Privacy Policy

1. Introduction

This Privacy Policy applies to the Processing of information by Ahrefs Pte Ltd (“Ahrefs”, “we”, “us”, or “our”) (UEN No. 201227417H) of 16 Raffles Quay #33-03 Hong Leong Building Singapore 048581 in connection with the provision of our website (https://ahrefs.com/) and the products and services provided via or in connection with these websites (“Ahrefs Services”).

By interacting with or using Ahrefs Services, you consent to the Processing of your information (including your Personal Data) in accordance with this Privacy Policy. If you are a California resident, please also refer to our Notice at Collection at Section 11.

This Privacy Policy does not apply to the products and services of other companies or organisations that advertise Ahrefs Services. If we are ever involved in a merger, acquisition or sale of assets (although we don’t have plans to!), we will notify you before your Personal Data becomes subject to a different privacy policy.

The details of our Data Protection Officer are as follows:

Data Protection Officer

privacy@ahrefs.com

EU Representative

VeraSafe Ireland Ltd.

Unit 3D North Point House North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland

 

2. Interpretation

In addition to any terms defined in any other part of this Privacy Policy, the following terms are defined as such:

Data Protection Laws” means any and all laws, regulations, rules, measures, interpretations, codes or guidelines issued by any government authority in any part of the world with jurisdiction over Ahrefs which pertain to the protection of Personal Data and/or privacy, including but not limited to the Personal Data Protection Act 2012, the Regulation (EU) 2016/679 (General Data Protection Regulation) and The California Consumer Privacy Act of 2018 as amended by The California Privacy Rights Act of 2020. 

“Data Subject” means any identifiable natural person whose Personal Data we Process.

“Personal Data” means any information or data, whether true or not, about an individual who can be identified from that data or from that data and other information to which Ahrefs has or is likely to have access, and/or any other information or data that constitutes as such under Data Protection Laws.

Process” or “Processing” means carrying out any operation or set of operations on or in relation to Personal Data, including but not limited to collection, use, disclosure, transfer, sale, recording, holding, organisation, adaptation, alteration, retrieval, combination, transmission, erasure or destruction.

 

3. Collection of Information

We collect information to provide our website and Ahrefs Services, which may include your Personal Data. The information we collect and Process depends on how you use Ahrefs Services. We store the information we collect with unique identifiers tied to the browser, application or device you are using.

The information we collect as you access our website and use Ahrefs Services include:

  • data collected automatically, such as:
    • browser information, such as type, version and settings
    • device information, such as type and operating system
    • mobile network information, such as carrier and phone number
    • IP address
    • date, time and referral URL of access request
    • time zone
    • access status/HTTP status code
    • the data volume transferred
    • websites from which you arrive at our website
    • websites accessed by you through our website
    • universally unique identifier (UUID);
  • data collected in connection with the use of cookies and similar technologies, such as:
  • websites/webpages visited, access time, frequency and duration of visits, links clicked, interaction with advertisements;
  • user segment or category;
  • IP address, model or device type, operating system and version, browser type and settings;
  • identifiers (device ID, advertisement ID, individual device token); and
  • cookie-related data (e.g. cookie ID).
  • information provided during registration and subscription to Ahrefs Services such as:
    • type of registration (data owner, data provider, data user)
    • company information (Legal Entity Identifier (LEI), company name)
    • user details (name, email address, telephone number, account username, password)
    • transaction information (name, address, payment method);
  • information provided where you contact us via email or social media, such as your email address, social media account ID, social media profile and the content of any messages sent to us; and
  • information within the content of any answers to questions we ask you, such as where we provide customer support.

