Privacy Policy

1. Personal Information We Collect

We collect personal information from multiple sources depending on how you interact with our Services. The categories below describe what we collect and why.

A. Information You Provide to Us

Account Information. When you create a Geol.ai account, we collect your name and email address through our authentication provider (Neon Auth). If you sign in with a third-party identity provider (e.g., Google), we receive the name and email associated with that account.

URLs and Content Submitted for Analysis. When you use the Geol.ai platform, you submit URLs for AI visibility analysis. We crawl the publicly accessible web pages at those URLs to extract content such as HTML text, headings, meta tags, and structured data. This crawled content is used solely for analysis and optimization scoring.

Payment Information. If you subscribe to a paid plan, payment details (credit card number, billing address) are collected and processed exclusively by Stripe, our PCI-compliant payment processor. Geol.ai never receives, stores, or has access to your full payment card details.

Company and Project Information. During onboarding, you may provide details about your organization including company size, whether you are an agency, and project details such as domain name, project name, and project description. This information helps us tailor the service to your needs.

Prompt Explorer Queries. When you use the Prompt Explorer tool, you submit text prompts that are executed against multiple AI search engines. We collect the prompts you submit, the AI provider responses received, and associated metadata (timestamp, project identifier, subscription tier, AI providers queried). This data is used to deliver the Prompt Explorer feature and, in aggregated anonymized form, to improve our AI analysis capabilities.

B. Information Collected Automatically

Location Information. We infer your approximate geographic location from your IP address. We do not collect precise GPS-based location data.

Device Information. We automatically collect your IP address, browser type and version, operating system, and device type when you access our Services.

Usage Data. We collect information about how you interact with the Services, including pages viewed, features used, actions taken (such as scans initiated), dates and times of visits, and referral URLs.

C. Cookies and Similar Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how visitors use the Services. The table below lists the cookies we use.

Note: Your theme preference (light/dark mode) is stored in your browser's localStorage, not in a cookie, and is never transmitted to our servers.

D. Information from Third Parties

We do not currently purchase personal information from data brokers or receive personal data about you from third-party CRM integrations. If you authenticate using a third-party identity provider (e.g., Google OAuth), we receive only the name and email you authorized for sign-in.

2. How We Use Personal Information

We use the personal information we collect for the following purposes:

• Service Delivery. To operate, maintain, and provide the core features of our platform, including crawling submitted URLs, performing AI visibility scoring, and generating optimization outputs (JSON-LD, llms.txt, robots.txt, sitemap.xml, metadata).
• AI Analysis. Crawled public webpage content (HTML text, meta tags, headings, structured data) is sent to AI service providers for analysis. We explicitly do not send your personal information (name, email, or payment details) to AI providers; only the publicly accessible content of the URLs you submit is analyzed.
• Billing and Subscriptions. To process payments, manage subscription tiers, and handle invoicing through Stripe.
• Metered Usage and Billing. To track credit consumption across three credit types (Scan, Format, Prompt Run), calculate overage charges, enforce usage limits, and process automated billing through Stripe Billing Meters. Usage data includes credit type, quantity consumed, timestamp, and associated project identifier. This data is shared with Stripe solely for billing purposes.
• Prompt Explorer Analytics. When you use the Prompt Explorer, we process the prompts submitted and AI provider responses received to deliver side-by-side comparison results. This data is also processed internally in aggregated, anonymized form to improve our AI analysis capabilities and service quality. We do not share individual Prompt Explorer results with third parties. Prompt Explorer data is stored separately from AI Monitoring data.
• Product Analytics. To understand how our Services are used, identify areas for improvement, and measure feature adoption through Google Tag Manager and Mixpanel.
• Communications. To send transactional emails (account verification, password resets, scan completion notifications, and billing receipts) through Resend.
• Security and Fraud Prevention. To detect, investigate, and prevent fraudulent activity, abuse, or unauthorized access to the Services.
• Legal Compliance. To comply with applicable laws, regulations, legal processes, or governmental requests.

3. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), we process your personal information only when we have a valid legal basis. Our legal bases include:

• Contract Performance. Processing necessary to provide you with the Services you requested, including account creation, URL analysis, format generation, and subscription management.
• Legitimate Interests. Processing for our legitimate business interests, such as improving and securing the Services, conducting product analytics, and preventing fraud, provided these interests are not overridden by your data protection rights.
• Consent. Where you have given us specific consent, for example to receive marketing communications or to set optional analytics cookies.
• Legal Obligations. Processing required to comply with applicable law, such as tax reporting and responding to lawful government requests.

4. How We Disclose Personal Information

We do not sell your personal information. We share information with the following categories of service providers ("subprocessors") solely to operate and deliver the Services:

Important distinction regarding AI providers: OpenAI, Anthropic, and Google/Gemini receive only crawled public webpage content (HTML text, meta tags, headings, structured data) for the purpose of AI visibility analysis. Your personal data -- such as your name, email address, payment information, or account details -- is never sent to these AI providers.

