GDPR Compliance & Privacy Policy

How we collect, process, protect, and respect your personal data under EU Regulation (EU) 2016/679.

Last Updated: November 2025

Introduction & Scope

At Robots.txt, we are committed to protecting your personal data and being transparent about how we collect, use, and share it. This Privacy Policy complies with the General Data Protection Regulation (GDPR) and applies to all users, customers, website visitors, and partners within the European Economic Area (EEA), as well as anyone globally using our services.

By accessing our platform, API, or website, you acknowledge that you have read and understood this policy. If you do not agree with our practices, please discontinue use of our services.

Data Controller

Robots.txt Ltd. acts as the data controller for personal data collected through our platform, website, and related services.

Registered Entity: Robots.txt Ltd.
Address: 42 Innovation Drive, Tech Quarter, London, EC2A 4NE, United Kingdom
Registration No: 12345678
Registered in: England & Wales

Data We Collect

We only collect data that is necessary for providing, improving, and securing our services. Categories include:

  • Identity & Contact Data: Name, email address, company name, job title, and communication preferences.
  • Technical & Usage Data: IP address, browser type, device identifiers, log files, API usage metrics, and crawl configuration data.
  • Transaction & Billing Data: Payment method details (processed securely by PCI-DSS compliant providers), invoice addresses, and subscription history.
  • Content & Configuration Data: Robots.txt rules, sitemap URLs, domain settings, and integration preferences you explicitly configure.
  • Communication Data: Support tickets, chat transcripts, and email correspondence.

How We Use Your Data

Your data is processed strictly for the following purposes:

  • Delivering and maintaining our content curation platform and APIs.
  • Generating and optimizing robots.txt directives and crawl configurations.
  • Processing payments, issuing invoices, and managing subscriptions.
  • Providing customer support, security monitoring, and fraud prevention.
  • Sending service updates, security alerts, and product announcements (with consent where required).
  • Analyzing usage patterns to improve performance, stability, and feature development.

Data Sharing & Third Parties

We do not sell your personal data. We only share data with trusted third-party service providers who assist us in operating our platform. All processors are contractually bound by GDPR-compliant Data Processing Agreements (DPAs) and are limited to processing data strictly for specified purposes.

Categories of recipients include:

  • Cloud infrastructure & hosting providers (e.g., AWS, Cloudflare)
  • Payment processors & financial institutions
  • Customer support & analytics platforms
  • Legal, tax, and regulatory authorities when required by law

International Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States. Such transfers are safeguarded by:

  • EU Standard Contractual Clauses (SCCs)
  • adequacy decisions where applicable
  • Technical and organizational measures including encryption and strict access controls

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. General retention periods:

  • Active Accounts: For the duration of your subscription + 30 days post-cancellation.
  • Billing & Tax Records: 7 years as required by financial regulations.
  • Security & Audit Logs: 12 months.
  • Marketing Subscriptions: Until consent is withdrawn or after 24 months of inactivity.

Data is securely deleted or anonymized upon expiry of the retention period.

Your GDPR Rights

You have the right to exercise the following data subject rights at any time:

Access

Request a copy of your personal data we hold.

Rectification

Correct inaccurate or incomplete data.

Erasure

Request deletion of your data ("Right to be forgotten").

Restriction

Limit processing of your data under specific conditions.

Portability

Receive your data in a structured, machine-readable format.

Objection

Opt out of processing based on legitimate interests or direct marketing.

To exercise any right, contact our Data Protection Officer. We will respond within 30 days, free of charge.

Cookies & Tracking

Our website and platform use essential cookies for authentication, security, and session management. We may also use analytics and performance cookies to understand usage patterns. Marketing cookies are only used with explicit consent.

You can manage cookie preferences via our Cookie Banner or account settings. Disabling essential cookies may limit platform functionality.

Policy Updates

We may update this policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or platform notification at least 30 days before taking effect. Continued use constitutes acceptance of the updated policy.

Contact & Data Protection Officer

For privacy inquiries, data subject requests, DPA requests, or to lodge a complaint, please contact:

Data Protection Officer
Robots.txt Ltd.

dpo@robots.txt

You also have the right to lodge a complaint with your local supervisory authority or the UK Information Commissioner's Office (ICO).