Privacy Policy — platform-yep

1. Introduction

This Privacy Policy applies to the Processing of information by Ahrefs Group ("Ahrefs", "we", "us", or "our") in connection with the provision of Yep (https://platform.yep.com/) and the products or services in connection with Yep from time to time (collectively, "Yep Services").

By interacting with or using Yep Services, you consent to the Processing of your information (including your Personal Data) in accordance with this Privacy Policy. If you are a California resident, please also refer to our Notice at Collection at Section 11.

This Privacy Policy does not apply to the products and services of other companies or organisations that advertise Yep Services. If we are ever involved in a merger, acquisition or sale of assets (although we don't have plans to!), we will notify you before your Personal Data becomes subject to a different privacy policy.

2. Interpretation

In addition to the terms defined elsewhere herein, the following terms shall have the meaning ascribed to them in this section.

"Data Protection Laws" means any and all laws, regulations, rules, measures, interpretations, codes or guidelines issued by any government authority in any part of the world with jurisdiction over Ahrefs which pertain to the protection of Personal Data and/or privacy, including the Personal Data Protection Act 2012, the Regulation (EU) 2016/679 (General Data Protection Regulation) and The California Consumer Privacy Act of 2018 as amended by The California Privacy Rights Act of 2020.

"Data Subject" means any identifiable natural person whose Personal Data we Process.

"Personal Data" means any information or data, whether true or not, about an individual who can be identified from that data or from that data and other information to which Ahrefs has or is likely to have access, and/or any other information or data that constitutes as such under Data Protection Laws.

"Process" or "Processing" means carrying out any operation or set of operations on or in relation to Personal Data, including collection, use, disclosure, transfer, sale, recording, holding, organisation, adaptation, alteration, retrieval, combination, transmission, erasure or destruction.

3. Collection of Information

We collect information to provide our website and Yep Services, which may include your Personal Data. The information we collect and Process depends on how you use Yep Services. We store the information we collect with unique identifiers tied to the browser, application or device you are using.

We collect the following information as you access and use Yep Services:

3.1 Data collected automatically

Some data is collected automatically as you use Yep Services, such as:

browser information such as type, version and settings
device information such as type and operating system
IP address
date, time and referral URL of access request
access status or HTTP status code

3.2 Data collected in connection with the use of cookies and similar technologies

We also collect data in connection with your use of cookies. The data collected depends on how you manage your cookie settings:

websites or pages visited, access time, frequency and duration of visits, links clicked, interaction with advertisements
user segment or category
IP address, model or device type, operating system and version, browser type and settings
identifiers such as device ID, advertisement ID and individual device token
cookie-related data such as cookie ID

3.3 Information you voluntarily provide to us

We collect information that you voluntarily provide to us as you access and use Yep Services (including any Personal Data within such information) such as:

information provided during registration and subscription to Yep Services such as:
- user details (name, email address)
- transaction information (name, address, payment method)
- company or organisation information
information provided as you use Yep Services, including any data, content, messages, photos, videos, recordings, images, feedback, suggestions, comments and other materials that you provide or input to Yep Services
information provided where you contact us via email or social media, such as your email address, social media account ID, social media profile and the content of any messages sent to us
information within the content of any answers to questions we ask you, such as where we provide customer support

4. Purposes of the Processing of Information

The following are the purposes for which we Process information we have collected, which may include your Personal Data:

