The 10 second version: FreeGPTSEO does not collect personal data, does not use tracking cookies, does not run third party analytics, and all tools run entirely in your browser. We literally cannot see what you do on this site. If you want the long version, keep reading. We made it fun. Or at least we tried.
1. Who We Are (And Why You Should Care)
FreeGPTSEO is operated by Outline Technologies. We build free AI SEO tools that help website owners figure out if AI models like ChatGPT, Perplexity, and Gemini can actually find and cite their sites. We also built AI Citation Monitor, which does the more heavy duty version of that tracking over time.
This privacy policy applies to the website at freegptseo.com and all the tools available on it. When we say "we," "us," or "our," we mean Outline Technologies. When we say "you" or "your," we mean you, the person reading this page right now, probably while procrastinating on something else. No judgment.
We wrote this privacy policy because the law requires it, but also because we genuinely want you to know what happens (and more importantly, what does NOT happen) when you use our site. Most privacy policies are written by lawyers who charge by the word and seem to be paid extra for making things confusing. We took a different approach.
Our philosophy is pretty simple: your data is yours, we don't want it, and we built our tools so we literally cannot collect it even if we had some weird change of heart at 3 AM. Everything processes in your browser. We are not in the data collection business. We are in the "make useful free tools" business.
2. Data We Collect (Spoiler: Almost None)
Let's get to the good stuff. Here is a comprehensive breakdown of what we collect:
| Data Type | Do We Collect It? | Details |
|---|---|---|
| Personal information (name, email, phone) | No | We have no forms that ask for this. Zero. |
| URLs you audit | No | Processed entirely in your browser. |
| Audit results and reports | No | Generated locally, never sent to our servers. |
| IP address logging | Minimal | Standard web server logs may temporarily record IP addresses. We don't analyze or store these long term. |
| Cookies for tracking | No | No tracking cookies. Period. |
| Browser fingerprinting | No | We don't do this. We wouldn't even know how to start honestly. |
| Payment information | No | Nothing costs money here. There is nothing to pay for. |
| Account credentials | No | No accounts exist. You can't sign up even if you wanted to. |
That table is mostly "No" and we are very proud of that. Most privacy policies have tables that look like a CVS receipt of data they collect. Ours looks like an empty grocery list.
Key takeaway: We do not collect your name, email, phone number, audit URLs, audit results, or any other personal data. The only data that exists is standard web server logs (like IP addresses), which are temporary and not analyzed.
3. Everything Runs in Your Browser
This is the part we are most proud of, so let us explain it properly.
When you use any FreeGPTSEO tool, like the AI SEO Audit, the Schema Generator, the Content Grader, or any other tool on this site, the entire process happens inside your web browser. Your computer does the work. Our server delivers the HTML, CSS, and JavaScript files that make the tools work, and then it's done. It goes back to sitting there doing nothing while your browser does all the heavy lifting.
Here is what that means in practice:
- When you paste a URL into our audit tool, your browser fetches that page and analyzes it. Our server never sees the URL.
- When the tool generates results, those results exist only in your browser's memory. Close the tab and they are gone.
- When you download a report as PDF, that PDF is generated in your browser. It never touches our servers.
- When you use the Schema Generator, the JSON-LD code is created locally. We never see what schema you generated or what website it was for.
We built it this way on purpose. Not because it is easier (it's actually harder to build things client side). We built it this way because we genuinely believe you should be able to use free tools without giving up your privacy in exchange. That whole "if the product is free, you are the product" thing? We hate that. You are not the product. You are a person using a free tool. That is it.
Think of it like a calculator app on your phone. The calculator does the math right there on your device. It does not send your calculations to a server in Virginia so some company can build an advertising profile based on the fact that you apparently divide a lot of restaurant bills by 4. Our tools work the same way. Your browser is the calculator. We just gave you the app.
