Legal

Privacy Policy

Last updated: 20 March 2026

1. Who We Are

GetMetaFix is operated by CodeHawks Limited, a company registered in England and Wales (Company No. 16095971). We provide an automated SEO audit tool, an AI-powered meta tag fix package, and a website monitoring subscription.

Contact: hello@getmetafix.com

CodeHawks Limited is the data controller for the personal data described in this policy. This policy is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect and Why

Website URLs submitted for auditing

When you enter a URL into our audit tool, we process that URL to perform the SEO analysis. URLs are processed in real time and are not stored in a persistent database after the audit session ends.
Legal basis: Legitimate interests (providing the core service you requested).

Email address

If you provide your email address to receive audit results or to set up website monitoring, we store your email to send you reports and service-related communications.
Legal basis: Contract (necessary to deliver the service you signed up for).

Payment information

Payments for the $29 fix package and $19/mo monitoring subscription are processed by Stripe, Inc. We never see, store, or process your card number. Stripe stores payment data under their own PCI-DSS compliant systems. We receive a transaction reference and your billing email from Stripe.
Legal basis: Contract (fulfilling your purchase).

Usage analytics

We use Vercel Analytics, which collects anonymised, aggregated data about page views and interactions. No personally identifiable information is associated with these analytics. No cookies are used.
Legal basis: Legitimate interests (understanding how our service is used to improve it).

IP address and browser information

Our hosting provider (Vercel) collects standard server logs including IP addresses and browser user-agent strings for security, debugging, and abuse prevention. These logs are retained for 30 days.
Legal basis: Legitimate interests (security and preventing misuse of the service).

3. International Data Transfers

Some of our third-party processors are based outside the UK. We ensure adequate safeguards are in place for all international transfers, typically through the UK Government's International Data Transfer Agreements (IDTAs) or equivalent adequacy mechanisms:

  • Stripe, Inc. (USA) — Payment processing. Stripe is certified under the UK-US Data Bridge and maintains Standard Contractual Clauses.
  • Twilio / SendGrid (USA) — Transactional email delivery (audit results, subscription receipts, monitoring alerts). We share your email address and the content of the notification only.
  • Vercel, Inc. (USA) — Website hosting, serverless functions, and edge network. Your IP and browser information are processed by Vercel's infrastructure.
  • Railway (USA) — Database hosting for monitoring subscription data (email address, monitored URL, subscription status).
  • OpenAI, LLC (USA) — AI processing. When you purchase the $29 fix package, your website's audit data (page structure, meta tag content) is sent to OpenAI to generate fix recommendations. OpenAI processes this data under our API agreement and does not use API inputs to train its models.

4. Cookies and Tracking

We use no third-party advertising cookies. Vercel Analytics operates on a cookieless basis. We may set a session cookie to maintain your audit results during your browser session; this cookie contains no personal data and expires when you close your browser.

This website complies with the Privacy and Electronic Communications Regulations (PECR).

5. Data Retention

  • Audit results: Stored in your browser session only (sessionStorage). Not retained on our servers after the session.
  • Email addresses (monitoring): Retained for the duration of your subscription plus 90 days after cancellation, to allow for reactivation and billing queries.
  • Payment records: Retained for 7 years as required by UK tax law.
  • Server logs: Retained for 30 days.

6. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may ask us to correct inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): You may ask us to delete your personal data where there is no compelling reason for us to continue processing it.
  • Right to restriction of processing: You may ask us to restrict how we use your data in certain circumstances (e.g. while a rectification request is being resolved).
  • Right to data portability: Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
  • Right to lodge a complaint with the ICO: If you believe we have not handled your data lawfully, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

To exercise any of your rights, please email hello@getmetafix.com. We will respond within one calendar month.

7. Security

All data is transmitted over HTTPS/TLS. Access to production systems is restricted to authorised personnel. We do not store payment card details. We apply the principle of data minimisation throughout the service.

8. Changes to This Policy

We may update this policy from time to time. If you have a monitoring subscription, we will notify you by email of any material changes at least 14 days before they take effect. The current version is always available at getmetafix.com/privacy.

9. Contact Us

For any questions about this Privacy Policy or your personal data, please contact:

CodeHawks Limited
Company No. 16095971
Email: hello@getmetafix.com