Privacy Policy
Privacy Policy
Last updated: June 11, 2026
This Privacy Policy explains how Geo Authority ("we", "us") collects, uses, and protects information you provide when using Geo Authority at https://geoauthority.io.
1. Information we collect
- Account data: name, email, password (hashed with Argon2id).
- Project data: business name, domain, location, services, AI prompts, generated pages.
- Billing data: handled by Stripe / Razorpay / Lemon Squeezy / Cashfree / PayPal — we do NOT store full card numbers.
- Usage data: pages generated, login times, browser info, IP address.
- Cookies: a single session cookie (`seo_session`) for authentication. No tracking cookies.
2. How we use information
- Provide and maintain the Service
- Process payments and renewals
- Send transactional emails (lead notifications, password resets, invoices)
- Improve features and fix bugs
- Detect abuse and enforce our Terms
3. Sharing
We share data ONLY with:
- Payment processors (Stripe / Razorpay / etc.) for transactions
- Email/SMS providers (your configured SMTP / Twilio) for delivering notifications
- AI providers (Anthropic / OpenAI / Google) when you generate content — your prompts pass through them
- Hosting & infrastructure (Railway / Hostinger / similar) — under standard data-processor agreements
We do NOT sell your personal data.
4. Data retention
- Account data: kept while your account is active + 90 days after deletion (legal/billing reasons), then purged.
- Generated content: kept while the project exists; permanently deleted within 30 days of project deletion.
- Backups: rolling 14-day window.
5. Your rights (GDPR / CCPA)
You have the right to:
- Access the personal data we hold about you
- Correct inaccuracies
- Delete your account and data
- Export your data (JSON download)
- Restrict / object to processing
- Withdraw consent at any time
To exercise any of these, email legal@geoauthority.io with the subject "Data Request — [your email]". We respond within 30 days.
6. Security
We use industry-standard practices: TLS 1.2+, Argon2id password hashing, Fernet-encrypted credential storage, daily backups, and least-privilege access controls.
7. International transfers
Your data may be processed in the United States, the European Union, or India. Where required, we rely on Standard Contractual Clauses for cross-border transfers.
8. Children
The Service is not directed to children under 16. If you believe a child has provided us personal data, contact us and we will delete it.
9. Changes
We will notify you of material changes by email at least 14 days before they take effect.
10. Contact
Privacy questions:
legal@geoauthority.io