What does Schema App do with my data?

Context

Schema App adds publicly available structured data (Schema Markup) to your web pages so that search engines like Google, Bing and similar can capture and better understand your web content. Schema markup also allows those search engines to display supplementary visual information (aka Rich Results) as part of search engine results related to your web pages. This support document addresses different kinds of data and the various ways Schema App does or does not use that data.  

Types of Data We Collect

We collect several categories of data as part of delivering this service:

1. Your Public Website Content
2. Google Search Console Data - Optional
3. Account Management Data
4. Other Data

Your Public Website Content

Most data collected by Schema App is at your behest, from your public facing web pages.  We capture what you request, and nothing more. 

Schema Markup is intended to be read by search engines to help them better understand your website. The data we generate and store needs to be consumed globally by search engines including Google, Bing and others.  As such, there is no local or global restriction on access to this human and machine readable public data.

The data is converted to Schema Markup and stored as JSON-LD held in an AWS S3 bucket with full public access.

This applies to all data you ask us to collect from your website, including personal data publicly available on your website. Please notify us if any collected personal data subsequently becomes private or is otherwise subject to a removal request.

Google Search Console Data (Optional)

Optionally, you may sign up to use Schema Performance Analytics, a powerful reporting tool that compares your Google Search Console data against your structured data to gain insights into your SEO performance and ROI of your Schema Markup.

If you elect to use Schema Performance Analytics, we only collect non-identifiable SEO metrics from Google Search Console. This data covers things like Click Through Rate, Rich Result eligibility and similar of your URLs. All this data will be accessible only by your staff that you grant access to, and to select staff at Schema App such as your Customer Support Manager and people directly supporting your account.

All of this data is non-PII, and can be deleted upon request.  The data is stored in private encrypted AWS storage and processed by AWS Athena and QuickSight for the purposes of generating your private insights and reports.

Account Management Data

The private (and suitably protected) data we hold is in service of our contracts with you, e.g. your billing contacts, contract terms, and similar.  These are held in account management tools.

Other Data

Cookies on our website

Visitors to our website, like yourself, will have cookies set like visits to most websites do.  These cookies cover functional, performance tracking and marketing purposes.  Full details are in our website's privacy policy.

Visitors to your website

Depending on the deployment method you choose, our tools can generate and inject JSON-LD into your webpages using JavaScript.  Because this is run in-browser by visitors to your site, we will have a record of that in our AWS network access logs.  Like any request to any public webserver, our CDN technology will record the IP address and User Agent of requests to cdn.schemaapp.com and data.schemaapp.com domains.  These very limited records are kept in the AWS network request logs for 15 days and automatically deleted after that time.

Access to these logs is limited to a few specific senior individuals in Engineering roles with necessary admin privileges.  These logs are only ever accessed for debugging production issues, most notably security issues if we were to detect attempted security risks on our CDN or data domains. Otherwise they are ignored and automatically deleted in 15 days.

In addition, JavaScript integration can use our Robots-only Deployment option which activates only when the user-agent is identified in the allow list as a way to mitigate risks associated with PHI collection.

Customer data

We do not capture, record or process anything about your customers.