Privacy Policy
Last updated: March 20, 2026
1. Introduction
GEOScan ("we," "our," or "us") operates a Generative Engine Optimization (GEO) platform that helps businesses improve their brand visibility in AI-powered search engines such as ChatGPT, Perplexity, and Claude. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our services at geoscan.app.
By using GEOScan, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
We collect the following categories of information:
Account Information
When you register, we collect your name, email address, and a securely hashed password.
Website Data
Domain URLs you submit for GEO analysis. This is the core data used to perform our service.
Analysis Results
GEO scores, findings, AI-generated summaries, prompt tracking results (AI model responses, brand mentions, citations), and article generation outputs produced during scans.
AI API Keys
You may provide your own API keys for OpenAI, Anthropic, Google, Perplexity, and Grok. These keys are stored encrypted using AES-256-GCM and are never shared with third parties.
Payment Data
Subscription status and billing periods. Payment card details are handled exclusively by Stripe and are never stored on our servers.
Feedback
When you submit feedback, we collect your message, optional screenshots, your IP address, browser user-agent, and geographic metadata (country, city, timezone) derived from your IP.
Usage Data
Number of scans and AI-generated articles used per month, pages visited, and session cookies (JWT-based, managed via NextAuth). We use Persiscal for privacy-respecting analytics.
3. How We Use Your Information
We use your information to:
- Running GEO scans and generating optimization reports for your domains
- Tracking your brand's visibility in AI-powered search engines over time
- Processing payments and managing your subscription
- Sending transactional emails (account confirmations, billing receipts)
- Improving our platform based on usage patterns and feedback
- Complying with legal obligations
4. Payment Processing
All payment processing is handled by Stripe, a PCI-compliant payment processor. We do not store your credit card number, CVV, or other sensitive financial details on our servers. We only store your subscription status, plan tier, and billing period dates. Stripe's privacy practices are governed by the Stripe Privacy Policy.
5. AI API Keys
GEOScan allows you to connect your own API keys from third-party AI providers (OpenAI, Anthropic, Google, Perplexity, Grok) to power certain features. These keys are:
- Stored encrypted at rest using AES-256-GCM encryption
- Transmitted only over TLS/SSL
- Used solely to make API calls on your behalf to the respective providers
- Never shared with, sold to, or accessed by third parties
- Deletable by you at any time from your account settings
You are responsible for any costs incurred with the third-party AI providers through use of your API keys.
6. Data Sharing
We do not sell your personal data. We may share data only in the following circumstances:
- Cloud infrastructure: Our servers and database are hosted with trusted cloud providers who process data on our behalf under data processing agreements.
- AI providers (your keys): When you use your own API keys, your prompts and domain data are sent to the respective provider (e.g., OpenAI) per your instructions.
- Legal requirements: We may disclose information if required by law, court order, or to protect our legal rights.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
7. Data Security
We implement industry-standard security measures to protect your data:
- AES-256-GCM encryption for stored API keys
- TLS/SSL encryption for all data in transit
- Bcrypt hashing for passwords
- Access controls and authentication requirements for all data access
- Regular backups and disaster recovery procedures
However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
8. Data Retention
We retain your personal data for as long as your account is active or as needed to provide our services. If you delete your account, we will remove your personal data within 30 days. Anonymized or aggregated analytics data may be retained indefinitely as it cannot be used to identify you.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete data.
- Deletion: Request deletion of your personal data.
- Export: Receive your data in a portable format.
- Opt-out: Unsubscribe from marketing communications at any time.
To exercise any of these rights, contact us at privacy@geoscan.app.
10. International Transfers
GEOScan is operated from the United States. If you are located outside the United States, your information may be transferred to and processed in the United States or other countries. We ensure that appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
11. Children's Privacy
GEOScan is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us at privacy@geoscan.app and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you by email or by posting a prominent notice on our website before the change becomes effective. Your continued use of GEOScan after the effective date constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:
GEOScan
Email: privacy@geoscan.app