Privacy Policy

EdgeComet Inc. ("EdgeComet," "we," "us," or "our") is committed to protecting the privacy of its customers and the individuals who interact with its website and platform. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have in relation to it.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. Capitalized terms not defined here have the meanings given in our Terms of Service.

EdgeComet Inc. is a Delaware corporation operating the EdgeComet B2B SaaS platform an SEO infrastructure layer that intercepts search engine and AI bot traffic via a reverse proxy and delivers optimized responses to those bots on behalf of our customers.

For the purposes of applicable data protection law, EdgeComet acts as a data controller with respect to Customer Account Data and as a data processor with respect to Service Data processed on behalf of our customers.

1. What information we collect

1.1 When you register for an account or use the Service, we collect:

• first name and last name;
• email address;
• website URL(s) you submit for processing;
• dashboard usage data, including Edge SEO rules, alert configurations, and platform settings you create;
• payment and billing information – collected and stored exclusively by our payment processor, Stripe. EdgeComet does not store credit card numbers or full payment details directly.

1.2 EdgeComet processes publicly available content from your website to deliver the Service. This is the same content that search engine bots such as Googlebot or AI bots such as GPTBot would encounter when crawling your site. Per render event, we capture SEO fields including:

• Title tag, meta description, H1–H3 headings
• Canonical URL, meta robots directives
• Structured data (JSON-LD schemas)
• Hreflang annotations
• Open Graph and Twitter Card tags
• Word count, internal and external link counts
• Image alt text
• HTTP status codes and redirect chains
• Render time, page weight, bot type, and request timestamp

We do not access content behind logins, paywalls, or any private or authenticated areas of your website. All service data is extracted from publicly available web pages only.

1.3 EdgeComet is not designed to collect or process data about human visitors to your website as part of its core functionality. The Service is intended to operate on requests from identified bots only.

However, limited technical data relating to human visitor requests (such as IP addresses or request metadata) may be incidentally processed at the infrastructure level for the purposes of routing, security, performance, and system reliability. Such data is not used to identify individuals, build profiles, or deliver the Service’s core functionality.

Human visitor requests are not modified, analyzed for content delivery purposes, or otherwise used by EdgeComet in providing the Service.

1.4 When you interact with the EdgeComet dashboard or marketing website, we may automatically collect:

• IP address and approximate geographic location (country/region level);
• Browser type and version;
• Operating system;
• Pages visited and features used within the dashboard;
• Referring URLs;
• Date and time of access.

This data is collected via cookies, similar tracking technologies, and security mechanisms such as CSRF tokens.

Where required by applicable law, non-essential cookies (including analytics cookies) are used only with user consent obtained through a cookie banner. Users may manage their cookie preferences at any time.

1.5 If you contact us by email or through the Service, we retain the content of your communications and our responses for the purposes of providing support and maintaining records.

1.6 Customers are responsible for ensuring that they have a valid legal basis for making website content available through the Service and for complying with applicable data protection laws.

EdgeComet processes publicly available website content strictly on behalf of customers and does not verify the legality, accuracy, or ownership of such content.

Customers should not use the Service to process special categories of personal data or other sensitive information unless explicitly permitted under applicable law.

2. How we use your information

We do not use Customer Content or Service Data for model training, advertising targeting, or any secondary commercial purpose. We do not sell personal data to third parties.

EdgeComet may send transactional and service-related communications (such as account notifications, billing updates, and system alerts) as part of providing the Service.

Marketing communications, where applicable, are sent based on consent or as otherwise permitted by applicable law, and users may opt out at any time.

3. How we share your information

3.1 We share data with the following third-party service providers (sub-Processors) solely to deliver and operate the Service:

The use of specific sub-processors may vary depending on the configuration of the Service, selected features, and the customer’s chosen data processing region. Not all sub-processors listed above will necessarily process all categories of data.