4. Cookies (The Internet Kind, Not the Chocolate Chip Kind)
We do not use cookies for tracking, advertising, analytics, or user profiling. We want to be crystal clear about that.
Your browser might create some functional cookies on its own (browsers do that sometimes for caching and performance), but we do not set any cookies ourselves and we definitely do not use any third party cookies.
Here is a quick breakdown:
| Cookie Type | Used by FreeGPTSEO? |
|---|---|
| Tracking cookies | No |
| Advertising cookies | No |
| Analytics cookies | No |
| Third party cookies | No |
| Session cookies | No (no accounts, no sessions) |
| Preference cookies | Possibly browser-native only |
That is a lot of "No" and we are fine with it. We do not need cookies to make the site work. You visit, you use the tools, you leave. We do not need to remember you came because we are not trying to retarget you with ads for AI SEO tools at 2 AM while you are scrolling through cat videos. That would be weird. And also expensive. And also not our style.
Because we do not use tracking cookies, we also do not need one of those annoying cookie consent banners that pop up on every website and make you click through 47 options to just read an article. You are welcome.
Key takeaway: No tracking cookies, no advertising cookies, no analytics cookies, no third party cookies. We don't set any cookies. Your browser might create its own for basic functionality, but that is between you and your browser.
5. Third Party Analytics (We Don't Have Any)
We do not use Google Analytics. We do not use Mixpanel. We do not use Hotjar, Amplitude, Heap, Segment, PostHog, Plausible, Fathom, or any other analytics tool. We do not use any analytics whatsoever.
Let that sink in for a second. A website in 2026 that does not track you. At all. We know, it feels weird. Like showing up to a party where nobody asks for your email address at the door.
Why? Because we do not need analytics to know our tools are useful. If people keep coming back, the tools are useful. If they do not, we need to make better tools. That is our analytics strategy. Vibes and common sense. Is it the most data driven approach? No. Does it mean we do not have to explain why we are sending your browsing data to Facebook? Yes. And honestly that trade off is worth it.
We might look at basic server metrics (like total number of requests) from our web server logs, but those are aggregate numbers that tell us things like "the site got 10,000 visits today" without telling us anything about who visited. No individual tracking. No user profiles. No behavioral analysis.
6. External Resources We Use
While we do not collect data ourselves, we want to be transparent about external resources our site loads. Here is the full list:
Google Fonts
We use Google Fonts to load the Inter and Outfit typefaces. When you visit our site, your browser makes a request to Google's font servers (fonts.googleapis.com and fonts.gstatic.com) to download these font files.
This means Google's servers technically receive the standard information that comes with any web request: your IP address, the referring page URL, and your browser's user agent string. This is how the internet works. Every time you load an image, a font, or a script from any external server, that server gets this basic info.
Google has its own privacy policy that covers how they handle data from Google Fonts requests. From what we understand (and what Google has publicly stated), Google Fonts does not use cookies, does not track users, and the access logs are kept for a limited time. But we are being upfront about it because you deserve to know that this external request happens.
If you are particularly privacy conscious, you can block requests to Google Fonts using a browser extension like uBlock Origin, and the site will still work perfectly fine with your system's default fonts. It might look slightly different, but all the tools will function normally.
Web Server
Our site is served from a web server that, like literally every web server in existence, generates access logs. These logs contain IP addresses, timestamps, requested URLs, and browser user agent strings. These are standard server logs that exist for debugging and security purposes. We do not mine these logs for user data, build profiles from them, or share them with anyone. They exist so that if the site breaks, we can figure out what happened.
Key takeaway: The only external resource we load is Google Fonts, which means Google's servers receive your standard web request info (IP, user agent) when the fonts load. We don't control that, but we are telling you about it. Our own server keeps standard access logs that we don't analyze for personal data.
7. The CORS Proxy Situation
Alright, here is a slightly technical one but we want to be completely honest about it.