 

4. Purposes of the Processing of Information

The following are the purposes for which we Process information we have collected, which may include your Personal Data:

  • User registration and account management: to enable registration for Ahrefs Services and the conclusion and execution of a contract with you, the creation of user accounts, authentication, and account settings customisation;
  • Provision of services: to maintain, provide, deliver and improve Ahrefs Services such as our Webmaster Tools, AI Writing Tools and related services, including performance tracking and reporting, employing hosting and backend infrastructure for the operation of the website, blocking spam and employing the use of user database management;
  • Event provision and management: to coordinate and conduct matters in relation to events we may organise from time to time, including registration and provision of access, attendance and ticketing, logistics, budgeting, vendor management and post-event evaluations;
  • Creation and use of analytics and reports: to collate and analyse information in relation to the use of Ahrefs Services for internal use and for authorised external parties, such as showing trends regarding general preferences;
  • Development of products and services: to develop new products and services for us, such as software improvements and version upgrades (e.g., improving our AI model);
  • Marketing Communications: to communicate marketing or advertising information, including personalised content based on the information collected;
  • Customer Support: to provide customer communications, such as notifying you about changes to Ahrefs Services, handling queries and complaints and any other customer service interactions;
  • Fraud prevention and security: to improve the safety and security of Ahrefs Services, such as  undertaking measures in relation to fraud prevention (e.g., authentication measures to prevent unauthorised access);
  • Compliance with legal obligations: to comply with our legal obligations, including participating and/or cooperating with investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities for the purposes of detecting, investigating and prosecuting in relation to matters deemed relevant to us at our sole discretion;
  • Cookies and similar technologies: to provide a more personalised user experience and improve Ahrefs Services (for more information, please refer to Section 8 below); and
  • Any other purpose for which we may notify you in writing.

 

5. Disclosure and Transfer of Information

The disclosure and transfer of information to any person(s) is on a need-to-know basis for any of the purposes outlined in Section 4 above. 

A. Transfer of information to third parties

We may disclose and/or transfer collected information, including your Personal Data, to the following third parties:

  • Stripe: third party service provider supporting and processing payment transactions in relation to Ahrefs Services; where applicable and in relation to any payment transaction information, this Privacy Policy is subject to Stripe’s Privacy Policy (https://stripe.com/en-sg/privacy);
  • Partners, advertisers and sponsors: third party entities who enter into a contractual relationship with us to share, publish and promote content on or in relation to Ahrefs Services;
  • Entities affiliated or related to Ahrefs: any and all entities to which Ahrefs is affiliated or related to, including but not limited to any subsidiary, wholly owned subsidiary, holding company, ultimate holding company, subsidiary of a holding company, related corporation, partnership or joint venture entity of Ahrefs;
  • Data processors: third party entities who may receive your information to process such data on behalf of us under appropriate instructions as necessary for the respective processing purposes such as IT and other administrative services (e.g., hosting and/or maintenance of IT systems); the data processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard your Personal Data and to process your Personal Data only as instructed;
  • Domain administrators: parties who manage the accounts with Ahrefs Services which you have access to or use, such as your employer or company;
  • Service providers: third party entities or service providers who enter into a contractual relationship with us to provide support to Ahrefs Services; and
  • Governmental authorities, courts, external advisors and similar third parties: public bodies or organisations as required or permitted by applicable law and any third party entities who enter into a contractual relationship with us to provide advisory or consultancy services.

Third party entities or service providers may have privacy policies in respect of the information we disclose or transfer to them and their Processing of such information will also be subject to their privacy policies.

B. Cross-border transfer of information

Any disclosure or transfer of information may be cross-border. Some recipient countries may be outside of the European Union/European Economic Area and may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist. The countries which provide an adequate level of data protection from a European data protection law perspective include Andorra, Argentina, Canada, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, United Kingdom, the Eastern Republic of Uruguay and the United States (commercial organisations participating in the EU-US Data Privacy Framework). With regard to data transfers to recipients outside of the European Union/European Economic Area and outside the aforementioned countries, we provide appropriate safeguards such as entering into data transfer agreements adopted by the European Commission (e.g. Standard Contractual Clauses (2021/914/EU)) with the recipients or taking other measures to provide an adequate level of data protection, where required under Data Protection Laws. For more information, you can refer to our Data Processing Addendum at  https://ahrefs.com/legal/data-processing-addendum.

