Last updated: 16 May 2026

Application: this privacy policy applies to the use of Sero, the applications, website, connections, and services offered by Sero.

At Sero, everything revolves around trust. We want you to be able to work, create connections, and use data with peace of mind, without having to worry about what happens behind the scenes with your information. Your data stays yours. In this privacy policy, we clearly explain which personal data and Google user data we process, why we do it, how long we keep data, with whom we may share data, and which choices and rights you have.

This policy also applies to data we receive when you sign in with Google via OAuth or when you add Google connections to Sero, such as Google Analytics, Google Search Console, or other Google services that you actively connect yourself.

1. Who is responsible for your data?

Sero is responsible for the processing of personal data within Sero, unless stated otherwise in a specific situation. This privacy policy is intended as a dedicated privacy policy for Sero and should be published on an HTML or rich-text web page on a domain owned by or verified by Sero.

We try not to make privacy more complicated than necessary. That is why we only process data that is necessary to make Sero work properly, securely, and reliably.

2. Which data do we process?

Depending on how you use Sero, we may process the following categories of personal data:

• account information, such as your name, email address, account ID, and profile photo;

• login and authentication data;

• data that you enter, upload, connect, or generate within Sero yourself;

• data from connections you activate yourself, for example statistics or property data from Google Analytics or Google Search Console;

• technical data, such as IP address, browser type, device and session data, log files, and security information;

• communication data, for example when you contact us;

• billing and administrative data, if applicable.
  
  

We do not collect more data than necessary for the purposes for which that data is processed. We do not store anything “just in case” if it is not needed for the operation, security, or support of Sero.

3. Google OAuth and Google user data

Sero uses Google OAuth 2.0 to allow users to sign in securely and to give users the option to add Google connections to Sero themselves. Think, for example, of connections with Google Analytics, Google Search Console, or other Google services supported within Sero.

You decide whether to add a Google connection. Without your consent, we do not request access to your Google account or Google services. When you make a connection, Google shows which permissions or scopes are being requested. Sero uses these permissions only for the functions for which you activate the connection.

3.1 Which Google data do we collect when you sign in with Google?

When you register or sign in via Google, we may receive and process the following Google user data:

• your first and last name;

• your email address;

• your profile photo, if available;

• your unique Google account ID, to the extent needed to securely link your Sero account to your Google sign-in.

We use this data to verify your identity, create your account, or let you sign in securely.

3.2 Which Google data do we process with Google connections?

If you voluntarily add a Google connection in Sero, we may — depending on the chosen connection and the scopes approved by you — retrieve or process data from that Google service. Examples include:

• Google Analytics account information, properties, data streams, reports, statistics, traffic data, conversions, and performance indicators;

• Google Search Console sites, verified properties, search performance, search queries, pages, impressions, clicks, positions, and technical indexing or performance data;

• basic data needed to show which Google account or property is connected to Sero;

• access and refresh tokens needed to make the connection technically work, insofar as Google provides them and as long as the connection is active.

The exact data depends on the connection you activate and the scopes for which you give consent. Sero only requests scopes that are necessary for the functionality you use. If a connection only needs read access, we do not request write access.

3.3 Examples of Google OAuth scopes

Depending on the functionality used, Sero may request access to scopes such as:

• openid, email, and profile for secure sign-in and basic profile data;

• Google Analytics scopes, for example to read Analytics accounts, properties, and reporting data;

• Google Search Console scopes, for example to read Search Console sites and search performance;

• other Google API scopes needed for future or additional connections within Sero.
  
  

When additional scopes are needed, we ask for separate consent via Google OAuth. We use Google data exclusively for the function for which you have given consent.

3.4 What do we use Google user data for?

We use Google user data only to provide, secure, and improve Sero for you as a user. Specifically, we use this data for the following purposes:

• to verify your identity;

• to create your account or let you sign in securely;

• to link your Sero account to your Google sign-in;

• to enable Google connections of your choice within Sero;

• to display connected Google data clearly in dashboards, reports, analyses, or workflows within Sero;

• to provide insights, recommendations, or automations based on the data you connect;

• to prevent technical errors, abuse, unauthorized access, and security incidents;

• to provide support when you contact us about your account or connections.