When you use our AI SEO Audit tool and paste a URL, your browser needs to fetch that webpage so it can analyze it. The problem is, browsers have this security feature called CORS (Cross-Origin Resource Sharing) that prevents websites from fetching content from other websites directly. It is a good security feature in general, but it makes building tools like ours tricky.
To get around this, we use a CORS proxy. When you submit a URL, your browser sends that URL to our proxy server, which fetches the page content and sends it back to your browser for analysis. This means:
- The URL you want to audit does pass through our proxy server briefly
- The page content of that URL passes through our proxy server briefly
- Our proxy does NOT store or log the URLs you audit
- Our proxy does NOT store or log the page content it fetches
- The proxy is a simple pass through. It fetches, it forwards, it forgets. Like a goldfish with a really specific job.
We want to be transparent about this because technically, yes, the URL touches our server for a moment. But we do not log it, we do not store it, and we do not analyze it. The proxy exists purely as a technical necessity because browsers will not let us do it any other way. If browsers had a "please just let me fetch this one URL for a good reason I promise" setting, we would use that instead. But they do not. So here we are.
All the actual analysis (parsing the HTML, checking schema markup, evaluating meta tags, scoring content structure) happens entirely in your browser after the proxy returns the page content. The proxy is just the courier. Your browser is the analyst.
8. User Accounts (We Don't Have Those Either)
FreeGPTSEO does not have user accounts. There is no signup page. There is no login page. There is no "create an account to save your results" prompt. There is no password reset flow because there are no passwords because there are no accounts.
This was a deliberate choice. The moment you have user accounts, you have to store emails, hash passwords, handle password resets, deal with data breach notifications, implement two factor authentication, and suddenly your simple free tool has become a full identity management platform. No thanks.
We just want you to use the tools and go on with your day. You do not need to create yet another account with yet another password that you will forget in approximately 11 minutes. You have enough accounts. We all do. The average person has over 100 online accounts. We are not going to be number 101.
The trade off is that you cannot save your audit results on our site. But you can download them as a PDF, copy them, screenshot them, print them out and tape them to your wall if you want. That is between you and your printer.
Key takeaway: No user accounts, no signups, no passwords, no stored credentials. Use the tools freely without creating yet another account you will definitely forget the password to.
9. Data Storage and Retention
Since we do not collect personal data, there is not much to say about data storage. But here is the full picture for completeness:
What we store: The static files that make up this website (HTML, CSS, JavaScript, images). That is it. Those are the files your browser downloads to display the site and run the tools.
What we do NOT store: Your audit results, the URLs you analyze, your personal information, your browsing behavior, your preferences, your device information (beyond what shows up in standard server logs), or anything else related to your individual use of this site.
Server logs: Our web server generates standard access logs. These logs may contain IP addresses and are retained for a limited period (typically a few weeks) for debugging and security monitoring purposes. After that, they are automatically rotated and deleted. We do not back up or archive these logs for long term storage.
Browser storage: Some of our tools might use your browser's localStorage or sessionStorage to temporarily hold data while you are using a tool (for example, keeping your audit results on screen while you switch between tabs). This data lives entirely in your browser, on your device, under your control. You can clear it anytime by clearing your browser data. We cannot access your browser's local storage from our servers. That is not how browser storage works.
10. Data Sharing With Third Parties
We do not share your data with third parties because we do not have your data to share. It is really hard to share something you do not have. We have tried. It is like trying to lend someone a book you never bought. The math just does not work.
More specifically:
- We do not sell data to anyone
- We do not share data with advertisers
- We do not share data with data brokers
- We do not share data with social media platforms
- We do not share data with "trusted partners" (everyone's favorite weasel phrase)
- We do not share data with parent companies, subsidiaries, or affiliates
- We do not share data with anyone at all, ever, for any reason
The only exception would be if we were legally compelled to do so by a valid court order or law enforcement request. But even then, we would have very little to hand over since we do not collect or store personal data. "Here are our server logs from two weeks ago, good luck" is probably not what law enforcement is hoping to hear, but that is genuinely all we would have.
