This Privacy Policy applies to the Processing of information by Ahrefs Pte Ltd (“Ahrefs”, “we”, “us”, or “our”) (UEN No. 201227417H) of 16 Raffles Quay #33-03 Hong Leong Building Singapore 048581 in connection with the provision of our website (https://ahrefs.com) and the products and services provided via or in connection with these websites (“Ahrefs Services”).
By interacting with or using Ahrefs Services, you consent to the Processing of your information (including your Personal Data) in accordance with this Privacy Policy. If you are a California resident, please also refer to our Notice at Collection at Section 11.
This Privacy Policy does not apply to the products and services of other companies or organisations that advertise Ahrefs Services. If we are ever involved in a merger, acquisition or sale of assets (although we don’t have plans to!), we will notify you before your Personal Data becomes subject to a different privacy policy.
The details of our Data Protection Officer are as follows:
EU Representative
VeraSafe Ireland Ltd.
Unit 3D North Point House North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
In addition to any terms defined in any other part of this Privacy Policy, the following terms are defined as such:
means any and all laws, regulations, rules, measures, interpretations, codes or guidelines issued by any government authority in any part of the world with jurisdiction over Ahrefs which pertain to the protection of Personal Data and/or privacy, including but not limited to the Personal Data Protection Act 2012, the Regulation (EU) 2016/679 (General Data Protection Regulation) and The California Consumer Privacy Act of 2018 as amended by The California Privacy Rights Act of 2020.
means any identifiable natural person whose Personal Data we Process.
means any information or data, whether true or not, about an individual who can be identified from that data or from that data and other information to which Ahrefs has or is likely to have access, and/or any other information or data that constitutes as such under Data Protection Laws.
or
“Processing”means carrying out any operation or set of operations on or in relation to Personal Data, including but not limited to collection, use, disclosure, transfer, sale, recording, holding, organisation, adaptation, alteration, retrieval, combination, transmission, erasure or destruction.
We collect information to provide our website and Ahrefs Services, which may include your Personal Data. The information we collect and Process depends on how you use Ahrefs Services. We store the information we collect with unique identifiers tied to the browser, application or device you are using.
The information we collect as you access our website and use Ahrefs Services include:
data collected automatically, such as:
browser information, such as type, version and settings
device information, such as type and operating system
mobile network information, such as carrier and phone number
IP address
date, time and referral URL of access request
time zone
access status/HTTP status code
the data volume transferred
websites from which you arrive at our website
websites accessed by you through our website
universally unique identifier (UUID)
data collected in connection with the use of cookies and similar technologies, such as:
websites/webpages visited, access time, frequency and duration of visits, links clicked, interaction with advertisements
user segment or category
IP address, model or device type, operating system and version, browser type and settings
identifiers (device ID, advertisement ID, individual device token)
cookie-related data (e.g. cookie ID)
information provided where you contact us via email or social media, such as your email address, social media account ID, social media profile and the content of any messages sent to us; and
information within the content of any answers to questions we ask you, such as where we provide customer support.
The following are the purposes for which we Process information we have collected, which may include your Personal Data:
to enable registration for Ahrefs Services and the conclusion and execution of a contract with you, the creation of user accounts, authentication, and account settings customisation;
to maintain, provide, deliver and improve Ahrefs Services such as our Webmaster Tools, AI Writing Tools and related services, including performance tracking and reporting, employing hosting and backend infrastructure for the operation of the website, blocking spam and employing the use of user database management;
to coordinate and conduct matters in relation to events we may organise from time to time, including registration and provision of access, attendance and ticketing, logistics, budgeting, vendor management and post-event evaluations;
to collate and analyse information in relation to the use of Ahrefs Services for internal use and for authorised external parties, such as showing trends regarding general preferences;
to develop new products and services for us, such as software improvements and version upgrades (e.g., improving our AI model);
to communicate marketing or advertising information, including personalised content based on the information collected;
to provide customer communications, such as notifying you about changes to Ahrefs Services, handling queries and complaints and any other customer service interactions;
to improve the safety and security of Ahrefs Services, such as undertaking measures in relation to fraud prevention (e.g., authentication measures to prevent unauthorised access);
to comply with our legal obligations, including participating and/or cooperating with investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities for the purposes of detecting, investigating and prosecuting in relation to matters deemed relevant to us at our sole discretion;
to provide a more personalised user experience and improve Ahrefs Services (for more information, please refer to Section 8 below); and
The disclosure and transfer of information to any person(s) is on a need-to-know basis for any of the purposes outlined in Section 4 above.