User registration and account management: to enable registration for Yep Services and the conclusion and execution of a contract with you, the creation of user accounts, authentication, account settings customisation and subscription plans management;
Provision of services: to maintain, provide, deliver and improve Yep Services and any features or functionalities, as well as performance tracking and reporting, employing hosting and backend infrastructure for the operation of the website, blocking spam and employing the use of user database management;
Creation and use of analytics and reports: to collate, analyse and/or aggregate information in relation to the use of Yep Services for internal use and for authorised external parties, such as showing trends regarding general preferences;
Development of products and services to be offered by Ahrefs, whether or not in connection with Yep Services and including products and services built on artificial intelligence: to develop new products and services to be offered by Ahrefs, whether or not related to Yep Services, which may include software improvements and version upgrades, as well as products and services built on artificial intelligence such as through training of our machine learning models;
Marketing communications: to communicate marketing or advertising information, including personalised content based on the information collected;
Retargeting or remarketing communications: to communicate unique marketing or advertising information to you based on your prior interactions with Yep Services; you may opt out of this by disabling cookies when you access our website;
Customer support: to provide customer communications, such as notifying you about changes to Yep Services, handling queries and complaints and any other customer service interactions;
Talent acquisition and workforce management: to manage hiring and employment processes, such as evaluating your application for open positions and processing your employment;
Fraud prevention and security: to improve the safety and security of Yep Services, such as undertaking measures in relation to fraud prevention (e.g., authentication measures to prevent unauthorised access);
Compliance with legal obligations: to comply with our legal obligations, including participating and/or cooperating with investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities for the purposes of detecting, investigating and prosecuting in relation to matters deemed relevant to us at our sole discretion;
Cookies and similar technologies: to provide a more personalised user experience and improve Yep Services (for more information, please refer to Section 8 below); and/or
any other purpose for which we may notify you in writing.

Notwithstanding the above, we may use or process information that is not Personal Data, including information that has been de-identified or aggregated, for any purpose in connection with our business and operations (except where such purpose is prohibited by Data Protection Laws). We may retain your historical data (queries, usage patterns, preferences) to enable future features you may choose to activate, such as AI agents or personalised automation. You can request deletion of historical data at any time, though this may limit the effectiveness of certain features.

5. Disclosure and Transfer of Information

The disclosure and transfer of information to any person(s) is on a need-to-know basis for any of the purposes outlined in Section 4 above.

5.1 Transfer of information to third parties

We may disclose and/or transfer collected information, including your Personal Data, to the following third parties:

Payment processors: service providers who support and process payment transactions in relation to Yep Services (e.g., Stripe); where applicable and in relation to any payment transaction information, this Privacy Policy is subject to the privacy policies of such payment processors;
Partners, advertisers and sponsors: third party entities who enter into a contractual relationship with us to share, publish and promote content on or in relation to Yep Services;
Entities affiliated or related to Ahrefs: any and all entities to which Ahrefs is affiliated or related to, including any subsidiary, wholly owned subsidiary, holding company, ultimate holding company, subsidiary of a holding company, related corporation, partnership or joint venture entity of Ahrefs;
Data processors: third party entities who may receive your information to process such data on behalf of us under appropriate instructions as necessary for the respective processing purposes such as IT and other administrative services (e.g., hosting and/or maintenance of IT systems); the data processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard your Personal Data and to process your Personal Data only as instructed;
Domain administrators: parties who manage the accounts with Yep Services which you have access to or use, such as your employer or company;
Governmental authorities, courts, external advisors and similar third parties: public bodies or organisations as required or permitted by applicable law and any third party entities who enter into a contractual relationship with us to provide advisory or consultancy services;
Prospective entities to be related by way of merger or acquisition: entities in connection with any proposed or actual purchase, merger or acquisition of any part of our business, where such entity will be subject to non-disclosure terms;
Vendors or service providers: entities who may enter into a contractual relationship with us to provide support to Yep Services or any other event, promotion or advertisement in connection thereof; and/or
any other individual or entity, where you have requested or consented to such disclosure or transfer.

Third party entities or service providers may have privacy policies in respect of the information we disclose or transfer to them and the Processing of such information may also be subject to their privacy policies.

