Privacy Policy
Last updated: March 26, 2026
1. Data controller
GEOptimus Intelligence (hereinafter, "GEOptimus") is the data controller responsible for the personal data collected through the platform accessible at geoptimus.ai and app.geoptimus.ai.
Contact for privacy inquiries: privacy@geoptimus.ai
2. Data we collect
Depending on the service used, we may process the following categories of data:
- Registration data: name, email address and password (stored with bcrypt hashing).
- Usage data: pages visited, actions taken within the platform, audits executed, workspace and site configuration.
- Technical data: IP address, browser type, operating system, time zone and strictly necessary cookies.
- Audited content: URLs, HTML content, Schema.org and structured data from the websites that the user submits for analysis. This data is processed solely to provide the service and is stored as historical snapshots.
3. Purposes and legal basis
| Purpose | Legal basis |
|---|---|
| Service provision (GEO audits, RAG simulation, monitoring) | Performance of a contract (Art. 6(1)(b) GDPR / RGPD) |
| Account management, authentication and access control (RBAC) | Performance of a contract |
| Service communications (alerts, changes, incidents) | Legitimate interest (Art. 6(1)(f) GDPR / RGPD) |
| Product improvement and analytics | Legitimate interest |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR / RGPD) |
4. Data retention
- Account data is retained while the account remains active and for the legally required retention periods following account closure.
- Audit snapshots are retained indefinitely within the user's workspace unless explicitly deleted.
- Technical logs are retained for a maximum of 12 months.
5. Disclosure to third parties
GEOptimus does not sell or disclose personal data to third parties for commercial purposes. We may share data with:
- Infrastructure providers: hosting and database services necessary to deliver the service.
- Legal obligations: when required by law or by judicial or administrative authorities.
6. International transfers
In the event that data is processed outside the European Economic Area, appropriate safeguards under the GDPR (RGPD) will be applied, including standard contractual clauses, adequacy decisions or other recognized safeguards.
7. User rights
Under the GDPR (RGPD) and the Spanish Organic Law on Data Protection (LOPDGDD), you may exercise the following rights:
- Access: know what data we process about you.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request the deletion of your data ("right to be forgotten").
- Restriction: request the restriction of processing under certain circumstances.
- Portability: receive your data in a structured, commonly used format.
- Objection: object to processing based on legitimate interest.
To exercise these rights, write to privacy@geoptimus.ai stating your identity and the right you wish to exercise. We will respond within a maximum of 30 days.
If you believe we have not adequately addressed your rights, you may file a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — www.aepd.es).
8. Cookies
This website uses only strictly necessary technical cookies for the operation of the platform (authentication, session preferences). We do not use tracking or advertising cookies.
9. Security
We implement technical and organizational security measures to protect your data: JWT authentication with configurable token expiration, password hashing with bcrypt, role-based access control (RBAC), database isolation between services and encryption in transit (HTTPS/TLS).
10. Changes to this policy
We reserve the right to update this privacy policy. Any significant changes will be communicated to registered users by email or through a notification on the platform. The last updated date is shown at the top of this document.