Privacy Policy
We collect only what we need, protect what you share, and never sell your data to anyone. Here is exactly how we handle your information.
Overview & Our Privacy Principles
Privacy is not a legal box we check — it is a reflection of how we operate. We run a business built on transparency: you see publisher metrics before you commit, you pay after the link is live, and you always know where your campaign stands. We apply the same standard to data.
- Collect minimally. We only gather information that is genuinely necessary to deliver and improve our services.
- Use purposefully. Data collected for one purpose is not quietly repurposed for another without your knowledge.
- Never sell. We do not sell, rent, or trade your personal information to third-party advertisers or data brokers — ever.
- Protect seriously. We apply appropriate technical and organisational measures to keep your data secure.
- Respect your rights. You can access, correct, export, or delete your data. We make that process straightforward.
This policy applies to all visitors to thestarkseo.com, all users of our Agency Marketplace, and all clients who engage our link building services, regardless of location.
What Information We Collect
We collect information in three ways: directly from you when you interact with us, automatically when you visit our website, and occasionally from third-party tools we use to run the business.
| Data Type | When We Collect It | Required? |
|---|---|---|
| Name | Contact forms, order briefs, Calendly bookings | Required |
| Email address | All contact and service interactions | Required |
| Business or agency name | Order briefs and invoicing | Optional |
| Website URL(s) | Campaign briefs — target URLs for link placement | Required |
| Payment details | Invoice settlement via Stripe or PayPal | Required |
| Campaign instructions | Anchor text, niche notes, publisher preferences | Required |
| Communication history | Emails and messages exchanged with our team | Automatic |
When you visit our website, certain technical data is collected automatically by our hosting infrastructure and analytics tools:
- IP address and approximate geographic location (country/region level)
- Browser type, version, and operating system
- Pages visited, time spent, and navigation path
- Referring website or search query that brought you to us
- Device type (desktop, mobile, tablet)
- We do not collect government-issued ID numbers, national insurance numbers, or passport data
- We do not collect sensitive personal data such as health information, political views, or religious beliefs
- We do not collect financial account numbers directly — all payment processing is handled by PCI-compliant third parties (Stripe, PayPal)
- We do not build advertising profiles or track your behaviour across other websites
How We Use Your Information
Every use of your data maps to a specific, legitimate purpose. We do not use data for anything beyond what is described here.
| Purpose | Data Used | Basis |
|---|---|---|
| Deliver your link building campaign | Name, email, URLs, campaign brief | Contract |
| Invoice and process payment | Name, email, business name | Contract |
| Respond to enquiries and support requests | Name, email, message content | Contract |
| Improve our website and service quality | Anonymised analytics data | Legitimate Interest |
| Send service-related updates (e.g. campaign status) | Name, email | Contract |
| Send occasional marketing emails (if opted in) | Name, email | Consent |
| Comply with legal obligations | Invoice and transaction records | Legal Obligation |
We do not use your data to train AI models, build advertising audiences, or share insights with data brokers. Your campaign details are yours.
Legal Basis for Processing
Where applicable data protection laws require us to identify a legal basis for processing personal data, we rely on the following grounds:
The majority of data we process is necessary to fulfil our service agreement with you — delivering campaigns, issuing invoices, and communicating about your orders. Without this data, we cannot provide the service.
We process certain data — such as anonymised website analytics and internal records of past campaigns — on the basis of our legitimate business interest in improving our services and maintaining accurate records. We apply a balancing test to ensure these interests do not override your privacy rights.
Where we send marketing communications or use non-essential cookies, we do so only with your active consent. You can withdraw consent at any time without affecting the lawfulness of processing that took place before withdrawal.
We retain certain transaction records and correspondence to comply with applicable financial, tax, and business record-keeping laws.
If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with specific data protection laws, the lawful bases above are intended to align with GDPR or equivalent local frameworks. You retain all rights afforded to you under applicable law.
How We Share Your Information
We share your information only where it is strictly necessary to fulfil the service or meet a legal requirement. We do not sell data, and we do not share it for advertising purposes.
To place your link on a third-party website, we must share your target URL and anchor text with the relevant publisher. We share only what is necessary for the placement and do not reveal your name, company identity, or any other personal details to publishers unless you specifically ask us to.
Payment is processed by Stripe and PayPal, each of which operates under its own privacy policy and PCI-DSS compliant infrastructure. We share your name and email with these processors for the purpose of invoicing and transaction verification. We never handle or store your full card details.
If you book a strategy call through Calendly, your name and email are processed by Calendly under their own privacy policy. We use the information only to conduct the call and follow up on any discussed campaign details.
Your campaign information is accessible to members of our team who are involved in fulfilling your order. All team members operate under confidentiality obligations.
We may disclose your information if required to do so by law, court order, or a valid legal request from a competent authority. Where legally permitted, we will notify you of such a request before complying.
What We Will Never Do With Your Data
- Sell or rent your personal data to third-party marketers or data brokers
- Share your client list or campaign strategy with any competitor
- Contact your end clients using information from your campaigns
- Use your URLs or anchor data to build competing content or campaigns
- Reveal your identity as a Stark SEO client to publishers without your consent
Data Retention
We retain your data for as long as is necessary for the purposes described in this policy, after which it is securely deleted or anonymised.
| Data Type | Retention Period | Reason |
|---|---|---|
| Campaign briefs & live URLs | 3 years from campaign completion | Guarantee support and dispute resolution |
| Invoice and payment records | 7 years | Legal and tax compliance obligations |
| Email correspondence | 3 years from last interaction | Service history and dispute context |
| Website analytics data | 26 months (anonymised after 90 days) | Site performance analysis |
| Marketing consent records | Until consent is withdrawn | Legal basis documentation |
| Support and enquiry messages | 2 years from resolution | Quality assurance and reference |
When a retention period expires, data is deleted from active systems and any backups within our standard backup rotation cycle. You can also request early deletion under your rights in Section 08.
