ReporioBeta
Who it's forFeaturesHow it worksRoadmap
LoginTry the beta for free
Who it's forFeaturesHow it worksRoadmap
LoginTry the beta for free
Legal

Privacy Policy

Last updated: June 2026

This privacy policy provides information about the processing of personal data within the free demo/beta version of Reporio (hereinafter “Reporio” or the “service”). It is provided for your information and is not contractually “accepted”.

1. Controller

Christoph Bauer
CLICKIT DIGITAL
Sacherberg 5
86660 Tapfheim, Germany
Email: christoph.bauer@clickit-digital.de

Competent supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, Germany.

2. Provision and hosting

Reporio and its associated database are hosted in Germany by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. In doing so, technical connection and server data are processed, in particular the IP address, the time of the request, the requested resource, browser information and error data. The purpose is the provision, stability, error analysis and security of the service. The legal basis is Art. 6(1)(b) and (f) GDPR. A data processing agreement pursuant to Art. 28 GDPR is in place with the host.

3. Delivery via Cloudflare (reverse proxy / CDN)

The public hosts repor.io, app.repor.io and reports.repor.io are delivered via Cloudflare as a reverse proxy and content delivery network. Cloudflare thereby processes the IP address, TLS and connection information, requested URLs, timestamps, HTTP headers and security-related information. The purposes are secure delivery, TLS encryption, protection against attacks as well as availability and performance. The legal basis is Art. 6(1)(f) GDPR. Cloudflare is an internationally operating provider based in the USA; this involves a transfer to a third country (USA) which is based on a data processing agreement with EU standard contractual clauses.

4. Pre-launch waitlist

Reporio is currently in a pre-launch phase. If you sign up for the waitlist, we process the email address you provide, the interface language selected at the time, and the timestamp of your consent. The purpose is to notify you by email once Reporio becomes publicly available. The legal basis is your consent (Art. 6(1)(a) GDPR), given via the checkbox in the signup form.

We do not send any other emails to waitlist entries and do not use the address for advertising or profiling. Every confirmation email contains a link that lets you remove yourself from the waitlist at any time, without needing to log in; this immediately withdraws your consent (Art. 7(3) GDPR). Waitlist entries are kept until you unsubscribe or until Reporio's public launch, whichever comes first.

5. User account and organisations

To use Reporio you create a user account. We process in particular the email address, a freely chosen name or display name, the password hash (never the plaintext password), membership of and affiliation to organisations, roles and permissions as well as login, security and time information; for security-relevant operations possibly also the IP address.

The purposes are registration, login, provision of the user account, organisation and permission management as well as abuse and security prevention. There is no obligation to provide your real name; user profiles are not public. The legal basis is Art. 6(1)(b) and (f) GDPR.

6. Use of the Reporio platform

To provide the SaaS service we process the data you enter and the data generated during operation, in particular: organisations and memberships; projects as well as any freely entered project or client names; domains and URLs; keywords; search engine; country and location; language; device type (desktop/mobile); ranking, SERP, competitor and visibility data; report configurations and schedules; report recipients; generated reports and report PDFs; report links and shares; delivery status; event logs; the activity feed as well as audit, diagnostic and error data.

The purposes are the provision of the Reporio service, the collection and preparation of SEO data, the creation and delivery of reports, collaboration within an organisation, error diagnosis, operational security, abuse prevention and the traceable documentation of important system operations.

The legal bases are Art. 6(1)(b) GDPR (user or contractual partner), Art. 6(1)(f) GDPR (security, error analysis, abuse prevention, stable operation) as well as Art. 6(1)(c) GDPR insofar as statutory retention obligations exist.

7. SEO data provider (DataForSEO)

To query search engine and ranking data we use the SEO data provider DataForSEO. For each query we transmit the keyword, the language code, the device type, the operating system, the query depth and the location code or location name. The user account, email address, organisation, project ID or internal user IDs are not systematically transmitted.

Depending on your input, keywords and location information may in individual cases contain a personal reference. Further information can be found in the DataForSEO privacy policy (https://dataforseo.com/privacy-policy).

8. Automated report texts (Groq)

For the automated creation or linguistic preparation of report texts we use the AI service Groq (Groq, Inc., USA). Reduced evaluation data is transmitted; this may include the project name, ranking movements, competitor data, summarised insights, warnings, signal texts and statistical information. Raw data, complete SERP snapshots, internal IDs, keyword IDs and provider costs are removed before transmission according to the current state of the application. Because of the project name and any free-text content, a personal reference cannot be entirely ruled out in individual cases.

A transfer to a third country (USA) takes place, which is based on a data processing agreement with appropriate safeguards (in particular EU standard contractual clauses).

9. Email delivery (Resend)

For sending emails we use the service Resend (Plus Five Five, Inc., trading as Resend, USA). Transactional emails are sent, in particular report delivery, organisation invitations, waitlist confirmations and operational or technical notifications. We transmit the recipient's email address, the subject, the HTML and text content as well as, where applicable, a complete report PDF as an attachment. We also store the delivery status, error status and time. No open or click tracking is used.

A transfer to a third country (USA) takes place, which is based on a data processing agreement with EU standard contractual clauses.

10. Technically required storage in the browser

We use exclusively technically required storage mechanisms:

  • a session cookie for login and session,
  • a token to protect against cross-site request forgery (XSRF-TOKEN),
  • storage of the chosen language in localStorage (key “reporio.locale”),
  • storage of the chosen design/theme in localStorage (key “reporio-theme”).

These storage mechanisms serve exclusively for login, security and display preferences explicitly chosen by you. They are not used for advertising, profiling or audience measurement. No analytics or marketing cookies and no consent management platform are used. The legal basis is § 25(2) TDDDG in conjunction with Art. 6(1)(f) GDPR.

11. Contact

There is no contact form. If you contact us by email, we process your sender address, the subject, the content and technical transmission information insofar as this is necessary to handle your enquiry. The legal basis is Art. 6(1)(b) or (f) GDPR.

12. Erasure and retention

Where technically fixed periods exist, the following applies: event logs are deleted after 90 days, the activity feed after 180 days and application logs (Laravel) after up to 14 days as part of the existing rotation.

We process account, organisation, project and report data for the duration of use or of the contractual relationship. After deletion or the end of the contract they are deleted as soon as they are no longer required for contract performance, security, legal defence or statutory retention obligations. Backups may temporarily contain data until they are overwritten in the regular cycle. Documents required under tax and commercial law are retained in accordance with the statutory periods. In the event of security incidents, relevant log data may be stored longer until the matter has been finally clarified.

13. Your rights

You have the following rights regarding your personal data:

  • right of access (Art. 15 GDPR)
  • right to rectification (Art. 16 GDPR)
  • right to erasure (Art. 17 GDPR)
  • right to restriction of processing (Art. 18 GDPR)
  • right to data portability (Art. 20 GDPR)
  • right to object to processing (Art. 21 GDPR)
  • right to withdraw consent given (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a supervisory authority. The competent authority is the Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, Germany.

Reporio

Reporio is an SEO reporting platform for rankings, visibility and readable client reports.

Product

Who it's forFeaturesHow it worksRoadmap

Legal

ImprintPrivacyTerms

Login

LoginTry the beta for free

© 2026 Clickit Digital. All rights reserved.