 

6. Storage and Retention of Information

We retain the information we collect for different periods of time depending on the type of information.

Unless otherwise required by Data Protection Laws, we store Personal Data for only as long as is necessary to serve the purposes for which that Personal Data was collected. When storage of such Personal Data is no longer necessary, the Personal Data is deleted. Where you delete any Personal Data within your account with Ahrefs Services, such Personal Data is also deleted from our servers. We may retain some information for longer periods of time when necessary for legitimate business or legal purposes, such as security, fraud and abuse prevention, or financial record-keeping.

 

7. Legal Basis for Processing of Information

The legal bases which we rely on to Process information, including your Personal Data, are:

  • the conclusion and execution of a contract to which you are party in relation to the registration for our products, services and/or events;
  • fulfilment of a legal obligation to which the controllers may be subject within the context of the purposes of their activities;
  • necessity for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child; and
  • your consent, including in respect of our communications to you.

 

8. Use of Cookies and Similar Technologies and Analytics

When you use our website and/or services, we and selected third parties may use cookies and similar technologies in order to provide you with a better, faster and safer user experience.

Cookies are small text files that are automatically created by your browser and stored on your device. We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies). 

Detailed information on how we use cookies can be found in our Cookie Notice.

The cookies and similar technologies have the following functions:

  • to enable provision of our website/services (technically necessary);
  • to improve user experience (e.g. saving font size and form data entered); and
  • to optimize our website and services (e.g. monitoring of error messages and loading times).

 

9. Data Security

The Personal Data we collect is transferred to and stored in the United States where our services and other web properties operate. 

All Personal Data is encrypted using Cloudflare when transmitted from our servers to your browser. The database backups are also encrypted. You are encouraged to review Cloudflare’s privacy policy (https://www.cloudflare.com/privacypolicy/) for more information on how your Personal Data is handled by Cloudflare. While most data are not encrypted while they live in our database, we take reasonable precautions and follow industry best practices to make sure data is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. However, we must advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. If you become aware of any potential data breach or security vulnerability, you are requested to contact us immediately using the contact details provided at Section 2 of this Privacy Policy. We will use all required measures to investigate such incidents.

 

10. Rights of the Data Subject

Under any and all Data Protection Laws applicable to you, you may be entitled to the following rights in relation to your Personal Data:

  1. Right to access: You may have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to your Personal Data. The right of access includes, among other things, access to the purposes of the processing, the types of Personal Data to be processed, and the recipients or categories of recipient(s) to whom your Personal Data will be disclosed and/or transferred. However, this right is not unrestricted as the rights of other persons may limit your right of access. In certain circumstances, you may have the right to receive a copy of your Personal Data processed by us. For further copies, we charge a reasonable fee upon request.
  2. Right to verification and rectification: You may have the right to request the rectification or correction of your Personal Data. Depending on the purposes of the processing, you may have the right to supplement incomplete Personal Data, including through the provision of a supplementary statement.
  3. Right to erasure / deletion (right to be forgotten): You may have the right to request that we erase your Personal Data or some part of it.
  4. Right to restriction of processing: You may have the right to request that we restrict the processing of your Personal Data to certain purposes, or exclude certain purposes from what we may process your Personal Data for.
  5. Right to data portability: You may have the right to request for a copy of your Personal Data in a machine-readable format, and the right to transmit that data to a different controller.
  6. Right to object: You may have the right to object at any time to the processing of your Personal Data by us for certain or all purposes.
  7. Right to withdraw consent: You may have the right at any time to withdraw consent to any processing of your Personal Data. The withdrawal of consent shall not affect the lawfulness of the use and disclosure of your Personal Data prior to the withdrawal.
  8. Right to appeal: You may have the right to appeal our denial of your request, which you may exercise in response to us communicating our denial. In these cases, we will reconsider your request and then notify you of our decision.
  9. Right to lodge a complaint: You may have the right to bring a claim before a competent data protection authority with jurisdiction over any and all Data Protection Laws applicable to you.