Cookies & Tracking Technologies
Our website uses cookies — small text files stored on your device — to keep the site functioning properly and to understand how visitors use it. We do not use cookies to build advertising profiles or track you across other websites.
You can control cookie usage through your browser settings at any time. Most browsers allow you to block all cookies, accept only first-party cookies, or be notified before a cookie is stored. Note that disabling essential cookies may affect the functionality of certain site features.
We do not use cookies from Facebook Pixel, Google Ads remarketing, or any other third-party advertising platform that would track your activity across other websites.
Your Privacy Rights
Depending on your location, you have a range of rights regarding your personal data. We honour these rights for all clients and visitors, regardless of where data protection legislation formally requires us to do so.
Right to Access
Request a copy of the personal data we hold about you. We will respond within 30 days.
Right to Rectification
Ask us to correct inaccurate or incomplete data we hold about you.
Right to Erasure
Request deletion of your personal data where it is no longer needed for the purposes collected, subject to legal retention requirements.
Right to Object
Object to processing based on legitimate interests, including direct marketing. We will stop immediately on receipt of a valid objection.
Right to Restriction
Request that we limit processing of your data — for example, while a dispute is being investigated.
Right to Portability
Receive your data in a structured, machine-readable format so you can transfer it to another service provider.
Email us at info@thestarkseo.com with the subject line “Privacy Request” and describe the right you wish to exercise. We may ask you to verify your identity before actioning a request. We respond within 30 days — and usually much sooner.
Exercising your privacy rights is completely free of charge. We do not charge fees for access requests or deletions, and doing so will not affect your ability to use our services.
Data Security
We take the security of your data seriously and implement technical and organisational measures appropriate to the sensitivity of the information we hold.
- All data transmitted between your browser and our website is encrypted using TLS (HTTPS)
- Payment data is processed exclusively by PCI-DSS certified third-party processors — we never store card details on our own systems
- Access to campaign and client data is restricted to authorised team members on a need-to-know basis
- Accounts and internal systems use strong password policies and two-factor authentication where available
- All team members operate under confidentiality obligations covering client data and campaign details
- Third-party tools and processors are evaluated for security compliance before adoption
- We conduct periodic reviews of data handling practices as the business evolves
In the unlikely event of a data breach that poses a risk to your rights, we will notify affected individuals and, where required by law, relevant supervisory authorities, within 72 hours of becoming aware of the breach. We will also provide clear guidance on any steps you should take to protect yourself.
No online system is 100% immune to security risks. While we take every reasonable precaution, we cannot guarantee absolute security. If you suspect your account or data has been compromised, contact us immediately at info@thestarkseo.com.
Children’s Privacy
Our services are designed exclusively for businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18.
If you believe a minor has submitted personal information to us, please contact us at info@thestarkseo.com and we will delete that data promptly upon verification.
If you are under 18, please do not submit any personal information through our website or services. Our link building services are professional B2B offerings not intended for minors.
Third-Party Links & Services
Our website and campaign workflow involve links to, and integrations with, third-party services. Once you leave our website or interact with a third-party tool, their own privacy policies govern how your data is handled.
- Stripe — Payment processing. Stripe operates under its own privacy policy and PCI-DSS certification.
- PayPal — Alternative payment processing. Governed by PayPal’s privacy policy.
- Calendly — Strategy call scheduling. Data submitted via Calendly is processed under Calendly’s privacy policy.
- Google Analytics — Anonymised website usage analytics. We use IP anonymisation and do not share personally identifiable data with Google via Analytics.
- Email service provider — Used for transactional and campaign communication. We do not use email marketing platforms that build advertising profiles from your engagement data.
Third-party publisher sites where your links are placed operate independently and maintain their own privacy policies. The Stark SEO is not responsible for the privacy practices of any publisher site. We share only your target URL and anchor text with publishers — nothing more.
We review the privacy practices of third-party tools before integrating them. However, we cannot control changes these services make to their own policies over time. We recommend reviewing the privacy policies of any tool you interact with directly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our services, technology, or applicable law. The effective date at the top of this page will always reflect the most recent version.
- Minor clarifications and non-material changes are made without specific notice — the updated date is revised accordingly
- Material changes — such as a new category of data collection or a new sharing arrangement — will be communicated by email to active clients at least 14 days before they take effect
- Your continued use of our website or services after a policy update constitutes acceptance of the revised terms
Contact & Complaints
If you have a question about this Privacy Policy, want to exercise a data right, or have a concern about how we have handled your information, please get in touch. We take privacy concerns seriously and will respond promptly.
Privacy enquiries & data requests
info@thestarkseo.comIf you are located in a jurisdiction with a data protection supervisory authority (such as the UK Information Commissioner’s Office or an EU data protection authority) and you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with that authority. We would always prefer the opportunity to resolve any issue with you directly first.
We aim to respond to all privacy-related enquiries within 5 business days and to complete any formal data rights requests within 30 calendar days of identity verification.
Transparent Services, Honest Practices
500+ vetted publishers. Pay after your link goes live. Every placement backed by a 365-day guarantee. No surprises — on the service side or the privacy side.