Legal
Last updated: April 21, 2026
We at Geoptiq ("Company", "we", "us") care about our users' privacy. This policy explains what data we collect when you use our services, how we use it, and how we protect it.
Account information: Name, email address, company name, password (hashed).
Usage data: Analysis history, keywords, reports, visibility scores.
Technical data: IP address, browser type, operating system, access times.
Payment information: Credit card details are processed directly by Stripe and are not stored on our servers.
The data collected is used for the following purposes:
- Delivering and improving our services
- Generating and storing analysis results
- Providing customer support
- Meeting legal obligations
- Service security and fraud prevention
Under GDPR Article 6, your personal data is processed on the following legal bases:
- Performance of a contract (Art. 6(1)(b)): account management, service delivery, payment processing
- Legitimate interest (Art. 6(1)(f)): security, fraud prevention, product development
- Legal obligation (Art. 6(1)(c)): accounting, tax, statutory records
- Explicit consent (Art. 6(1)(a)): marketing emails, optional analytics cookies
The following sub-processors receive data in order to deliver the Service. This list may be updated; the current list is published on this page.
- Google Cloud Platform (hosting — US/EU)
- Stripe (payment processing — IE/US)
- OpenAI (LLM API — US)
- Google Vertex AI (LLM infrastructure — EU)
- Firebase Authentication (authentication — US)
- Mailgun / Gmail SMTP (email delivery)
- Microsoft Clarity (product analytics — US)
- Cloudflare (CDN — global)
Data may also be disclosed to comply with legal obligations (court orders, legal requests) or in the event of a company merger or acquisition.
Your personal data may be transferred to service providers certified under the EU-US Data Privacy Framework, or on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission. Transfers to jurisdictions outside the European Economic Area are made only where an adequate level of protection is ensured or appropriate safeguards are in place.
Personal data is retained for the following periods:
- Account data: for the lifetime of the account + 30 days after a deletion request
- Payment and invoice records: 10 years (statutory requirement)
- User content (analyses, reports): until a deletion request is received
- Server and access logs: 90 days
- Inactive / trial accounts: automatically deleted after 12 months
- Marketing email consent: until withdrawn
All data is transmitted over SSL/TLS encryption and stored on GCP infrastructure. Regular security audits are performed and access controls are enforced.
In accordance with GDPR Article 33, personal data breaches are reported to the relevant supervisory authority within 72 hours, and affected data subjects are notified by email when the breach poses a high risk to their rights and freedoms.
Cookies are grouped into four categories:
- Essential cookies: session management, security. No consent required.
- Functional cookies: language preference, user settings.
- Analytics cookies: product usage analysis. Enabled only with explicit consent.
- Marketing cookies: not used.
Geoptiq services do not involve fully automated decision-making with legal effect within the meaning of GDPR Article 22. Analysis outputs are informational and subject to human review.
Geoptiq services are intended for commercial use. Users under the age of 18 may not create accounts or use the Service.
Under the GDPR, the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA/CPRA), you have the following rights:
- Request access to your data
- Request rectification of your data
- Request erasure of your data
- Object to the processing of your data
- Request data portability
- Opt out of the sale or sharing of personal information (CCPA/CPRA)
- Right to non-discrimination (CCPA/CPRA)
To exercise these rights, please write to [email protected].
For questions about our privacy policy:
[email protected]