We may disclose and/or transfer collected information, including your Personal Data, to the following third parties:
third party service provider supporting and processing payment transactions in relation to Ahrefs Services; where applicable and in relation to any payment transaction information, this Privacy Policy is subject to Stripe’s Privacy Policy (https://stripe.com/en-sg/privacy);
third party entities who enter into a contractual relationship with us to share, publish and promote content on or in relation to Ahrefs Services;
any and all entities to which Ahrefs is affiliated or related to, including but not limited to any subsidiary, wholly owned subsidiary, holding company, ultimate holding company, subsidiary of a holding company, related corporation, partnership or joint venture entity of Ahrefs;
third party entities who may receive your information to process such data on behalf of us under appropriate instructions as necessary for the respective processing purposes such as IT and other administrative services (e.g., hosting and/or maintenance of IT systems); the data processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard your Personal Data and to process your Personal Data only as instructed;
parties who manage the accounts with Ahrefs Services which you have access to or use, such as your employer or company;
third party entities or service providers who enter into a contractual relationship with us to provide support to Ahrefs Services; and
public bodies or organisations as required or permitted by applicable law and any third party entities who enter into a contractual relationship with us to provide advisory or consultancy services.
Third party entities or service providers may have privacy policies in respect of the information we disclose or transfer to them and their Processing of such information will also be subject to their privacy policies.
Any disclosure or transfer of information may be cross-border. Some recipient countries may be outside of the European Union/European Economic Area and may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist. The countries which provide an adequate level of data protection from a European data protection law perspective include Andorra, Argentina, Canada, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, United Kingdom, the Eastern Republic of Uruguay and the United States (commercial organisations participating in the EU-US Data Privacy Framework). With regard to data transfers to recipients outside of the European Union/European Economic Area and outside the aforementioned countries, we provide appropriate safeguards such as entering into data transfer agreements adopted by the European Commission (e.g. Standard Contractual Clauses (2021/914/EU)) with the recipients or taking other measures to provide an adequate level of data protection, where required under Data Protection Laws. For more information, you can refer to our Data Processing Addendum at https://ahrefs.com/legal/data-processing-addendum.
We retain the information we collect for different periods of time depending on the type of information.
Unless otherwise required by Data Protection Laws, we store Personal Data for only as long as is necessary to serve the purposes for which that Personal Data was collected. When storage of such Personal Data is no longer necessary, the Personal Data is deleted. Where you delete any Personal Data within your account with Ahrefs Services, such Personal Data is also deleted from our servers. We may retain some information for longer periods of time when necessary for legitimate business or legal purposes, such as security, fraud and abuse prevention, or financial record-keeping.
The legal bases which we rely on to Process information, including your Personal Data, are:
the conclusion and execution of a contract to which you are party in relation to the registration for our products, services and/or events;
fulfilment of a legal obligation to which the controllers may be subject within the context of the purposes of their activities;
necessity for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data, in particular where the Data Subject is a child; and
your consent, including in respect of our communications to you.
The Personal Data we collect is transferred to and stored in the United States where our services and other web properties operate.
