HomePrivacy Policy
🔒 Last updated: 27 May 2026

Privacy Policy

This policy explains exactly what data SEOGEO360 collects, why it is collected, how it is used and stored, which third-party services are involved, and your rights as a user — covering the web platform (seogeo360.com), the Chrome extension, and the Community platform.

1. Overview

SEOGEO360 is an AI-powered SEO and Generative Engine Optimisation (GEO) platform at seogeo360.com. We help SEO professionals, content creators, digital marketers, and agencies understand and improve how their content performs in AI-powered search engines including ChatGPT, Perplexity, Google AI Overviews, Claude, Gemini, and Bing Copilot.

Our platform comprises: 28 AI-powered dashboard tools, a Community knowledge-sharing platform, a Chrome browser extension, and a reporting and analytics system. This policy covers all of these.

We collect only what is necessary to provide the service. We do not sell personal data. We do not use your data for advertising targeting. We are transparent about every data point we handle.

2. Who We Are

Data Controller: SEOGEO360
Website: seogeo360.com
Contact: help@seogeo360.com (use subject: Privacy Request)

For EEA, UK, and Switzerland users: SEOGEO360 is the data controller responsible for your personal data under the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the Swiss Federal Act on Data Protection (nFADP).

Legal basis for processing (EEA/UK/CH users):

  • Contract performance — to provide the service you signed up for (account data, tool usage, billing)
  • Legitimate interests — to improve the platform, detect abuse, and ensure security
  • Consent — for analytics cookies and non-essential tracking (you can withdraw at any time)
  • Legal obligation — where required by applicable law

3. Data We Collect

The following categories of data are collected across our services:

Summary: We collect account credentials, usage activity, community content you post, anonymised analytics events, and billing identifiers. We do not collect payment card details (handled by Lemon Squeezy). The Chrome extension does not transmit your browsing history.
Category Examples Purpose
IdentityName, email address, display nameAccount creation, login, communication
AuthenticationHashed password, Google OAuth ID, session tokens, extension auth tokensSecure access to your account
SubscriptionPlan tier, Lemon Squeezy customer ID, subscription ID, billing statusControlling feature access, billing events
Platform usageWhich AI tools you run, URLs you analyse, tool output (stored server-side for session), AI prompt inputsDelivering tool results, enforcing rate limits, improving AI quality
Community contentDiscussion threads (title, context, problem statement, data request), answers, votes, bookmarks, Signal Points historyOperating the Community platform; public display
Analytics eventsEvent type, timestamp, object ID, hashed IP address, session ID (cookie-based or generated)Internal platform analytics; quality measurement
Device & browserPage URL, referrer, browser type (via GA4), screen resolution (via GA4)Traffic analysis, performance optimisation
Moderation recordsContent reports, moderation actions, AI quality scores on community postsContent moderation, community integrity

4. Account & Authentication Data

When you register on seogeo360.com, we collect your name, email address, and a hashed password (we never store plain-text passwords). Passwords are hashed using WordPress's bcrypt-based password hashing.

If you register via Google OAuth, we store your Google account ID and email. We do not store your Google password or access your Google account data beyond the email and profile ID needed for authentication.

We store the following per account:

  • Plan tier (_sgeo_tier): free, pro, agency
  • Registration source (_sgeo_registered_via): web or extension
  • Extension authentication token (_sgeo_ext_token): a random token used to authenticate the Chrome extension — not your password
  • Lemon Squeezy customer ID and subscription ID: used to manage billing status — we do not store card numbers or bank details
  • If using team/white-label features: team owner ID (_sgeo_team_owner) and white-label configuration

If a moderator bans your community account, we store the ban flag, the moderator's user ID, and the timestamp. This is retained for the life of your account for safety and audit purposes.

5. Platform & Tool Usage Data

SEOGEO360's 28 AI-powered tools analyse URLs, page content, and keywords that you provide. When you run a tool:

  • The URL or text you submit is sent to Google's Gemini AI API to generate the analysis result
  • Gemini processes your input under Google's AI Terms of Service and Privacy Policy
  • Tool results are returned to you in your browser session. We do not permanently store tool results on our servers unless you explicitly save them
  • We track tool usage counts per user to enforce rate limits based on your plan — we record which tool was used and when, but not the content of your inputs beyond the current session

What we do NOT store: We do not store the full content of web pages you analyse, keyword lists you submit, or AI-generated outputs beyond your active session.

