GeoNexoGeoNexo
    Login
    Back to Home

    Privacy Policy

    Last Updated: April 2, 2026

    1. Overview

    This Privacy Policy describes how GeoNexo AI ("GeoNexo," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use our website at geonexo.com, dashboard, APIs, and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.

    2. Information We Collect

    We collect information in the following categories:

    2.1 Information You Provide Directly

    • Account information: email address, full name, display name, and password (or Google OAuth credentials).
    • Business information: website URL, business name, business type, services offered, target locations, and primary location.
    • Profile information: avatar/profile picture (uploaded to our storage), referral codes.
    • Communication preferences: daily report opt-out preference, email unsubscribe preferences.
    • Contact inquiries: name, email, subject, and message when you submit a contact form.
    • Payment information: processed by Stripe. We store your Stripe customer ID but do not store credit card numbers, CVVs, or full payment details on our servers.

    2.2 Information Collected Automatically

    • Usage analytics: page views, feature usage, button clicks, and navigation patterns collected via PostHog (our analytics provider). We use a project-specific PostHog key and do not enable autocapture of all page interactions.
    • Device and browser information: browser type, operating system, screen resolution, and device type (collected by PostHog).
    • AI scan data: visibility scores, sentiment analysis, citation data, competitor mentions, and AI model responses generated when we scan your website's presence across AI platforms.
    • Credit transaction history: records of credit usage, purchases, referral bonuses, and admin adjustments.
    • Generated content logs: records of content generated through the Service (blog posts, FAQs, social posts, schema markup), including the content body, action type, and credits spent.

    2.3 Information from Third-Party Integrations

    • When you connect third-party accounts (Google Analytics, Google Search Console, Google Business Profile, LinkedIn, X/Twitter, Instagram, WordPress, Webflow, Ghost), we receive access tokens and basic account information (account name, account ID) through OAuth flows managed by Nango.
    • LinkedIn: profile information (name, profile ID), post content, and engagement analytics.
    • X (Twitter): Twitter handle, avatar URL, Twitter user ID, and content publishing capabilities.
    • Google services: search rankings, traffic data, business profile information as authorized by you.

    3. How We Use Your Information

    We use the information we collect to:

    • Provide, maintain, and improve the Service, including AI visibility scans, content generation, and analytics dashboards.
    • Process payments, manage credits, and administer subscription plans via Stripe.
    • Send transactional emails: account verification, password resets, daily visibility reports, low-credit alerts, credit-exhaustion notifications, referral confirmations, subscription updates, and payment failure notices.
    • Publish content on your behalf to connected third-party platforms (LinkedIn, X, WordPress, etc.) when you explicitly initiate such actions.
    • Analyze usage patterns via PostHog to improve the product, identify bugs, and understand feature adoption.
    • Identify and link your activity to your account via PostHog user identification (using your Supabase user ID and email).
    • Detect and prevent fraud, abuse, and violations of our Terms of Service, including monitoring for flagged accounts.
    • Provide customer support and respond to inquiries submitted through our contact form.
    • Administer the referral program, including tracking referral codes, awarding credits, and verifying eligibility.
    • Sync your account data with our CRM (Attio) for customer relationship management.

    4. Data Storage & Security

    • Your data is stored on cloud infrastructure provided by Supabase (hosted on AWS). Our database is protected by Row-Level Security (RLS) policies ensuring users can only access their own data.
    • Sensitive tokens (third-party OAuth access tokens, Twitter credentials) are encrypted at rest using PGP symmetric encryption with a server-side encryption key stored in a secure vault.
    • We use HTTPS/TLS for all data in transit between your browser and our servers.
    • File storage (avatars, blog images, social media assets, email assets) is hosted on Supabase Storage with appropriate access controls.
    • We do not store your third-party passwords. OAuth integrations are managed through Nango, which handles token refresh and storage.
    • While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data and shall not be liable for unauthorized access resulting from sophisticated attacks, zero-day vulnerabilities, or circumstances beyond our reasonable control.