All Personal Data is encrypted using Cloudflare when transmitted from our servers to your browser. The database backups are also encrypted. You are encouraged to review Cloudflare’s privacy policy https://www.cloudflare.com/privacypolicy/ for more information on how your Personal Data is handled by Cloudflare. While most data are not encrypted while they live in our database, we take reasonable precautions and follow industry best practices to make sure data is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. However, we must advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. If you become aware of any potential data breach or security vulnerability, you are requested to contact us immediately using the contact details provided at Section 2 of this Privacy Policy. We will use all required measures to investigate such incidents.
Under any and all Data Protection Laws applicable to you, you may be entitled to the following rights in relation to your Personal Data:
You may have the right to obtain from us confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, to request access to your Personal Data. The right of access includes, among other things, access to the purposes of the processing, the types of Personal Data to be processed, and the recipients or categories of recipient(s) to whom your Personal Data will be disclosed and/or transferred. However, this right is not unrestricted as the rights of other persons may limit your right of access. In certain circumstances, you may have the right to receive a copy of your Personal Data processed by us. For further copies, we charge a reasonable fee upon request.
You may have the right to request the rectification or correction of your Personal Data. Depending on the purposes of the processing, you may have the right to supplement incomplete Personal Data, including through the provision of a supplementary statement.
You may have the right to request that we erase your Personal Data or some part of it.
You may have the right to request that we restrict the processing of your Personal Data to certain purposes, or exclude certain purposes from what we may process your Personal Data for.
You may have the right to request for a copy of your Personal Data in a machine-readable format, and the right to transmit that data to a different controller.
You may have the right to object at any time to the processing of your Personal Data by us for certain or all purposes.
You may have the right at any time to withdraw consent to any processing of your Personal Data. The withdrawal of consent shall not affect the lawfulness of the use and disclosure of your Personal Data prior to the withdrawal.
You may have the right to appeal our denial of your request, which you may exercise in response to us communicating our denial. In these cases, we will reconsider your request and then notify you of our decision.
You may have the right to bring a claim before a competent data protection authority with jurisdiction over any and all Data Protection Laws applicable to you.
To exercise your rights, please contact us using the contact details provided at Section 2 of this Privacy Policy. We may request additional information from you to verify your identity and complete your request.
This section applies to California residents. You may also refer to our California Privacy Policy below for more information.
The information we collect can be found at Section 3, which includes both sensitive and non-sensitive personal information.
Some examples of sensitive personal information that we collect are your account log-in details, passwords, and precise geolocation. Some examples of non-sensitive personal information that we collect are your name, email address and internet browsing history.
We collect and use personal information for the purposes at Section 4. Any disclosure and transfer of personal information is in accordance with Section 5.
In general, with respect to each category of personal information collected, we retain the information in accordance with Section 6.
We may change this Privacy Policy from time to time. We encourage you to check this page for any changes. You can tell when Privacy Policy was last updated by looking at the date at the top of this page.
Last modified: April 30, 2025
This policy is provided by Ahrefs Pte Ltd (“Company”) and applies solely to residents of the State of California (“consumers” or “you”) with respect to personal information the Company processes as a business. Any terms defined in the California Consumer Privacy Act of 2018, as amended from time to time, including by the California Privacy Rights Act of 2020 and its implementing regulations (“CCPA”) have the same meaning when used in this policy. This policy does not reflect our collection, use, or disclosure of California residents’ personal information, or data subject rights, where an exception or exemption under the CCPA applies.
We have set out below categories of personal information about California residents we have collected, and as applicable disclosed, for a business purpose in the preceding 12 months. The table is followed by a description of the purposes for which we collected personal information. If we process deidentified information, we will maintain the information in a deidentified form and not attempt to reidentify the information, except that we may attempt to reidentify the information solely for the purpose of determining whether deidentification processes used satisfy legal requirements. We did not “sell” or “share” personal information as the CCPA defines these terms over the preceding 12 months.
