← Back to home

Privacy Policy

Last updated: April 27, 2026 (v2)

Alto is operated by Solar Beam Studio, a SASU registered in France. This policy explains what data we collect, how we use it, and your rights.

1. Data we collect

Account data: name, email, and identifiers from Google sign-in.

Google data accessed via Google OAuth, with your consent:

  • Google Search Console: search query data, click and impression metrics, average position, indexing status for the verified properties you connect to Alto.
  • Google Analytics 4: traffic metrics (pageviews, sessions, traffic sources, geography, device category) for the GA4 properties you link to Alto.

We do not collect data from your Google account beyond the scopes you grant during OAuth consent.

2. How we use Google user data

We use Google user data only to provide and improve Alto’s user-facing features:

  • Display search performance dashboards (queries, clicks, impressions, CTR, position) for your verified Search Console properties.
  • Display traffic analytics dashboards (pageviews, sessions, traffic sources, device, geography) for your linked Analytics 4 properties.
  • Cross-reference Search Console and Analytics data on a per-page basis to surface insights about content performance.
  • Cache responses briefly to reduce API calls and improve responsiveness.

3. Scopes we request

We request the following Google scopes, all read-only:

  • openid, email, profile — standard Google sign-in.
  • https://www.googleapis.com/auth/webmasters.readonly — read-only access to Search Console data.
  • https://www.googleapis.com/auth/analytics.readonly — read-only access to Google Analytics 4 data.

We do not request write access to your Google account.

4. Limited Use disclosure

Alto’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We do not:

  • Transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • Use Google user data for serving advertisements.
  • Allow humans to read Google user data, except: with your affirmative consent for specific data; for security purposes such as investigating abuse; to comply with applicable law; or for internal operations, and only when the data has been aggregated and anonymized.

5. AI-assisted features

Alto uses Google’s Gemini API to generate SEO content suggestions, article drafts, and prioritized action plans based on the metrics fetched from Search Console and Analytics:

  • The inputs we send to Gemini are limited to non-PII signals: search queries from Search Console, page paths, click and impression counts, average position, and traffic source aggregates. We do not include account credentials, refresh tokens, or personal contact information.
  • Per the Gemini API policy, the data we send is not retained beyond the request lifecycle and is not used to train Google’s foundation models.
  • We do not use any third-party LLM provider for processing your Google user data (no OpenAI, Anthropic, or other vendors).
  • Generation runs when you click “Generate article” or as part of the weekly content cron on Pro / Agency plans. You can disable a site’s participation by deleting it from Alto.

6. Data retention and deletion

Cached Google data is retained while your Google account is connected to Alto. You can disconnect your Google account at any time from your account settings; the cached Search Console keywords, audits, and reports tied to your sites are deleted within 30 days of disconnection by an automated daily cleanup job. Reconnecting within that window cancels the deletion.

Account data is retained while your account is active. You can request account deletion by emailing the address below or by using the “Delete account” action in settings; we will delete your account and associated data within 30 days.

7. Sharing

We do not sell or rent personal data. We may share data with:

  • Service providers strictly necessary to operate Alto (hosting, error monitoring, payment processing), under written agreements limiting their use to this purpose.
  • Authorities when required by applicable law.

8. Security

We use industry-standard measures including encryption in transit (TLS) and at rest. OAuth refresh tokens are stored encrypted.

9. Your rights

If you are in the EEA, UK, or California, you have rights to access, correct, delete, port, or restrict processing of your personal data. Contact us to exercise these rights.

10. Changes

We may update this policy. Material changes will be communicated by email or in-app notice at least 14 days before taking effect.

11. Contact

Solar Beam Studio
Email: privacy@solarbeam.studio