To exercise your rights, please contact us using the contact details provided at Section 2 of this Privacy Policy. We may request additional information from you to verify your identity and complete your request.

 

11. Notice at Collection under the California Consumer Privacy Act

This section applies to California residents. You may also refer to our California Privacy Policy below for more information.

What Categories of Personal Information Do We Collect?

The information we collect can be found at Section 3, which includes both sensitive and non-sensitive personal information.

Some examples of sensitive personal information that we collect are your account log-in details, passwords, and precise geolocation. Some examples of non-sensitive personal information that we collect are your name, email address and internet browsing history.

For What Purposes Do We Collect and Use Personal Information?

We collect and use personal information for the purposes at Section 4. Any disclosure and transfer of personal information is in accordance with Section 5.

What Criteria Do We Consider When Retaining Personal Information?

In general, with respect to each category of personal information collected, we retain the information in accordance with Section 6.

12. Changes to our Privacy Policy

We may change this Privacy Policy from time to time. We encourage you to check this page for any changes. You can tell when this Privacy Policy was last updated by looking at the date at the top of this page.

 

 

Privacy Policy under the California Consumer Privacy Act

Last Updated: 30 April 2025

This policy is provided by Ahrefs Pte Ltd (“Company”) and applies solely to residents of the State of California (“consumers” or “you”) with respect to personal information the Company processes as a business. Any terms defined in the California Consumer Privacy Act of 2018, as amended from time to time, including by the California Privacy Rights Act of 2020 and its implementing regulations (“CCPA”) have the same meaning when used in this policy. This policy does not reflect our collection, use, or disclosure of California residents’ personal information, or data subject rights, where an exception or exemption under the CCPA applies.

Our Personal Information Handling Practices in the last 12 months

We have set out below categories of personal information about California residents we have collected, and as applicable disclosed, for a business purpose in the preceding 12 months. The table is followed by a description of the purposes for which we collected personal information. If we process deidentified information, we will maintain the information in a deidentified form and not attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether deidentification processes used satisfy legal requirements. We did not “sell” or “share” personal information as the CCPA defines these terms over the preceding 12 months.

 

 

Category of personal information 

Did we collect? If so, from what source?

Did we disclose? If so, to whom and for what purpose?

Personal Information

Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Directly from you (through your use of the site)

To various service providers, such as: 

  • IT security companies, network monitoring companies, for security, investigation, and enforcement purposes
  • Business analysts for analytics purposes
  • To corporate partners, for corporate transaction purposes

Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, address, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.

(The categories of personal information described in the California Customer Records Act (Cal. Civ. Code § 1798.80(e))

Directly from you (through your use of the site)

To various service providers, such as: 

  • Business analysts for analytics purposes
  • To corporate partners, for corporate transaction purposes 

Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Directly from you

To service providers for purposes of providing services.

Internet or other electronic network activity information, including, but not limited to, browsing history, and information regarding a consumer’s interaction with an internet website application.

Indirectly from you (through the website)

No.

Geolocation data.

Indirectly from you (through the website)

No.

Audio, electronic, visual, thermal, olfactory, or similar information.

Directly from you

We may upload to LinkedIn and Instagram for purposes of promoting our brand.

Professional or Employment-related information.

Directly from you

No.

Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).

Directly from you

No.

Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Directly from you (through your use of the site)

To various service providers.

