Privacy Policy
Last updated: April 6, 2026
GEOAT ("we," "our," or "us") operates the website geoat.io (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Service.
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Information You Provide
- Account Information: When you create an account, we collect your email address. We use magic link authentication — we do not collect or store passwords.
- Brand and Keyword Data: When you use our scanning features, you provide brand names and keywords. This information is used to generate AI visibility reports.
- Billing Information: When you subscribe to a paid plan, payment is processed by Stripe. We do not directly store your credit card number, bank account details, or other financial information. Stripe's privacy policy governs their handling of your payment data.
Information Collected Automatically
- Usage Data: We collect information about how you interact with the Service, including pages visited, features used, scan frequency, and actions taken within the dashboard.
- Device and Browser Information: We may collect your IP address, browser type, operating system, and device identifiers.
- Analytics: We use Google Analytics to understand how users interact with our Service. Google Analytics collects information such as how often users visit our site, what pages they visit, and what other sites they used prior to coming to our Service.
- Cookies: We use essential cookies required for authentication and session management. We do not use advertising or tracking cookies.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process your transactions and manage your subscription
- Send you transactional communications (e.g., welcome emails, subscription confirmations, scan alerts)
- Generate AI visibility scans and reports based on your brand and keyword data
- Monitor and analyze usage trends to improve the user experience
- Detect, prevent, and address technical issues and security threats
- Comply with legal obligations
3. How AI Scanning Works
When you run a visibility scan, GEOAT sends keyword-based prompts to third-party AI providers (including OpenAI, Anthropic, Google, Perplexity, and xAI). We do not send your personal information (email, name, or account details) to these AI providers. The prompts contain only the brand name and keyword you provide for scanning. Responses from AI providers are analyzed for brand mentions, rankings, and sentiment, then stored in your account.
4. Third-Party Services
We use the following third-party services to operate the Service:
| Service | Purpose |
|---|---|
| Supabase | Authentication, database, and hosting |
| Stripe | Payment processing and subscription management |
| Vercel | Website hosting and deployment |
| Google Analytics | Website analytics |
| OpenAI | AI scanning (ChatGPT) |
| Anthropic | AI scanning (Claude) |
| Google (Gemini) | AI scanning |
| Perplexity | AI scanning |
| xAI | AI scanning (Grok) |
5. Data Retention
- Account Data: We retain your account information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.
- Scan Data: Historical scan results are retained according to your subscription plan. Free plan data may be retained for up to 30 days. Paid plan data is retained for the duration of your subscription and up to 90 days after cancellation.
- Analytics Data: Aggregated, anonymized usage data may be retained indefinitely to improve the Service.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption in transit (TLS/HTTPS)
- Row-level security (RLS) on all database tables
- Environment-segregated API keys
- Regular security reviews
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data
- Portability: Request a copy of your data in a structured, machine-readable format
- Objection: Object to processing of your personal data for certain purposes
To exercise any of these rights, contact us at hello@geoat.io. We will respond to your request within 30 days.
8. Children's Privacy
The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal data, we will delete it promptly.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to these countries.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.
11. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Email: hello@geoat.io
Website: https://geoat.io