We do not use Google user data for purposes other than providing, securing, supporting, or improving Sero's user-facing functionality.

3.5 What do we not use Google user data for?

We never sell Google user data. We also do not use Google user data for:

• targeted advertising;

• personalized advertising;

• retargeting;

• interest-based advertising;

• sale to data brokers;

• transfer to information brokers or data resellers;

• creditworthiness assessments;

• lending or financing purposes;

• building external databases outside the functionality of Sero;

• training, enriching, or improving third-party AI models.
  
  

Google user data is not used for advertising purposes and is not transferred to third parties for advertising, data broker, or reselling purposes.

3.6 Sharing of Google user data

We do not share Google user data with third parties, except when this is strictly necessary for providing, securing, or supporting Sero, or when we are legally required to provide data.

Examples of parties that may process data on our behalf include:

• hosting and infrastructure providers;

• security and monitoring services;

• authentication or account management providers;

• support or administrative systems, insofar as necessary;

• AI or analytics providers that deliver functionality within Sero solely on our behalf, if needed for a function you use.

These parties may only process data according to our instructions, for the agreed purposes, and under appropriate contractual and security obligations. We do not allow these parties to sell Google user data or use it for their own advertising, reselling, or AI training purposes.

3.7 Google API Services User Data Policy

Sero's use and transfer of information received through Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. This means, among other things, that we only use Google user data for permitted, user-facing functionality within Sero and not for prohibited purposes such as advertising, data sales, or training third-party AI models.

3.8 Storage and retention periods of Google user data

We retain Google user data as long as your Sero account is active or as long as necessary for the purposes described in this privacy policy.

For Google connections:

• we keep basic connection data as long as the connection is active;

• we keep access tokens and refresh tokens only as long as needed to keep the connection working;

• we keep retrieved reporting or analytics data as long as necessary for dashboards, reports, analyses, support, security, or administration within Sero;

• when you delete a connection, we stop retrieving new data through that connection.
  
  

When you delete your account or ask us to delete your data, we delete the Google sign-in data and Google connection data linked to your account, unless we must keep certain data longer because of legal obligations, security, dispute resolution, or administrative reasons.

Active account data is generally deleted within 30 days after a valid deletion request. Data in backups is overwritten or deleted within the normal backup cycles, unless longer retention is legally required.

3.9 Revoking Google access

You can revoke Sero's access to your Google account at any time through the security settings of your Google account. You can manage this via:

https://myaccount.google.com/permissions

You can also remove or reconnect specific connections within Sero, if available. After revocation or deletion of a connection, Sero can no longer retrieve new data via that Google connection unless you give consent again.

Revoking Google access does not automatically remove all previously processed data from your Sero account. If you want your account or personal data deleted, contact us using the details in this policy or use the deletion options within Sero, if available.

4. How do we use personal data?

We process personal data for the following purposes:

• to provide and operate Sero;

• to create, manage, and secure user accounts;

• to enable connections that you add yourself;

• to display dashboards, reports, analyses, and insights within Sero;

• to provide support and customer service;

• to personalize the user experience within the application;

• to improve the performance, reliability, and security of Sero;

• to prevent fraud, abuse, and unauthorized access;

• to comply with legal obligations;

• administration, invoicing, and contract management, if applicable.
  
  

We only process personal data when there is a valid legal basis, such as performance of a contract, consent, legal obligation, or our legitimate interest in securing and improving our services.

5. Secure EU servers

All our servers are located within the European Union, mainly in the Netherlands. This means that your data is protected within a strong European privacy framework, including the General Data Protection Regulation (GDPR).

If data is nevertheless processed outside the European Economic Area, we ensure appropriate safeguards, such as standard contractual clauses, additional security measures, or other mechanisms permitted under the GDPR.

6. We do not share data unless it is needed for Sero

We never share sensitive information with third parties for commercial sale, advertising, or data resale. Sometimes it is necessary for certain suppliers to process data in order to make Sero work properly, for example for hosting, security, monitoring, authentication, support, or technical infrastructure.