11. GDPR Compliance
The General Data Protection Regulation (GDPR) is a European privacy law that sets strict rules about how companies collect, process, and store personal data. It is a big deal, and we take it seriously.
The good news is that GDPR compliance is relatively straightforward when you do not collect personal data. It is like asking if your parking is compliant with building codes when you do not own a building. Technically yes. By default. Because there is nothing there.
But here is how we align with GDPR principles specifically:
Lawful basis for processing: We do not process personal data, so we do not need a lawful basis. But the standard web server logs that briefly contain IP addresses would fall under "legitimate interest" (keeping the site running and secure).
Data minimization: We collect the absolute minimum amount of data possible, which in our case is effectively zero beyond server logs.
Purpose limitation: The only data we do collect (server logs) is used exclusively for debugging and security.
Storage limitation: Server logs are automatically rotated and deleted after a short period.
Right to access: If you are an EU resident and want to know what data we have about you, you can email us and we will tell you the honest answer: we probably have nothing. If your IP address happens to still be in our server logs from a recent visit, we can look that up, but it will be gone soon anyway.
Right to erasure: If you want us to delete your data, we will happily do so. It will be a very short task since we almost certainly do not have any.
Right to portability: You have the right to receive your personal data in a machine readable format. Since we do not have your personal data, there is nothing to export, but we respect the right.
Data Protection Officer: Given the minimal nature of our data processing, we have not appointed a formal DPO. However, you can reach us at [email protected] for any GDPR related questions and we will respond promptly.
Key takeaway: We comply with GDPR because we barely collect any data. EU residents have all the standard GDPR rights (access, erasure, portability, etc.) but there is almost nothing for us to provide, delete, or export since we do not store personal data.
12. CCPA Compliance
The California Consumer Privacy Act (CCPA) and its amendment, the CPRA, give California residents specific rights about their personal information. Here is how those apply to FreeGPTSEO:
Right to know: You have the right to know what personal information we collect. Answer: essentially nothing beyond standard server logs.
Right to delete: You can request deletion of your personal information. We are happy to do this, though again, we probably do not have any to delete.
Right to opt out of sale: We do not sell personal information. Ever. To anyone. So there is nothing to opt out of. But if it makes you feel better: you are opted out. Done. Congratulations.
Right to non-discrimination: We will not treat you differently based on whether you exercise your privacy rights. Since we treat everyone exactly the same (by not collecting their data), this is pretty easy for us to guarantee.
Do Not Sell or Share My Personal Information: Under the CPRA, we confirm that we do not sell or share personal information for cross context behavioral advertising purposes. We do not even know what cross context behavioral advertising looks like in practice and we plan to keep it that way.
If you are a California resident and want to exercise any of these rights, email us at [email protected]. We will respond within the legally required timeframe, though the response will probably be "we do not have any of your personal data, but we respect your inquiry."
13. International Data Transfers
Our server is hosted in Germany (Hetzner). If you are accessing FreeGPTSEO from outside Germany, the standard web requests (like loading the page) technically involve an international data transfer of the basic request information (your IP address and browser details).
For Google Fonts, your browser makes requests to Google's servers, which may be located anywhere in the world. This is a direct connection between your browser and Google's infrastructure, and Google's privacy policy governs how they handle that data.
Since we do not collect, store, or process personal data beyond temporary server logs, the international transfer question is fairly academic for us. But we mention it here because transparency is kind of our whole thing with this document.
14. Children's Privacy
FreeGPTSEO is not directed at children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. But here is the thing: we do not knowingly collect personal information from anyone, regardless of age.
Our tools are designed for website owners, SEO professionals, marketers, and content creators. Those are generally not demographics with a lot of 8 year olds in them, though if your 8 year old is checking their website's schema markup, honestly, good for them. That kid is going places.
