Privacy Policy
1. Introduction
Geo Attribution is a platform that measures how large language models (LLMs) like ChatGPT, Perplexity, Gemini, and Claude cite and reference websites. The data controller is Geo Attribution Ltd (UK), with registered address at [TBD]. For data protection enquiries, contact [email protected]. We are committed to protecting your privacy and being transparent about how we collect, use, and share your data.
This Privacy Policy explains what information we collect when you use our website and services, how we use that information, and what choices you have. By using our service, you agree to the collection and use of information in accordance with this policy.
2. Information we collect
We collect several types of information to provide and improve our services:
Account Information
- Email address (required for registration and communication)
- Name (optional, for personalization)
- Password (hashed using bcrypt)
Usage Data
- Scan history and results (domains scanned, competitors tracked)
- Citation data and analytics gathered from LLM API responses
- Login times and session information
- Feature usage patterns within the platform
Payment Information
- Billing information processed through Stripe (we do not store credit card details)
3. How we use information
We use the information we collect for the following purposes:
- Providing the service: Running scans, tracking citations, generating reports
- Improving the platform: Analyzing usage patterns to enhance features and performance
- Billing and account management: Processing payments and managing subscriptions
- Customer support: Responding to your questions and troubleshooting issues
- Security: Protecting against unauthorized access and fraud
- Communication: Sending you service-related emails and important updates
Legal basis for processing (per GDPR Article 6): service provision and contractual obligations use 'performance of contract'; security monitoring and platform analytics use 'legitimate interests'; billing uses 'performance of contract'; cookies and email marketing (if opted in) use 'consent'.
4. Data sharing
We work with carefully selected third-party service providers to operate our platform. Your data may be shared with:
- Stripe — for payment processing and billing management
- Resend — for transactional email delivery (account verification, notifications)
- Fly.io — for hosting infrastructure and database storage
- Tigris — for database backup and replication services
- LLM API Providers (OpenAI, Anthropic, Google, Perplexity) — for citation analysis and content scanning
We do not sell, rent, or otherwise share your personal information with third parties for their marketing purposes. All service providers are bound by strict data protection agreements.
5. Data retention
We retain your information for different periods depending on the type of data:
- Account data: Until you request deletion of your account
- Scan results and analytics: According to your subscription plan limits
- Refresh tokens: 7 days (automatically rotated for security)
- Audit logs: Retained for security monitoring and debugging purposes, periodically reviewed
You can request deletion of your account and associated data at any time through your account settings or by contacting us.
6. Your rights
Under data protection regulations including GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Ask us to correct any inaccurate personal data
- Erasure: Request deletion of your personal data
- Data portability: Receive your data in a machine-readable format
- Object: Opt out of certain data processing activities
- Restrict processing: Limit how we process your data in certain circumstances
- Complaint to supervisory authority: Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated
To exercise any of these rights, please contact us using the details in the Contact section below.
8. International transfers
Your data is primarily stored in London, UK through our hosting provider Fly.io. Database backups are replicated to Tigris S3-compatible storage, which may involve transfers to other regions within the European Economic Area.
When using LLM APIs for citation analysis, your domain and competitor data may be processed by service providers located outside the EEA (primarily in the United States). These transfers are necessary for providing our core service. Transfers outside the UK rely on Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner. Primary storage remains in the UK (London Fly.io region).
9. Children's privacy
Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal compliance. When we make significant changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify you via email if you have an account with us
- Provide prominent notice on our website for 30 days
Your continued use of our service after such modifications constitutes your acceptance of the updated Privacy Policy.
11. Contact
If you have any questions about this Privacy Policy, want to exercise your privacy rights, or need to contact our Data Protection Officer, please reach out to us:
- Email: [email protected]
- Data Protection Officer: [email protected]
We aim to respond to all privacy-related inquiries within 30 days.