5.2 Cross-border transfer of information

Any disclosure or transfer of information may be cross-border. Some recipient countries may be outside of the European Union/European Economic Area and may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist. The countries which provide an adequate level of data protection from a European data protection law perspective include Andorra, Argentina, Canada, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, United Kingdom, the Eastern Republic of Uruguay and the United States (commercial organisations participating in the EU-US Data Privacy Framework). With regard to data transfers to recipients outside of the European Union/European Economic Area and outside the aforementioned countries, we provide appropriate safeguards such as entering into data transfer agreements adopted by the European Commission (e.g. Standard Contractual Clauses (2021/914/EU)) with the recipients or taking other measures to provide an adequate level of data protection, where required under Data Protection Laws. For more information, you can refer to our Data Processing Addendum.

Notwithstanding the above, we may disclose or transfer information that is not Personal Data, including information that has been de-identified or aggregated, for any purpose in connection with our business and operations (except where such purpose is prohibited by Data Protection Laws).

6. Storage and Retention of Information

We retain the information we collect for different periods of time depending on the type of information.

Unless otherwise required by Data Protection Laws, we store Personal Data for only as long as is necessary to serve the purposes for which that Personal Data was collected. When storage of such Personal Data is no longer necessary, the Personal Data is deleted. Where you delete any Personal Data within your account with Yep Services, such Personal Data is also deleted from our servers. We may retain some information for longer periods of time when necessary for legitimate business or legal purposes, such as security, fraud and abuse prevention, or financial record-keeping.

7. Legal Basis for Processing of Information

The legal bases which we rely on to Process information, including your Personal Data, are:

the conclusion and execution of a contract to which you are party in relation to the registration for our products, services and/or events;
fulfilment of a legal obligation to which the controllers may be subject within the context of the purposes of their activities;
necessity for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a child; and
your consent, including in respect of our communications to you.

8. Use of Cookies and Similar Technologies and Analytics

When you use our website and/or services, we and selected third parties may use cookies and similar technologies in order to provide you with a better, faster and safer user experience.

Cookies are small text files that are automatically created by your browser and stored on your device. We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies).

Detailed information on how we use cookies can be found in our Cookie Notice.

The cookies and similar technologies have the following functions:

to enable provision of our website/services (technically necessary);
to improve user experience (e.g. saving font size and form data entered); and
to optimize our website and services (e.g. monitoring of error messages and loading times).

9. Data Security

The Personal Data we collect is transferred to and stored in the United States where our services and other web properties operate.

All Personal Data is encrypted using Cloudflare when transmitted from our servers to your browser. The database backups are also encrypted. You are encouraged to review Cloudflare's privacy policy for more information on how your Personal Data is handled by Cloudflare. While most data are not encrypted while they live in our database, we take reasonable precautions and follow industry best practices to make sure data is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. However, we must advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. If you become aware of any potential data breach or security vulnerability, you are requested to contact us immediately using the contact details provided at Section 2 of this Privacy Policy. We will use all required measures to investigate such incidents.

10. Rights of the Data Subject

Under any and all Data Protection Laws applicable to you, you may be entitled to the following rights in relation to your Personal Data:

Right to access: You may have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to your Personal Data. The right of access includes, among other things, access to the purposes of the processing, the types of Personal Data to be processed, and the recipients or categories of recipient(s) to whom your Personal Data will be disclosed and/or transferred. However, this right is not unrestricted as the rights of other persons may limit your right of access. In certain circumstances, you may have the right to receive a copy of your Personal Data processed by us. For further copies, we charge a reasonable fee upon request.
Right to verification and rectification: You may have the right to request the rectification or correction of your Personal Data. Depending on the purposes of the processing, you may have the right to supplement incomplete Personal Data, including through the provision of a supplementary statement.
Right to erasure / deletion (right to be forgotten): You may have the right to request that we erase your Personal Data or some part of it.
Right to restriction of processing: You may have the right to request that we restrict the processing of your Personal Data to certain purposes, or exclude certain purposes from what we may process your Personal Data for.
Right to data portability: You may have the right to request for a copy of your Personal Data in a machine-readable format, and the right to transmit that data to a different controller.
Right to object: You may have the right to object at any time to the processing of your Personal Data by us for certain or all purposes.
Right to withdraw consent: You may have the right at any time to withdraw consent to any processing of your Personal Data. The withdrawal of consent shall not affect the lawfulness of the use and disclosure of your Personal Data prior to the withdrawal.
Right to appeal: You may have the right to appeal our denial of your request, which you may exercise in response to us communicating our denial. In these cases, we will reconsider your request and then notify you of our decision.
Right to lodge a complaint: You may have the right to bring a claim before a competent data protection authority with jurisdiction over any and all Data Protection Laws applicable to you.