If you are a parent or guardian and you believe your child has somehow provided personal information to us (we genuinely cannot figure out how they would do this since we have no forms, no accounts, and no data collection mechanisms, but just in case), please contact us at [email protected] and we will investigate and take appropriate action immediately.
We comply with the Children's Online Privacy Protection Act (COPPA) in the United States and equivalent regulations in other jurisdictions. Our compliance strategy is simple: do not collect data from anyone, including children.
Key takeaway: Our site is not intended for children under 13 (or 16 in the EEA), and we do not collect personal information from anyone, children included. COPPA compliance? Covered by default since we collect nothing.
15. Security Practices
Even though we do not collect personal data, we still take security seriously. Here is what we do:
- HTTPS everywhere: Our entire site is served over HTTPS, which means the connection between your browser and our server is encrypted. Nobody sitting between you and us (like your ISP, your coffee shop's wifi, or that suspicious guy with a laptop in the corner) can see what you are doing on our site.
- Regular updates: We keep our server software and dependencies updated to patch security vulnerabilities.
- Minimal attack surface: Since we do not have databases full of user data, login systems, or payment processing, the things that hackers typically target simply do not exist on our infrastructure. You cannot breach a database that does not exist. That is not bravery, that is architecture.
- Content Security Policy: We implement security headers to help protect against cross site scripting (XSS) and other common web attacks.
- No unnecessary dependencies: We keep our tech stack simple and minimal, which reduces the potential for supply chain attacks through compromised third party libraries.
Could someone still theoretically hack our site? Sure. Anything is possible. But even if they did, there is no treasure chest of user data to steal. The worst case scenario is someone defaces our homepage, and we would fix that in about 5 minutes. There are no emails to leak, no passwords to crack, no credit cards to steal. A hacker breaking into our server would find some HTML files and a CORS proxy and probably leave disappointed.
16. Links to Other Websites
Our site contains links to other websites, including but not limited to:
- AI Citation Monitor (our monitoring product)
- Outline Technologies (our agency)
- Various external resources linked in our blog posts and documentation
When you click on a link to an external website, you leave FreeGPTSEO and the privacy policy of that other website applies. We are not responsible for the privacy practices of other websites. We try to link to reputable sites, but we cannot control what they do with your data once you are on their turf.
Think of it like giving someone directions to a restaurant. We can tell you the food is good, but we are not responsible for the parking situation when you get there. Different establishment, different rules.
17. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the bottom of this page. We are not going to email you about it because we do not have your email. We are not going to show you a popup about it because we do not like popups. The updated date is your indicator.
If we ever make significant changes (like, hypothetically, if we suddenly decided to start collecting data, which would be very out of character for us), we would make those changes obvious. Maybe a blog post, maybe a note on the homepage. But honestly, our privacy practices are unlikely to change much because our entire architecture is built around not collecting data. Changing that would mean rebuilding the entire site, and we have better things to do.
We recommend checking this page occasionally if you are the thorough type. If you are not the thorough type, just know that we are still not collecting your data. That part is not changing.
18. Contact Us
If you have any questions about this privacy policy, want to exercise any of your privacy rights, found something confusing, or just want to tell us that this is the first privacy policy you have read all the way to the end (we appreciate you), reach out:
- Email: [email protected]
- X (Twitter): @AICitationM
We read every message and will respond to privacy related inquiries as quickly as possible. For GDPR requests from EU residents, we will respond within 30 days as required. For CCPA requests from California residents, we will respond within 45 days as required.
If you believe we are not handling your privacy rights correctly, you also have the right to file a complaint with your local data protection authority. In the EU, you can contact your national Data Protection Authority. In the US, you can contact the Federal Trade Commission (FTC) or your state Attorney General.
We hope it never comes to that though. If something is wrong, just talk to us first. We are pretty reasonable people who built a free tool for the internet. We are not the villain in this story.
Ready to Check Your Site?
Run a free AI SEO audit right now. No signup. Takes about 5 seconds.
Run Free Audit