    5. Data Sharing & Third Parties

    We share your information with the following categories of third parties:

    • Payment processor: Stripe processes your payments and receives your billing information. Stripe's privacy policy governs their use of your data.
    • Analytics: PostHog receives anonymized and identified usage data. PostHog's data is hosted in the United States.
    • OAuth provider: Nango manages OAuth connections to third-party platforms and stores access/refresh tokens for connected integrations.
    • AI model providers: We send your website URL and business-related prompts to AI models through web-scraping (OpenAI/Google/Perplexity AI/xAI/DeepSeek (API only)) to perform visibility scans. These providers process the data according to their respective privacy policies and API terms.
    • Web scraping: We use BrightData proxy services to access publicly available web content for analysis purposes.
    • CRM: We sync basic account information (user ID, email, signup date) with Attio for customer relationship management.
    • Content publishing: When you initiate content publication, we transmit content to the connected platforms (LinkedIn, X, WordPress, etc.) on your behalf.
    • Email delivery: Transactional emails are sent through our email infrastructure. We maintain send logs, suppression lists, and unsubscribe records.
    • We do not sell your personal information to third parties.
    • We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of GeoNexo, our users, or the public.

    6. Cookies & Local Storage

    • We use browser local storage (prefixed with 'geonexo:') to cache onboarding data, session preferences, and temporary UI state. This data is cleared upon sign-out.
    • PostHog may set cookies for analytics and user identification purposes.
    • Supabase authentication uses secure tokens stored in local storage for session management.
    • We use Meta Pixel to track user behaviour in accordance with our Meta Ad campaigns.

    7. Data Retention

    • Account data is retained for as long as your account is active.
    • Upon account deletion, we permanently delete your profile, projects, scan results, generated content, credit history, connected integrations, and all associated data. This process is irreversible.
    • We may retain anonymized, aggregated data that cannot be used to identify you for analytical and product improvement purposes.
    • Financial transaction records may be retained as required by applicable tax and accounting laws.
    • Email send logs, suppression lists, and audit logs may be retained for compliance and abuse prevention purposes.
    • Orphaned data from recycled email addresses is automatically purged when a new account is created with the same email.

    8. Your Rights

    Depending on your jurisdiction, you may have the following rights:

    • Access: You can view your personal data through your Account settings and dashboard.
    • Correction: You can update your display name, avatar, and other profile information at any time.
    • Deletion: You can permanently delete your account and all associated data through Account settings. Deletion requires typing 'DELETE' as confirmation.
    • Data portability: You can view your scan results, credit history, and generated content through the dashboard.
    • Opt-out of communications: You can opt out of daily visibility reports in Account settings, and unsubscribe from transactional emails via unsubscribe links.
    • Disconnect integrations: You can revoke third-party platform access at any time through the Integrations settings.
    • To exercise any rights not covered above, contact us at support@geonexo.com.

    9. Children's Privacy

    The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at support@geonexo.com.

    10. International Data Transfers

    Your information may be transferred to and processed in the United States, where our servers and service providers are located. By using the Service, you consent to the transfer of your data to the United States and acknowledge that data protection laws in the United States may differ from those in your jurisdiction. We implement appropriate safeguards to protect your data during international transfers.

    11. California Privacy Rights (CCPA)

    If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, and the right to opt out of the "sale" of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@geonexo.com.

    12. European Privacy Rights (GDPR)

    If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and objection. Our legal bases for processing include: (a) performance of our contract with you (providing the Service); (b) your consent (for optional features like integrations and analytics); and (c) our legitimate interests (fraud prevention, product improvement). To exercise your GDPR rights or lodge a complaint, contact us at support@geonexo.com or your local supervisory authority.

    13. Data Breach Notification

    In the event of a data breach that is reasonably likely to result in a risk to the rights and freedoms of affected individuals, we will notify affected users and relevant supervisory authorities as required by applicable law. Notification will be made without undue delay and, where feasible, within 72 hours of becoming aware of the breach. However, GeoNexo shall not be liable for damages resulting from a data breach except to the extent required by applicable law and subject to the limitations set forth in our Terms and Conditions.

    14. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.

    15. Contact Us

    If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

    This Privacy Policy should be read in conjunction with our Terms and Conditions.