To exercise your rights, please contact us using the contact details provided at Section 2 of this Privacy Policy. We may request additional information from you to verify your identity and complete your request.

11. Notice at Collection under the California Consumer Privacy Act

This section applies to California residents. You may also refer to our California Privacy Policy below for more information.

What Categories of Personal Information Do We Collect?

The information we collect can be found at Section 3.

For What Purposes Do We Collect and Use Personal Information?

We collect and use personal information for the purposes at Section 4. Any disclosure and transfer of personal information is in accordance with Section 5.

What Criteria Do We Consider When Retaining Personal Information?

In general, with respect to each category of personal information collected, we retain the information in accordance with Section 6.

12. Changes to our Privacy Policy

We may change this Privacy Policy from time to time. We encourage you to check this page for any changes. You can tell when this Privacy Policy was last updated by looking at the date at the top of this page.

Privacy Policy under the California Consumer Privacy Act

Last modified: September 15, 2025

This policy is provided by Ahrefs Pte Ltd ("Company") and applies solely to residents of the State of California ("consumers" or "you") with respect to personal information the Company processes as a business. Any terms defined in the California Consumer Privacy Act of 2018, as amended from time to time, including by the California Privacy Rights Act of 2020 and its implementing regulations ("CCPA") have the same meaning when used in this policy. This policy does not reflect our collection, use, or disclosure of California residents' personal information, or data subject rights, where an exception or exemption under the CCPA applies.

Our Personal Information Handling Practices in the Last 12 Months

We have set out below categories of personal information about California residents we have collected, and as applicable disclosed, for a business purpose in the preceding 12 months. The table is followed by a description of the purposes for which we collected personal information. If we process deidentified information, we will maintain the information in a deidentified form and not attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether deidentification processes used satisfy legal requirements. We did not "sell" or "share" personal information as the CCPA defines these terms over the preceding 12 months.

Category of personal information	Did we collect? If so, from what source?	Did we disclose? If so, to whom and for what purpose?
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.	Directly from you (through your use of the site)	To various service providers, such as: IT security companies, network monitoring companies, for security, investigation, and enforcement purposes; Business analysts for analytics purposes; To corporate partners, for corporate transaction purposes
Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, address, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. (The categories of personal information described in the California Customer Records Act (Cal. Civ. Code § 1798.80(e))	Directly from you (through your use of the site)	To various service providers, such as: Business analysts for analytics purposes; To corporate partners, for corporate transaction purposes
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Directly from you	To service providers for purposes of providing services.
Internet or other electronic network activity information, including, but not limited to, browsing history, and information regarding a consumer's interaction with an internet website application.	Indirectly from you (through the website)	No.
Geolocation data.	Indirectly from you (through the website)	No.
Audio, electronic, visual, thermal, olfactory, or similar information.	Directly from you	We may upload to LinkedIn and Instagram for purposes of promoting our brand.
Professional or Employment-related information.	Directly from you	No.
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).	Directly from you	No.
Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	Directly from you (through your use of the site)	To various service providers.

Sensitive Personal Information

Category of personal information	Did we collect? If so, from what source?	Did we disclose? If so, to whom and for what purpose?
A consumer's account log-in, in combination with any required security or access code, password, or credentials allowing access to an account.	Directly from you	To various service providers for security purposes.