3.2 We may also disclose your information:

• To comply with applicable law, regulation, or a valid legal process (e.g., a court order or government request)
• To protect the rights, property, or safety of EdgeComet, our customers, or others
• In connection with a merger, acquisition, asset sale, or other business transfer – in which case we will notify affected customers before their data becomes subject to a different privacy policy
• With your explicit consent

We do not sell, rent, or trade personal data to third parties for their own marketing purposes.

4. Data storage and security

4.1 EdgeComet uses a combination of cloud and dedicated infrastructure across the following providers and regions:

4.2 Customers may select their preferred data processing region at the account level. EU customers may elect to have all data stored and processed exclusively within European data centers, supporting GDPR Article 44+ data transfer and residency requirements.

4.3 Encryption

• In transit: All data – between you and the dashboard, between the gateway and your origin server, and between internal EdgeComet services – is encrypted using TLS/HTTPS.
• At rest – Account and billing data: encrypted at rest.
• At rest – Cached HTML and rendered page content: Not encrypted at rest. This data consists exclusively of publicly available website content and contains no private or sensitive personal information. EdgeComet has determined that encryption at rest is not required for this category of data.

4.4 EdgeComet implements reasonable technical and organizational measures to protect data against unauthorized access, loss, or destruction.

In the event of a personal data breach, EdgeComet will notify affected customers without undue delay and, where required by applicable law, within the timeframes prescribed by such law.

5. Data retention

Following trial expiration or paid account cancellation, all account data will be retained for 30 days to allow for potential reactivation. After the 30-day retention window, all data is permanently and irreversibly deleted. Customers are responsible for exporting any data they wish to keep before account closure.

6. Your privacy rights

6.1 Rights Available to All Users

Regardless of your location, you may contact us at [email protected] to:

• Access – request a copy of the personal data we hold about you
• Correction – request correction of inaccurate or incomplete data
• Deletion – request deletion of your personal data (subject to legal retention obligations)
• Export – request your Customer Content in a portable format
• Opt-out of logo usage – withdraw consent to display your company logo on EdgeComet's marketing materials

6.2 GDPR Rights

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) or equivalent applicable law:

• Right to restriction of processing – request that we restrict processing of your data in certain circumstances
• Right to object – object to processing based on legitimate interests
• Right to data portability – receive your data in a structured, machine-readable format
• Right to withdraw consent – where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
• Right to lodge a complaint – you have the right to lodge a complaint with your local data protection authority

We will respond to all GDPR-related requests within 30 days. If we are unable to fulfill a request, we will explain why.

EdgeComet makes a Data Processing Agreement available to customers who require it, including for compliance with GDPR and similar laws.

The DPA incorporates applicable data protection obligations and, where relevant, Standard Contractual Clauses (SCCs) for international data transfers.

To request a DPA, please contact [email protected]

6.3 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know – request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to delete – request deletion of personal information we have collected, subject to certain exceptions
• Right to opt out of sale – EdgeComet does not sell personal information. This right is not applicable.
• Right to non-discrimination – you have the right not to receive discriminatory treatment for exercising your CCPA rights

To exercise your CCPA rights, contact us at [email protected] with the subject line "CCPA Request."

7. Children's Privacy

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at [email protected] and we will take steps to delete such information.

8. EdgeComet is a US-incorporated company. If you are located in the European Economic Area (EEA), the United Kingdom, or other regions with data protection laws that restrict international data transfers, your personal data may be transferred to and processed in countries outside your jurisdiction, including the United States and other countries where our service providers operate.

Where required by applicable law, EdgeComet relies on appropriate safeguards for such transfers, including Standard Contractual Clauses (SCCs) and other legally recognized mechanisms.

Customers may have the option to select data processing regions (for example, European data centers), where available and depending on the configuration of the Service and selected features.

9. The Service and our website may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

10. We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice within the Service at least 30 days before the changes take effect. The updated Policy will indicate the new effective date. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

We maintain a version history of this Privacy Policy. Prior versions are available upon request.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: