Privacy Policy
Last updated: June 4, 2026
Summary
This policy explains what data GeoReputation collects, why, who we share it with, how long we keep it, and the rights you have. We try to collect only what we need to run the product, and to be plain about how we use it. Defined terms like “personal data” are used in the sense given by applicable privacy laws.
GeoReputation is a business-to-business service. For data you submit about your own customers or website visitors, you act as the controller and we act as your processor. For account and billing data about you and your team, we act as the controller.
Controller: Fairview Labs, Inc. (operating GeoReputation), 3352 Walnut Ln, Lafayette, CA 94549. Privacy contact: privacy@georeputation.com.
Personal data we collect
Account data. Your email address, a hashed password (we never store passwords in plain text), and basic account state such as when you signed up and last logged in. If you join or create an organization, we store your organization, your role, and the email addresses of people you invite.
Demo and lead data. If you request a demo, we collect the name, email, company, website, and any message you provide.
Billing data. A billing email and subscription identifiers from our payment processor. We do not collect or store full payment card numbers. Card details are handled directly by Stripe.
Technical data. We process IP addresses transiently to apply rate limits and protect the service. We do not retain them in a long-term profile. Product analytics are stored against a hashed identifier, not your raw email or IP address.
Business data you provide or direct us to collect
To run the service, we collect and store the brands, websites, prompts, and competitors you configure, and the business context you upload (currently a business-profile file and report-branding logos).
Website content. When you ask us to analyze a website, we fetch and store substantive content from its publicly accessible pages, including page text, structured data, sitemap and robots files, and outbound links. You are responsible for ensuring you have the right to have the sites you submit analyzed.
Generated data. We store the results we produce for you: the verbatim responses we capture from AI assistants, visibility scores, recommendations, reports, and operational logs of the analysis runs we perform.
How we use data
We use data to:
- provide the service: run scans, compute scores, generate recommendations and reports;
- operate your account, authenticate you, and communicate with you about it;
- process billing and manage subscriptions;
- secure, maintain, debug, and improve the service;
- comply with legal obligations.
We do not sell your personal data, and we do not use your business data to train our own or any third party’s foundation models. Where GDPR applies, our legal bases are performance of our contract with you, our legitimate interests in operating and improving the service, your consent (for non-essential analytics cookies), and compliance with legal obligations.
AI providers and what we send them
To measure how AI assistants describe a business, we send prompt text (industry and brand questions, such as “best dentist in Austin”) to AI providers, and we may send crawled page content for analysis. These prompts are generally not personal data. We do not authorize these providers to use your content to train their models beyond what is necessary to return a response, subject to each provider’s terms.
Who we share data with
We share data only with the service providers (subprocessors) that run GeoReputation, each limited to what it needs for its function, and when required by law or to protect our rights. We do not sell or rent personal data.
| Provider | Data shared | Purpose |
|---|---|---|
| OpenAI, Anthropic, Google | Prompt text (industry and brand questions) and crawled page content | Generate and analyze AI responses; web-search grounding |
| Bright Data | The website URLs you ask us to analyze | Fetch pages that block standard requests |
| Stripe | Billing email and subscription identifiers (no card numbers) | Subscription payments |
| Postmark | Recipient email and message content | Transactional email (verification, alerts, reports, invites) |
| Render | All application data (hosting, database, cache) | Hosting and managed infrastructure |
| Google Analytics | Hashed user identifier and analytics event data | Aggregate product and usage analytics |
| Calendly | Scheduling details you enter when booking a demo | Demo scheduling |
| Sanity | Blog content only (no customer data) | Marketing content management |
| Sentry | Error diagnostics (configured to exclude personal data) | Error monitoring, when enabled |
Cookies and analytics
We use strictly necessary cookies for sign-in and security, and Google Analytics for aggregate usage measurement. Our analytics are configured to use a hashed identifier rather than your raw email. See our Cookie Policy for the specific cookies and how to control them.
International transfers
We are based in the United States and our service providers are located in the United States. If you access the service from outside the United States, your data will be transferred to and processed there. Where required, we rely on appropriate transfer mechanisms such as the European Commission’s Standard Contractual Clauses.
How long we keep data
We keep account and business data for as long as your account is active and as needed to provide the service. Core data such as scan results, captured AI responses, source documents, and reports is retained for the life of the account unless you delete the relevant brand or ask us to delete it. Raw analytics events are deleted on a rolling basis (within roughly 14 to 180 days depending on type), while aggregated, non-identifying metrics may be kept longer. We may retain limited records where needed to meet legal, tax, or security obligations.
Your rights and choices
Depending on where you live, you may have some or all of the following rights: to access your data, to correct it, to delete it, to restrict or object to processing, to data portability, and to withdraw consent. California residents have rights to know, access, correct, and delete personal information, and to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under California law, and we do not discriminate against you for exercising your rights.
You can delete individual brands and their data from within the product, and remove team members from your organization. For full account deletion or any other request, email us at privacy@georeputation.com and we will action it. We will verify your identity before acting on a request. If you are in the EEA or UK and have an unresolved concern, you may lodge a complaint with your local supervisory authority.
All non-essential email is operational and includes one-click unsubscribe. We do not send marketing newsletters.
Security
We protect data in transit with TLS, hash passwords using industry standard algorithms, never store payment card numbers, keep secrets out of source code, and protect against common web vulnerabilities such as cross-site request forgery. Data at rest is encrypted using our hosting provider’s managed database protections. No method of transmission or storage is perfectly secure, but we work to protect your data and to respond promptly to incidents.
Children
GeoReputation is a business product and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.
Changes
If we make material changes to this policy, we will update the date above and, where appropriate, notify you.
Contact
Questions about this policy or your data? Email privacy@georeputation.com.