Privacy Policy
Overview
Seowolf is committed to protecting your privacy. This Privacy Policy explains what information is collected when you use the Seowolf Demographic Checker, how it is used, and your rights in relation to it. We follow a minimal data philosophy: we collect only what is strictly necessary for the Service to function.
Information We Collect
When you use the Service, the following data may be processed:
- Names submitted for analysis — processed transiently during your session and not persisted to any database after your session ends
- Session data — a temporary server-side session is created to support CSRF protection, rate limiting, and caching of prediction results within your visit
- IP address — used ephemerally for IP geolocation (to improve prediction accuracy) and rate limiting; not logged or stored beyond the current request
- Standard server logs — your web server may log request metadata (IP, timestamp, HTTP method, path) as is standard for any web server; these logs are retained according to your hosting provider's policy
What We Do NOT Collect
- No user accounts or registration
- No persistent tracking cookies or advertising cookies
- No third-party analytics scripts (Google Analytics, Facebook Pixel, etc.)
- No name lists or analysis results stored in a database
- No payment or financial information
- No biometric or sensitive personal data
Session Data & Cookies
The Service uses a server-side PHP session to maintain state during your visit. This session stores:
- A CSRF token to protect form submissions
- Cached prediction results for names you have already queried (to avoid redundant external API calls)
- Your detected country (from IP geolocation, if enabled) for contextual predictions
- A rate-limit counter to prevent abuse
The session is identified by a cookie named PHPSESSID which is set as HttpOnly, SameSite=Strict, and Secure (on HTTPS). This cookie is deleted when you close your browser or when the server session expires (typically 24 minutes of inactivity). No tracking or advertising cookies are set.
Third-Party Services
The Service communicates with external prediction APIs to return demographic estimates. Name data (first names only, stripped of surnames and salutations) is transmitted to these services as part of the prediction process. These services have their own privacy policies which govern their data handling. We encourage you to review them:
- Gender prediction service — processes first names to return gender probability
- Age prediction service — processes first names to return estimated age
- Nationality prediction service — processes first names to return nationality probability
- Country data service — provides country metadata (region, language, currency); no personal data transmitted
- IP geolocation service — processes your IP address to return a country estimate; see the service provider's privacy policy
We do not share full names, surnames, email addresses, or any other personal identifiers with any third party.
IP Geolocation
If IP geolocation is enabled, your IP address is sent to a geolocation provider to determine your approximate country. This is used solely to improve the accuracy of demographic predictions by providing regional context. The geolocation result (country name and code only) is stored in your server session for the duration of your visit and is not persisted. You may dismiss the GeoContext banner at any time to disable this feature for your session.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of access — request a copy of personal data we hold about you
- Right to erasure — request deletion of personal data
- Right to object — object to certain types of processing
- Right to portability — receive your data in a portable format
Given our minimal data collection approach, there is typically no persistent personal data to action. To exercise any right, contact us using the details in the Contact section below.
Data Retention
Session data is retained only for the duration of your browser session (or up to 24 minutes of server-side inactivity). No name data, analysis results, or IP geolocation data is retained after your session expires. Server access logs, if maintained by the hosting provider, are typically retained for 30–90 days.
Security
We implement reasonable technical measures to protect the Service, including CSRF tokens on all form submissions, rate limiting, session ID regeneration on first visit, HttpOnly and SameSite cookie attributes, and HTTP security headers (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy). However, no internet transmission is completely secure, and we cannot guarantee absolute security.
Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be reflected by a revised date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
Contact
For privacy-related enquiries, contact us via Instagram @seowolf_org or at seowolf.org. If you are located in the EU and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.