Business or Commercial Purpose for Collecting Personal Information

User Registration and Account Management: to enable registration for our services, conclusion and execution of a contract with consumers, creation of user accounts, authentication, account settings customisation and subscription plans management.
Provision of services: to maintain, provide and deliver and improve our services such as our Webmaster Tools, AI Writing Tools, and related services, including performance tracking and reporting, employing hosting and backend infrastructure for the operation of the website, blocking spam, and employing the use of user database management.
Event Provision and Management: to coordinate and conduct matters in relation to events we may organise from time to time, including registration and provision of access, attendance and ticketing, logistics, budgeting, vendor management and post-event evaluations.
Creation and Use of Analytics and Reports: to collate and analyse information for internal use and for authorised external parties.
Development of Products and Services: to develop new products and services such as software improvements and version upgrades, and to improve products and services built on artificial intelligence such as through training of our machine learning models.
Marketing Communications: to communicate marketing or advertising information, including personalised content based on the information collected.
Retargeting or remarketing communications: to communicate unique marketing or advertising information based on prior interactions with products and services, which may be opted out of by disabling cookies.
Customer Support: to provide customer communications such as notifications on changes, handling queries and complaints, and other customer service interactions.
Talent Acquisition and Workforce Management: to manage our workforce, such as recruiting and hiring workers, managing job postings and applicant tracking, conducting interviews and assessments, and overseeing worker onboarding and training processes.
Fraud Prevention and Security: to improve the safety and security of our services, such as undertaking measures in relation to fraud prevention.
Compliance with Legal Obligations: to comply with our legal obligations, including participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
Legitimate Interest: To the extent necessary for the purposes of the legitimate interests pursued by us or by a third party.

We only use your sensitive personal information for purposes referenced at Subsection 1798.121(a) of the CCPA, namely to perform the services or provide the goods reasonably expected by an average California resident who requests those goods or services, and we do not use sensitive personal information to infer characteristics about you. We do not have actual knowledge that we sell or share for cross context behavioural advertising, and we do not have the personal information of California residents under 16 years of age.

CCPA Rights

As a California resident, you have the following rights under the CCPA:

The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You may only exercise your right to know twice within a 12-month period.
The right to delete personal information that we have collected from you, subject to certain exceptions.
The right to correct inaccurate personal information that we maintain about you.
The right to opt out of the sale or sharing of your personal information by us. We do not "sell" or "share" personal information, as the CCPA defines these terms.
The right to limit our use and disclosure of sensitive personal information to purposes specified in Cal. Civil Code 1798.121(a). We do not use or disclose sensitive personal information for purposes other than those specified in Cal. Civil Code 1798.121(a).
The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, in violation of California Civil Code § 1798.125, including an employee's, applicant's, or independent contractor's right not to be retaliated against for the exercise of their CCPA rights.

How to Exercise CCPA Rights

Methods of Submission and Instructions: To submit a request to exercise your rights to know, delete or correct, please email privacy@ahrefs.com.

Verification: Only you, or someone legally authorised to act on your behalf, may make a request related to your personal information. You may designate an authorised agent by taking the steps outlined under "Authorised Agent" further below. In your request or in response to us seeking additional information, you, or your authorised agent, must provide sufficient information to allow us to reasonably verify that you are, in fact, the person whose personal information was collected, which will depend on your prior interactions with us and the sensitivity of the personal information being requested. We may ask you for information to verify your identity and if you do not provide enough information for us to reasonably verify your identity, we will not be able to fulfil your request. We will only use the personal information you provide to us in a request for the purposes of verifying your identity and to fulfill your request.

Opt-Out Preference Signals: We do not "sell" or "share" personal information or use or disclose "sensitive personal information" for purposes outside of those referenced at subsection 1798.121(a) of the CCPA and therefore do not process opt-out signals.

Authorised Agents: You can designate an authorised agent to make a request under the CCPA on your behalf if:

The authorised agent is a natural person or a business entity and the agent provides proof that you gave the agent signed permission to submit the request; and
You directly confirm with the Company that you provided the authorised agent with permission to submit the request.

If you provide an authorised agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorised agent in accordance with the CCPA.