6. Community Platform Data

The SEOGEO360 Community at seogeo360.com/community/ is a public knowledge-sharing platform. The following applies to all content posted there:

What is stored

  • Discussion threads: Title, context description, problem statement, data request, post type, channel, creation timestamp, author user ID — stored indefinitely while your account exists
  • Answers / comments: Full text, AI quality score (0–100), moderation status, whether marked as best answer, creation timestamp
  • Votes: Your vote (up/down) on threads and comments, linked to your user ID
  • Bookmarks: Which threads you have bookmarked, linked to your user ID
  • Signal Points (SP): Your SP balance, tier level (Crawler → Indexed → Cited → Authority → Expert → Luminary), and a full log of every SP award with reason and timestamp
  • Badges: Any badges awarded by moderators, stored as a JSON array on your SP record

Public vs. private

Discussion threads and answers you post are publicly visible on seogeo360.com unless a moderator removes them. Your Signal Points tier and display name are shown on the public leaderboard. Your email address, password, and account settings are never publicly visible.

AI processing of community content

When you submit a discussion thread, our platform may send your title, context, and problem statement to Google's Gemini API to:

  • Generate an AI quality score (0–100) to assess completeness and clarity
  • Generate a consensus summary of answers on a thread
  • Provide inline suggestions to improve your post before submission
  • Auto-fill context fields if you choose to use the AI auto-fill feature

Content sent to Gemini is processed under Google's privacy terms. We do not send your name or email to Gemini — only the text content of your post.

Analytics events in the Community

We track the following events internally for platform analytics and quality measurement:

  • Thread created, answer submitted, answer approved, answer rejected
  • Best answer selected, thread viewed, vote cast, bookmark added
  • AI suggestion used, AI auto-fill used, consensus generated, content reported

Each event stores: event type, your user ID (if logged in), the object ID (thread or answer), a SHA-256 hash of your IP address (not the raw IP), a session identifier, and a timestamp. Raw IP addresses are never stored — only irreversible hashes used for deduplication.

Moderation records

If your content is reviewed by a moderator, a record is created storing: the content ID, action taken (approve/improve/reject/feature), the moderator's user ID, reason, and timestamp. If you report another user's content, your user ID and the report reason are recorded. These records are retained for 24 months for safety and audit purposes.

7. Analytics & Tracking

Google Analytics 4 (GA4)

We use Google Analytics 4 to understand how visitors use our website. GA4 collects: pages visited, session duration, traffic sources, device type, browser type, and general geographic region (country/city level). GA4 uses IP anonymisation — full IP addresses are never stored by Google on our behalf.

We implement Google Consent Mode v2:

  • EEA, UK, and Switzerland visitors: GA4 analytics cookies are denied by default. You will see our cookie banner. If you click "Accept All", full GA4 tracking activates. If you click "Reject" or ignore the banner, GA4 operates in cookieless mode — sending anonymous aggregate pings that Google uses for statistical modelling only, with no cookies set on your device.
  • All other visitors (India, US, Brazil, Japan, Australia, and all other non-EEA countries): GA4 analytics tracking is granted by default as no explicit consent law applies. Our cookie banner is shown for transparency, but tracking is not blocked while you decide.

Google Tag Manager (GTM)

We use GTM (container ID: GT-NS8GHXG6) to manage the GA4 tag. No other tags are fired via GTM at this time.

Internal analytics

Separately from GA4, we operate an internal analytics system that tracks Community platform events (listed in Section 6). This system stores events in our own database on Hostinger servers located in the EU. Hashed IP addresses (SHA-256 of your IP + a server-side salt) are stored for deduplication — they cannot be reversed to identify you. Raw IP addresses are never stored. This internal tracking is active for all logged-in Community users regardless of cookie consent, as it is a legitimate interest of operating the platform.

Google Search Console cache

If our GSC integration is configured, we cache per-page GSC data (clicks, impressions, CTR, average position) in our database. This is aggregated, anonymised search performance data — it contains no personal data of your site's visitors.

8. Cookies & Local Storage

Full details are in our Cookie Policy. In summary:

  • Essential cookies: WordPress session cookie (keeps you logged in), CSRF nonce tokens (security), extension auth token cookie — these cannot be disabled as they are required for the service to function
  • Analytics cookies: GA4 sets _ga, _ga_* cookies — only after consent for EEA/UK/CH users
  • localStorage (not cookies): sgeo_cookie_consent stores your Accept/Reject choice; strip banner dismissed state; popup banner shown state; community UI preferences

9. Chrome Extension Data

The SEOGEO360 Chrome extension reads the active tab's HTML only when you click the extension icon. It does not run in the background, does not monitor your browsing, does not access other tabs, and does not collect browsing history.