In those cases, we only share what is necessary. Your data stays yours, and parties processing data on our behalf may not use that data for their own purposes.

7. Full GDPR compliance

Sero operates in line with the GDPR. We enter into appropriate agreements with processors, as required under Article 28 GDPR. These agreements state, among other things, that they may only process data according to our instructions and must take appropriate technical and organizational measures.

We process personal data according to the principles of lawfulness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

8. AI processing and no model training

Sero may use AI functionality and AI providers to deliver the service. Think, for example, of summarizing, analyzing, or structuring information within functions that you use.

With our AI providers, we enter into data processing agreements or similar data protection agreements. These agreements require providers to process data only according to our instructions and to apply appropriate security measures.

User data, including Google user data, may not be used to train, enrich, or improve third-party AI models unless you expressly and separately give consent for that. By default, your data is not used for model training.

Your data stays your data.

9. Encryption and privacy

We take appropriate technical and organizational measures to protect personal data and Google user data against loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Our security measures include, among other things:

• hosting on secure servers within the European Union, mainly in the Netherlands;

• encryption of data in transit where possible via TLS/HTTPS;

• encrypted storage for sensitive data where appropriate;

• access restriction based on the need-to-know principle;

• limited internal access to functional systems;

• logging, monitoring, and security checks;

• regular security audits and checks;

• backups and recovery procedures;

• contractual security obligations with processors.
  
  

We design Sero with privacy and data protection as the starting point, in line with privacy by design and privacy by default as referred to in Article 25 GDPR.

10. Retention periods

We do not keep personal data longer than necessary for the purposes for which we collected it, unless a longer retention period is legally required or permitted.

In general:

• account data is retained as long as your account is active;

• data from active connections is retained as long as needed to provide the connection and related functions;

• support and communication data are retained as long as needed to handle your request and for administrative purposes;

• billing data is retained in accordance with legal record-keeping obligations;

• security logs are retained as long as needed for security, monitoring, and incident investigation;

• deleted data may temporarily remain in backups until the backup cycle has expired.
  
  

When a retention period expires, we delete or anonymize the data securely.

11. Deletion of data

At Sero, you are in control of your data as much as possible. You can request deletion of your personal data, Google connections, or your entire Sero account.

After a valid deletion request, we delete your data unless we must retain certain data because of legal obligations, security, disputes, or legitimate administrative purposes.

Deletion requests can be submitted via: [email protected]

If your Sero account is linked to Google sign-in, we also delete the Google sign-in data linked to your Sero account when the account is deleted. If you have added Google connections, we also delete the associated connection data and stop retrieving new data.

12. Your rights

Under the GDPR, depending on the situation, you have the following rights:

• the right to access your personal data;

• the right to correct inaccurate data;

• the right to delete data;

• the right to restrict processing;

• the right to data portability;

• the right to object to certain processing activities;

• the right to withdraw consent when processing is based on consent;

• the right to file a complaint with the Dutch Data Protection Authority.

You can submit a request via [email protected]. We may ask you to verify your identity before fulfilling your request.

13. No sale of personal data

We do not sell personal data and we do not sell Google user data. We do not provide personal data to third parties for advertising purposes, data brokers, data reselling, creditworthiness assessments, lending or financing purposes, or similar purposes.

14. Minors

Sero is not intended for use by children under the age at which they may independently give consent for data processing under applicable law. If we discover that we have processed personal data of a minor without valid consent, we will delete that data where necessary.

15. Changes to this privacy policy

We may amend this privacy policy from time to time, for example when our services, connections, legislation, or data processing changes. The most current version is always available on this dedicated privacy policy web page.

If we make material changes to how we use Google user data or other personal data, we will inform users clearly, for example by email, in-app notification, or a notice on our website. When legally required, we will ask for consent again.

16. Contact

For questions about this privacy policy, privacy rights, or the processing of personal data, you can contact:

Sero
Email: [email protected]
Website: https://sero.tech
Address: Herengracht 231, 1016BG, Amsterdam