Sensitive Personal Information

A consumer’s account log-in, in combination with any required security or access code, password, or credentials allowing access to an account

Directly from you

To various service providers for security purposes

 

Business or Commercial Purpose for Collecting Personal Information

  • User Registration and Account Management: to enable registration for our services, conclusion and execution of a contract with consumers, creation of user account(s), authentication, and account settings customisation.
  • Provision of services: to maintain, provide and deliver and improve our services such as our Webmaster Tools, AI Writing Tools, and related services, including performance tracking and reporting, employing hosting and backend infrastructure for the operation of the website, blocking spam, and employing the use of user database management.
  • Event Provision and Management: to coordinate and conduct matters in relation to events we may organise from time to time, including registration and provision of access, attendance and ticketing, logistics, budgeting, vendor management and post-event evaluations.
  • Creation and Use of Analytics and Reports: to collate and analyse information for internal use and for authorised external parties.
  • Development of Products and Services: to develop new products and services such as software improvements and version upgrades.
  • Marketing Communications: to communicate marketing or advertising information, including personalised content based on the information collected.
  • Customer Support: to provide customer communications such as notifications on changes, handling queries and complaints, and other customer service interactions.
  • Fraud Prevention and Security: to improve the safety and security of our services, such as undertaking measures in relation to fraud prevention.
  • Talent Acquisition and Workforce Management: to manage our workforce, such as recruiting and hiring workers, managing job postings and applicant tracking, conducting interviews and assessments, and overseeing worker onboarding and training processes.
  • Compliance with Legal Obligations: to comply with our legal obligations, including participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
  • Legitimate Interest: To the extent necessary for the purposes of the legitimate interests pursued by us or by a third party.

We only use your sensitive personal information for purposes referenced at Subsection 1798.121(a) of the CCPA, namely to perform the services or provide the goods reasonably expected by an average California resident who requests those goods or services, and we do not use sensitive personal information to infer characteristics about you. We do not have actual knowledge that we sell or share for cross context behavioural advertising, and we do not have the personal information of California residents under 16 years of age. 

CCPA Rights

As a California resident, you have the following rights under the CCPA:

  • The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You may only exercise your right to know twice within a 12-month period. 
  • The right to delete personal information that we have collected from you, subject to certain exceptions.
  • The right to correct inaccurate personal information that we maintain about you.
  • The right to opt out of the sale or sharing of your personal information by us. We do not “sell” or “share” personal information, as the CCPA defines these terms.
  • The right to limit our use and disclosure of sensitive personal information to purposes specified in Cal. Civil Code 1798.121(a). We do not use or disclose sensitive personal information for purposes other than those specified in Cal. Civil Code 1798.121(a). 

The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, in violation of California Civil Code § 1798.125, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights.

How to Exercise CCPA Rights

Methods of Submission and Instructions: To submit a request to exercise your rights to know, delete or correct, please email privacy@ahrefs.com.

Verification: Only you, or someone legally authorised to act on your behalf, may make a request related to your personal information. You may designate an authorised agent by taking the steps outlined under “Authorised Agent” further below. In your request or in response to us seeking additional information, you, or your authorised agent, must provide sufficient information to allow us to reasonably verify that you are, in fact, the person whose personal information was collected, which will depend on your prior interactions with us and the sensitivity of the personal information being requested. We may ask you for information to verify your identity and if you do not provide enough information for us to reasonably verify your identity, we will not be able to fulfil your request. We will only use the personal information you provide to us in a request for the purposes of verifying your identity and to fulfill your request.

Opt-Out Preference Signals:  We do not “sell” or “share” personal information or use or disclose “sensitive personal information” for purposes outside of those referenced at subsection 1798.121(a) of the CCPA and therefore do not process opt-out signals. 

 

Authorised Agents:  You can designate an authorised agent to make a request under the CCPA on your behalf if:

  • The authorised agent is a natural person or a business entity and the agent provides proof that you gave the agent signed permission to submit the request; and
  • You directly confirm with the Company that you provided the authorised agent with permission to submit the request.

If you provide an authorised agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorised agent in accordance with the CCPA.

 

Contact Us

If you have any questions or comments about these disclosures or our practices, please contact us at:

Email address: privacy@ahrefs.com

Postal address: Ahrefs Pte Ltd

16 Raffles Quay #33-03 Hong Leong Building Singapore 04858