When you trigger an analysis:

  • The extension reads the current page's HTML and URL
  • A compact summary (URL, domain, page title, word count, selected metrics) is sent to seogeo360.com to run the GEO analysis
  • The full HTML of the page is processed locally in your browser — it is not transmitted to our servers or to any third party
  • Analysis results are returned to your extension and displayed — they are not stored on our servers

Permissions used:

  • activeTab — to read the current page only when you click the icon
  • storage — to save your auth token and preferences locally in the extension
  • identity — to support Google OAuth sign-in within the extension

The extension does not use any remote code execution. All logic is contained in the extension package.

10. Payments & Billing

Payments are processed by Lemon Squeezy (a service of Lemon Squeezy LLC). SEOGEO360 never sees, handles, or stores your credit card number, bank details, or any payment card data. All payment information is collected and stored by Lemon Squeezy under their Privacy Policy and PCI DSS compliance standards.

When a payment or subscription event occurs, Lemon Squeezy sends a webhook to our server containing:

  • Your email address (used to match your SEOGEO360 account)
  • A Lemon Squeezy customer ID and subscription/order ID
  • The plan variant purchased and subscription status (active, cancelled, expired, past_due)

We store the Lemon Squeezy customer ID and subscription ID in your WordPress user record. These are identifiers only — they do not contain payment card information. We use them to activate/deactivate your plan and to link you to your order history at lemonsqueezy.com.

Billing records (subscription status, plan tier, timestamps) are retained for 7 years to comply with financial and tax record-keeping obligations.

11. AI Processing

SEOGEO360's tools and Community features use Google Gemini AI to generate analysis, quality scores, suggestions, and summaries. When you use an AI-powered feature:

  • The text or URL you provide is sent to Google's Gemini API over an encrypted HTTPS connection
  • Google processes this data under their Gemini API Terms of Service and Google Privacy Policy
  • Your personal identifiers (name, email) are never included in prompts sent to Gemini — only the content you choose to analyse
  • We use the Gemini API under a commercial agreement that includes data processing terms — Google does not use API data to train its public models without consent

AI-generated outputs are not guaranteed to be accurate, legally compliant, or complete. Do not rely solely on AI outputs for legal, medical, or financial decisions.

12. Email Communications

We send emails to you in the following circumstances:

  • Transactional: Account welcome email on registration, team invitation emails, password reset emails — these are sent as part of the service and do not require separate consent
  • Billing notifications: Subscription activation, cancellation, payment failure notices — sent as part of contract performance
  • Newsletter (optional): If you subscribe to our newsletter, we use your email to send SEO and GEO insights. You can unsubscribe at any time via the link in any email

We use WordPress's built-in wp_mail() function routed through your server's mail system. We do not use a third-party email marketing platform at this time.

We do not share your email address with any third party for marketing purposes.

13. Third-Party Services

Service Purpose Data sent Their policy
Google Gemini APIAI analysis for all tools and Community featuresURL / page text / community post content (no personal identifiers)Google Privacy Policy
Google Analytics 4Website traffic analyticsPage views, device info, anonymised IP (consent-based for EEA/UK/CH)Google Privacy Policy
Google Tag ManagerScript management for GA4Fires after consent; no personal data directly collectedGoogle Privacy Policy
Google Search Console APIOrganic search performance data for admin analyticsAggregated site search data only; no visitor personal dataGoogle Privacy Policy
Lemon SqueezyPayment processing and subscription managementEmail, payment details (handled directly by Lemon Squeezy)Lemon Squeezy Privacy Policy
HostingerWeb hosting and database storageAll platform data stored on Hostinger EU serversHostinger Privacy Policy
Google FontsPlus Jakarta Sans typefaceYour IP address is sent to Google's servers when the font loadsGoogle Privacy Policy

14. Data Sharing

We do not sell your personal data. We do not share your personal data with third parties for advertising or marketing purposes. We share data only in the following limited circumstances:

  • Service providers: Lemon Squeezy (payments), Hostinger (hosting), Google (AI, analytics, fonts) — as described in Section 13, each under appropriate data processing agreements
  • Legal requirements: If required by law, court order, or to protect the rights and safety of SEOGEO360 and its users
  • Business transfer: If SEOGEO360 is acquired or merges with another entity, your data may transfer to the new owner under the same privacy commitments. You will be notified in advance

Community content (threads and answers) is publicly accessible on seogeo360.com. By posting in the Community, you consent to that content being public and indexed by search engines.