| Category of personal information | Did we collect? If so, from what source? | Did we disclose? If so, to whom and for what purpose? |
|---|---|---|
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | Directly from you (through your use of the site) | To various service providers, such as:
|
Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, address, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. (The categories of personal information described in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)) | Directly from you (through your use of the site) | To various service providers, such as:
|
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Directly from you | To service providers for purposes of providing services. |
Internet or other electronic network activity information, including, but not limited to, browsing history, and information regarding a consumer’s interaction with an internet website application. | Indirectly from you (through the website) | No. |
Geolocation data. | Indirectly from you (through the website) | No. |
Audio, electronic, visual, thermal, olfactory, or similar information. | Directly from you | We may upload to LinkedIn and Instagram for purposes of promoting our brand. |
Professional or Employment-related information. | Directly from you | No. |
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99). | Directly from you | No. |
Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Directly from you (through your use of the site) | To various service providers. |
| Category of personal information | Did we collect? If so, from what source? | Did we disclose? If so, to whom and for what purpose? |
|---|---|---|
A consumer's account log-in, in combination with any required security or access code, password, or credentials allowing access to an account. | Directly from you | To various service providers for security purposes. |
User Registration and Account Management: to enable registration for our services, conclusion and execution of a contract with consumers, creation of user account(s), authentication, and account settings customisation.
Provision of services: to maintain, provide and deliver and improve our services such as our Webmaster Tools, AI Writing Tools, and related services, including performance tracking and reporting, employing hosting and backend infrastructure for the operation of the website, blocking spam, and employing the use of user database management.
Event Provision and Management: to coordinate and conduct matters in relation to events we may organise from time to time, including registration and provision of access, attendance and ticketing, logistics, budgeting, vendor management and post-event evaluations.
Creation and Use of Analytics and Reports: to collate and analyse information for internal use and for authorised external parties.
Development of Products and Services: to develop new products and services such as software improvements and version upgrades.
Marketing Communications: to communicate marketing or advertising information, including personalised content based on the information collected.
Customer Support: to provide customer communications such as notifications on changes, handling queries and complaints, and other customer service interactions.
Fraud Prevention and Security: to improve the safety and security of our services, such as undertaking measures in relation to fraud prevention.
Talent Acquisition and Workforce Management: to manage our workforce, such as recruiting and hiring workers, managing job postings and applicant tracking, conducting interviews and assessments, and overseeing worker onboarding and training processes.
Compliance with Legal Obligations: to comply with our legal obligations, including participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
Legitimate Interest: To the extent necessary for the purposes of the legitimate interests pursued by us or by a third party.
We only use your sensitive personal information for purposes referenced at Subsection 1798.121(a) of the CCPA, namely to perform the services or provide the goods reasonably expected by an average California resident who requests those goods or services, and we do not use sensitive personal information to infer characteristics about you. We do not have actual knowledge that we sell or share for cross context behavioural advertising, and we do not have the personal information of California residents under 16 years of age.
As a California resident, you have the following rights under the CCPA:
Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may designate an authorized agent by taking the steps outlined under "Authorized Agent" further below. In your request or in response to us seeking additional information, you, or your authorized agent, must provide sufficient information to allow us to reasonably verify that you are, in fact, the person whose personal information was collected which will depend on your prior interactions with us and the sensitivity of the personal information being requested. We may ask you for information to verify your identity and, if you do not provide enough information for us to reasonably verify your identity, we will not be able to fulfil your request. We will only use the personal information you provide to us in a request for the purposes of verifying your identity and to fulfill your request.
We do not "sell" or "share" personal information or use or disclose "sensitive personal information" for purposes outside of those referenced at subsection 1798.121(a) of the CCPA and therefore do not process opt-out signals.
You can designate an authorized agent to make a request under the CCPA on your behalf if:
The authorized agent is a natural person or a business entity and the agent provides proof that you gave the agent signed permission to submit the request; and
You directly confirm with Company that you provided the authorized agent with permission to submit the request.
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
If you have any questions or comments about these disclosures or our practices, please contact us at: