GeoPDP Privacy Policy

1. Introduction

This Privacy Policy explains how GeoPDP ("we", "us", "our") collects, uses, stores, and discloses information when you use our website and services (the "Service"). It describes what information we collect, why we collect it, how we protect it, and what rights you have.

Please read this policy together with our Terms and Conditions and Cookie Policy. By using the Service, you acknowledge the practices described here. If you do not agree, please do not use the Service.

Data controller: The entity responsible for your data is ul. Stanisława Moniuszki 1A, 00-014 Warszawa. For contact details, see the "Contact" section below.

2. Information We Collect

We collect only what is necessary to provide and improve the Service, enforce fair use, and comply with the law.

2.1 Information you provide

• URLs you submit for analysis. When you start an analysis, you submit a product page URL. We use this URL to fetch the page, run our GEO compliance assessments, and store the analysis session (including domain, URL, status, and results) in our database.
• Cookie consent choice. If you use our cookie banner and accept or reject non-essential cookies, that choice may be sent to our backend (e.g. via our consent endpoint) and/or stored in your browser (e.g. via a cookie or local storage). Our backend does not currently persist the consent payload; see our Cookie Policy for details.
• Communications. If you contact us (e.g. by email or a contact form), we keep the content of your message and contact details so we can respond.

2.2 Information we collect automatically

• Analysis session data. For each analysis we store: session identifier, the URL and domain you submitted, analysis status, progress, assessment results, final score, compliance level, and timestamps (e.g. when the session was created and completed). This data is necessary to run the analysis, show you progress and results, and enforce domain-level usage limits (e.g. one analysis per domain per 24 hours).
• Page content processed during analysis. To perform the assessments, we fetch the content of the URL you submit (HTML, structure, and visible text). Some of our assessments use third-party AI providers (e.g. Google Gemini, OpenAI, or similar) to analyse content. In those cases, relevant excerpts or metadata may be sent to those providers in accordance with their terms and privacy policies. We do not use this content for advertising or for purposes unrelated to the analysis.
• Log and technical data. When you access our website or API, we may automatically collect information such as IP address, browser type, request time, and similar technical data in server logs. We use this for operation, security, and troubleshooting. We do not use it to identify you personally unless required by law or to protect the Service.
• Cookies and similar technologies. We use cookies and similar technologies as described in our Cookie Policy. That policy explains which cookies we set and how you can control them.

We do not require you to create an account or log in to use the Service in its current form. We do not collect your name, email, or payment information unless you voluntarily provide it (e.g. when contacting us).

3. How We Use Your Information

We use the information we collect to:

• Provide the Service — Run GEO compliance analyses, return scores and results, and honour your cookie preferences where stored.
• Operate and improve the Service — Monitor performance, fix errors, and improve our assessments and infrastructure (using aggregated or anonymised data where possible).
• Enforce fair use — Apply domain-level and other usage limits to prevent abuse and ensure fair access.
• Comply with the law — Respond to lawful requests from authorities, enforce our Terms and Conditions, and protect our rights and the security of the Service and our users.

We do not sell your personal data. We do not use the URLs or analysis content you submit for advertising or to build profiles about you for marketing.

4. Legal Basis (EEA/UK and similar jurisdictions)

Where data protection laws require a legal basis for processing:

• Performance of a contract: Processing necessary to provide the analysis and related session data (e.g. storing URL, domain, results).
• Legitimate interests: Operating and securing the Service, improving it, enforcing usage limits, and handling logs and technical data, where our interests are not overridden by your rights.
• Consent: Where we rely on consent (e.g. for non-essential cookies or optional features), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
• Legal obligation: Where we must process data to comply with applicable law.

5. Sharing and Disclosure

We may share information only in the following circumstances:

• AI and technology providers. To run certain assessments, we send relevant page content or metadata to third-party AI providers (e.g. Google Gemini, OpenAI). Their use of data is governed by their own terms and privacy policies. We choose providers with appropriate data processing and security practices.
• Service providers. We may use providers for hosting, databases, and other technical operations. They process data only on our instructions and in line with this policy and applicable law.
• Legal and safety. We may disclose information if required by law, court order, or government request, or to protect the rights, safety, or security of GeoPDP, our users, or the public.

We do not sell or rent your personal data to third parties for their marketing.

6. Data Retention

• Analysis sessions. We retain session data (URL, domain, results, scores) for as long as needed to provide the Service and for a limited period thereafter for operational, legal, or security reasons. Exact retention periods may depend on configuration and law; we will not retain this data longer than necessary.
• Logs and technical data. Server logs and similar technical data are typically retained for a short period (e.g. days or weeks) unless we need them for security or legal purposes.
• Communications. If you contact us, we retain the correspondence for as long as needed to handle your request and any follow-up, and for legitimate business or legal purposes.

When data is no longer needed, we delete or anonymise it in accordance with our retention practices.

7. Security

We implement appropriate technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction. These include secure connections (e.g. HTTPS), access controls, and secure handling of data by our systems and providers. No system is completely secure; we cannot guarantee absolute security of data transmitted or stored via the Service.

8. International Transfers

Our systems and service providers may be located in countries outside your country of residence, including outside the European Economic Area (EEA) or the UK. Where we transfer personal data to such countries, we take steps to ensure it receives adequate protection as required by applicable law (e.g. through standard contractual clauses or other recognised mechanisms). If you would like more detail on the safeguards we use, please contact us using the details below.

9. Your Rights

Depending on where you live, you may have rights such as:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete data.
• Deletion — Request deletion of your personal data, subject to legal and operational requirements.
• Objection / restriction — Object to certain processing or request restriction of processing.
• Data portability — Receive your data in a structured, machine-readable format where applicable.
• Withdraw consent — Where we rely on consent, withdraw it at any time (e.g. via cookie settings).
• Complaint — Lodge a complaint with a supervisory authority in your country.

To exercise these rights, contact us using the details in the "Contact" section. We will respond within the time required by applicable law. We may need to verify your identity before processing a request.

10. Children and Sensitive Data

The Service is not directed at children. We do not knowingly collect personal data from children under the age required in their jurisdiction without parental consent. If you believe we have collected such data, please contact us and we will delete it.

We do not ask you to provide sensitive categories of data (e.g. health, race, religion, political opinions). Do not submit such information via the Service. If our assessments process content that may contain sensitive information (e.g. on a product page you analyse), we use it only to perform the analysis and in accordance with this policy and our agreements with AI providers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or the law. The "Last updated" date at the top will be revised when we do. We encourage you to review this page periodically. If we make material changes, we may notify you by a notice on the Service or by other appropriate means where required by law. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or want to exercise your rights:

Email: geo.pdp.com.@gmail.com

For cookie-related questions, see our Cookie Policy. For terms of use, see our Terms and Conditions.