15. International Data Transfers

Our servers are hosted by Hostinger in the EU. Some data is transferred to Google's servers (in the US and globally) for GA4, Gemini AI, and Google Fonts. Google is certified under the EU-US Data Privacy Framework, providing an appropriate level of protection for EEA data transfers.

Lemon Squeezy is incorporated in the US and processes payments globally. They operate under Standard Contractual Clauses for EEA data transfers.

For EEA/UK/CH users, these transfers are made under the lawful transfer mechanisms of Articles 45 and 46 of the GDPR.

16. Data Retention

Data type Retention period Reason
Account data (name, email, password hash)Until account deletionService delivery
Community threads & answersUntil account deletion or moderator removalPlatform content
Signal Points logUntil account deletionGamification integrity
Analytics events (internal)Realtime table: 48 hours. Aggregated daily stats: 2 yearsPlatform analytics
Moderation records24 monthsSafety and audit
Billing records (subscription IDs, plan history)7 yearsFinancial / tax compliance
GA4 data14 months (Google default)Traffic analysis
GA / GSC cache (aggregated)1 hour (cache TTL), re-fetched hourlyAdmin analytics dashboard

When you delete your account, we delete your personal data from our databases within 30 days, except where retention is required by law (e.g., billing records) or where anonymised aggregate data is retained without the ability to identify you.

17. Security

We implement the following technical and organisational security measures:

  • Encryption in transit: All data between your browser and our servers is encrypted via TLS (HTTPS). All API calls to Gemini, Google, and Lemon Squeezy use HTTPS
  • Password hashing: Passwords are hashed using bcrypt (via WordPress's phpass library) — they cannot be decrypted
  • IP address hashing: Internal analytics store a SHA-256 hash of your IP address combined with a server-side secret salt — the raw IP is never stored and the hash cannot be reversed
  • Service account credentials: The Google service account JSON key is stored outside the web root at a server-only accessible path
  • Webhook signature verification: Lemon Squeezy webhooks are verified using HMAC-SHA256 signatures before processing
  • Access controls: Admin and moderation areas require manage_options WordPress capability. Community data access is restricted to authenticated users where appropriate
  • Nonce verification: All AJAX form submissions use WordPress nonces to prevent CSRF attacks

No security measure is 100% foolproof. In the event of a data breach that is likely to result in high risk to your rights, we will notify affected users and relevant supervisory authorities within 72 hours as required by GDPR.

18. Your Rights

Depending on your location, you have the following rights regarding your personal data:

Right Who has it How to exercise
Access — see what data we holdEEA, UK, CH (GDPR), global best practiceEmail help@seogeo360.com with subject "Privacy Request"
Rectification — correct inaccurate dataEEA, UK, CHUpdate in Community Settings, or email us
Erasure — delete your dataEEA, UK, CH; CA (CCPA); others on requestEmail help@seogeo360.com with subject "Privacy Request" — completed within 30 days
Portability — receive your data in a machine-readable formatEEA, UK, CHEmail help@seogeo360.com with subject "Privacy Request"
Restriction — limit how we process your dataEEA, UK, CHEmail help@seogeo360.com with subject "Privacy Request"
Object — object to processing based on legitimate interestsEEA, UK, CHEmail help@seogeo360.com with subject "Privacy Request"
Withdraw consent — for analytics cookiesAll usersClick "Reject" on cookie banner, or clear localStorage key sgeo_cookie_consent in your browser
Opt out of sale/sharing (CCPA)California residentsWe do not sell data. Email us to confirm
Lodge a complaintEEA, UK, CHContact your local data protection authority (e.g., ICO in the UK, your national DPA in the EU)

We aim to acknowledge requests within 5 business days and complete them within 30 days. For complex requests, we may extend this by a further 60 days with notice.

19. Children

SEOGEO360 is not directed at children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us at help@seogeo360.com (use subject: Privacy Request) and we will delete it promptly.

20. Policy Changes

We may update this Privacy Policy to reflect changes to our data practices, new features, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and notify registered users by email at least 14 days before the changes take effect.

Continued use of SEOGEO360 after the effective date constitutes acceptance of the updated policy.

21. Contact

For any privacy-related questions, data subject requests, or to report a concern:

Email: help@seogeo360.com (use subject: Privacy Request)
Subject line: "Privacy Request — [your request type]" to help@seogeo360.com
Website: seogeo360.com/contact

For EEA/UK/CH users, if you are not satisfied with our response you have the right to complain to your national data protection authority.