 30 days.
You may also request deletion of your Google user data at any time by contacting us at info@searchsquare.ai. We will process such requests without undue delay and no later than 30 days after receipt of the request.
searchsquare's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In accordance with the Limited Use requirements:
Legal basis: Art. 6(1)(a) GDPR (explicit consent granted via the Google OAuth consent screen) and Art. 6(1)(b) GDPR (performance of contract with registered users).
If you wish to subscribe to the newsletter offered on the website, the controller requires a valid email address from you as well as information that allows verification that you are the owner of the email address provided and that you agree to receive the newsletter (double opt-in procedure). No further data is collected.
The consent given can be withdrawn at any time, e.g. via the "unsubscribe" link in the newsletter or by contacting the controller.
Legal basis: Art. 6(1)(a) GDPR
The newsletter is sent via the provider Mailchimp:
The Rocket Science Group LLC d/b/a Mailchimp
675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
Email addresses of newsletter recipients and other data are stored on Mailchimp's servers in the USA. Mailchimp uses this information to send and evaluate newsletters on behalf of the controller. The Rocket Science Group LLC d/b/a Mailchimp is certified under the EU–US Data Privacy Framework (DPF). Further information: https://mailchimp.com/legal/privacy
Analytics and tracking tools are used to ensure the needs-based design and continuous optimization of this website. Where appropriate consent has been obtained, processing is carried out on the basis of Art. 6(1)(a) GDPR. This consent can be withdrawn at any time.
Google Ads Tracking is used to measure the effectiveness of advertising campaigns. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Information about your usage is generally transmitted to Google servers in the USA. Google is certified under the EU–US DPF. Further information: https://policies.google.com/privacy
Google Ads Remarketing is used to serve targeted advertising to users who have previously visited this website. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google is certified under the EU–US DPF. Further information: https://policies.google.com/privacy
Google Analytics is used, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to enable analysis of your use of the website. Google is certified under the EU–US DPF. Further information: https://policies.google.com/privacy
Google Conversion Tracking is used to measure the effectiveness of advertisements. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google is certified under the EU–US DPF. Further information: https://policies.google.com/privacy
The Google Tag Manager is used, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not use cookies and does not collect personal data. The tool triggers other tags which may in turn collect data. Google is certified under the EU–US DPF. Further information: https://policies.google.com/privacy
A Content Delivery Network (CDN) is used to optimize loading times. In this context, personal data such as IP addresses may also be processed.
Webflow, Inc.
398 11th Street, 2nd Floor, San Francisco, CA 94103, USA
Further information: https://webflow.com/legal/privacy
Legal basis: Art. 6(1)(a) GDPR; consents can be withdrawn at any time.
The controller collects and processes address data to send postal advertising for products and services. This processing is carried out on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR. If you no longer wish to receive postal advertising, you have the right to object at any time by email, phone, or post.
Personal customer and contract data is collected, processed, and used for the establishment, substantive execution, and modification of contractual relationships. This may include name, address, email address, phone number, and, depending on the payment method chosen, also payment information. Usage data is only collected to the extent necessary to enable the user to use the service or to process billing.
Legal bases: Art. 6(1)(b) GDPR (performance of contract), Art. 6(1)(c) GDPR (legal obligations), Art. 6(1)(f) GDPR (legitimate interests).
Customer data collected will be deleted after completion of the order or termination of the business relationship and expiration of any applicable statutory retention periods.
When entering into contracts for services or digital content, the controller collects and processes your personal data to fulfill contractual obligations. This data includes in particular contact information such as name, address, email address, as well as relevant information regarding the use of the services or digital content.
Legal bases: Art. 6(1)(b) GDPR, Art. 6(1)(c) GDPR, and Art. 6(1)(f) GDPR.
The data collected will be deleted after the conclusion of the contractual relationship and expiration of any applicable statutory retention periods. Data is only shared with third parties (e.g. IT service providers) within the scope of contract performance and under contractual confidentiality obligations.
Third-party payment services are used on this website. When you make a purchase through the website, your payment data is processed directly by the respective payment service provider for the purpose of payment processing.
You have the option to pay for purchases via Stripe:
Stripe Payments Europe Ltd.
1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland
When using Stripe, your payment information is collected and processed directly by Stripe.
Privacy Policy: https://stripe.com/privacy
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
This website embeds external videos. These embeds are provided by third parties which may process personal data when you use their services.
Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) and (f) GDPR.
Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA. When visiting a page containing Vimeo videos, a connection is established with Vimeo's servers. Information about your usage, including your IP address, is transmitted to Vimeo. Vimeo is certified under the EU–US DPF. Further information: https://vimeo.com/privacy
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When visiting a page containing YouTube videos, a connection is established with YouTube's servers. Google is certified under the EU–US DPF. Further information: https://policies.google.com/privacy
An automation tool is used to optimize workflows and efficiently manage recurring tasks.
Zapier Inc., 548 Market St, San Francisco, CA 94104, USA. Personal data such as email addresses and other information required for automation may be transmitted to Zapier. Zapier is certified under the EU–US DPF.
Privacy Policy: https://zapier.com/privacy
Legal basis: Art. 6(1)(b) and (f) GDPR.
This website uses a website management tool to optimize the administration and maintenance of the website.
Webflow, Inc.
398 11th Street, 2nd Floor, San Francisco, CA 94103, USA
Further information: https://webflow.com/legal/eu-privacy-policy
Legal basis: Art. 6(1)(b) and (f) GDPR; consents can be withdrawn at any time.
This website uses an application form to enable applications for open positions. The following personal data is collected and processed as part of the application form: personal contact details (name, address, email address, phone number), application documents (CV, cover letter), certificates and qualifications, and other voluntary information.
The data collected is used exclusively for the purpose of processing the application. Application documents are stored until the end of the application process and for a maximum of six months thereafter, unless explicit consent has been given for longer storage. After that, data is deleted unless statutory retention obligations prevent deletion.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interests), and Art. 6(1)(a) GDPR (consent) where required.
You have the following rights with respect to your personal data vis-à-vis the controller:
To exercise your rights, please contact: info@searchsquare.ai
You have the right to lodge a complaint with a competent supervisory authority in the event of GDPR violations. The supervisory authority responsible for us is:
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW)
Kavalleriestraße 2–4, 40213 Düsseldorf, Germany
www.ldi.nrw.de
If you are a resident of California, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These include the right to know what personal information is collected about you, the right to delete personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising your privacy rights.
We do not sell your personal information to third parties. If you wish to exercise any of your rights under California law, please contact us at: info@searchsquare.ai
Residents of other US states (including Virginia, Colorado, Connecticut, and Texas) may have similar rights under applicable state privacy laws. We will honor verifiable requests to access, correct, or delete your personal data regardless of your state of residence.
This Privacy Policy may be updated as necessary to reflect changes in our data processing practices or legal requirements. We recommend reviewing this Privacy Policy regularly. Last updated: March 2026.
%20(1).svg){kind=small}
searchsquare UG (haftungsbeschränkt)
Rosenstraße 14
50678 Köln
Mail: info@searchsquare.ai
Tel.: +49 172 72 86 149