We may also disclose personal information when required by law, in response to valid legal processes (such as a subpoena or court order), to protect the rights and safety of Geol.ai and our users, or in connection with a merger, acquisition, or sale of assets.

5. Your Choices

• Account Settings. You can update your name, email, and other profile information through your account settings at any time.
• Email Preferences. You can manage your email notification preferences, including opting out of non-essential communications, through your account settings. Geol.ai supports granular email preference controls so you can choose which categories of emails you receive. Note that you cannot opt out of transactional emails related to your account (such as billing receipts and security alerts).
• Cookie Management. You can configure your browser to refuse all or some cookies, or to alert you when cookies are being set. Please note that disabling essential cookies (such as authentication cookies) may prevent you from using the Services.
• Analytics Opt-Out. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On. Mixpanel honors Do Not Track browser signals; you may also opt out at mixpanel.com/optout.
• Account Deletion. You may request deletion of your account and associated data by contacting us at hello@geol.ai.

6. Third-Party Links and Services

The Services may contain links to third-party websites, products, or services that are not owned or controlled by Geol.ai. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected through our Services.

7. Data Retention

We retain your personal information for as long as your account remains active or as needed to provide you with the Services. Specific retention periods include:

• Account Data. Retained for the lifetime of your active account. Upon account deletion, personal information is removed within 30 days, subject to legal retention obligations.
• Scan and Analysis Data. Scan results are stored in our database as long as your account is active. Temporary scan data is cached in Upstash Redis with a 15-minute time-to-live.
• Generated Format Files. Optimization output files (JSON-LD, llms.txt, robots.txt, sitemap.xml, metadata) are stored in Cloudflare R2 and retained as long as the associated project exists.
• Billing Records. Payment and subscription records are maintained by Stripe in accordance with financial recordkeeping requirements.
• Prompt Explorer Data. Prompt Explorer queries, AI provider responses, and associated metadata are retained as long as your account is active. Aggregated, anonymized analytics derived from Prompt Explorer data may be retained indefinitely. Upon account deletion, individual Prompt Explorer records are removed within 30 days.

When we no longer need personal information for the purposes described in this policy, we securely delete or anonymize it.

8. Security

We implement industry-standard security measures to protect your personal information, including:

• Encryption in Transit. All data transmitted between your browser and our servers is protected with HTTPS/TLS encryption.
• Secure Authentication. User sessions are managed through Neon Auth using HTTP-only, encrypted session cookies that are inaccessible to client-side scripts.
• PCI-Compliant Payments. All payment card processing is handled by Stripe. Geol.ai never stores, processes, or transmits payment card numbers.
• Access Controls. Internal access to user data is restricted to authorized personnel on a need-to-know basis.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

9. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at hello@geol.ai.

10. International Visitors (GDPR/EEA)

Geol.ai is based in the United States. If you access our Services from the EEA, the UK, or other regions with data protection laws that differ from U.S. law, please be aware that your personal information will be transferred to and processed in the United States.

For transfers of personal information from the EEA or the UK to the United States, we rely on European Commission-approved Standard Contractual Clauses (SCCs) as appropriate, or other lawful transfer mechanisms under applicable data protection law.

Your GDPR Rights. If you are located in the EEA or the UK, you have the following rights under the General Data Protection Regulation:

• Right of Access. You may request a copy of the personal information we hold about you.
• Right to Rectification. You may request that we correct inaccurate or incomplete personal information.
• Right to Erasure. You may request that we delete your personal information, subject to certain exceptions (such as legal retention requirements).
• Right to Restriction. You may request that we restrict the processing of your personal information under certain circumstances.
• Right to Data Portability. You may request a copy of your personal information in a structured, commonly-used, machine-readable format.
• Right to Object. You may object to the processing of your personal information based on our legitimate interests.
• Right to Withdraw Consent. Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@geol.ai. You also have the right to lodge a complaint with your local data protection supervisory authority.

11. Your California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act ("CCPA") grants you specific rights regarding your personal information.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email, IP address), commercial information (subscription and billing records), internet or electronic network activity (usage data, pages viewed), and professional or employment-related information (company size, agency status).

Your CCPA Rights

• Right to Know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purposes for collection, and the categories of third parties with whom it was shared.
• Right to Delete. You may request that we delete the personal information we have collected about you, subject to certain exceptions.
• Right to Opt-Out of Sale. Geol.ai does not sell personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.
• Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing or quality of service for exercising your rights.

To submit a CCPA request, please contact us at hello@geol.ai. We will verify your identity before fulfilling any request.

12. Changes and Contact

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by providing additional notice (such as an in-app notification or email).

Geol.ai is responsible for the processing of your personal information as described in this Privacy Policy. If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us:

• Email: hello@geol.ai
• Address: [Physical Address]