Back to Home

Privacy Policy

Last updated: April 15, 2026

Key points

  • What we collect: account info, how you use the product, and — only if you connect them — read-only data from the Google integrations you choose to enable (Analytics, Ads, Search Console).
  • What we never do: sell your data, use your data to train AI models, or share it for advertising.
  • Google user data: handled under Google’s API Services User Data Policy, including Limited Use. See section 2.4.
  • Delete your data: email privacy@geovector.ai and we’ll remove it.
Jump to section

1. Introduction

GeoVector (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI search visibility analytics platform and related services (collectively, the “Service”).

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, job title, and contact details when you create an account
  • Business Information: Company domain, brand names, products, and services you want to monitor
  • Communication Data: Messages, feedback, and support requests you send to us
  • Payment Information: Billing address and payment method details (processed securely through third-party payment processors)

2.2 Information We Collect Automatically

  • Usage Data: How you interact with our platform, features used, time spent, and navigation patterns
  • Device Information: IP address, browser type, operating system, device identifiers, and screen resolution
  • Log Data: Server logs including access times, pages viewed, and system activity
  • Cookies and Tracking: We use cookies and similar technologies to enhance user experience and analyze platform usage

2.3 AI Platform Data

  • Search Queries: We monitor 6 AI assistants including ChatGPT, Gemini, Claude, and Perplexity for mentions of your brand and competitors
  • Response Analysis: We analyze AI-generated responses that mention your brand or industry
  • Visibility Metrics: Rankings, mention frequency, sentiment, and competitive positioning data

2.4 Google User Data (Google API Integrations)

When you choose to connect a Google service to GeoVector — Google Analytics, Google Ads, or Google Search Console — we request authorization through Google OAuth 2.0 to access a limited set of Google user data. The subsections below describe each integration separately: which OAuth scope it uses, what we access, why, how we store it, and how you can revoke access. We never request a scope for a Google service you have not explicitly chosen to connect.

2.4.1 Google Analytics

Scope requested: https://www.googleapis.com/auth/analytics.readonly — read-only access to your Google Analytics 4 (GA4) account metadata and reports. This is the only Google OAuth scope GeoVector requests for the Google Analytics integration. We do not request any write scopes for Google Analytics.

What we access:

  • The list of GA4 properties you have access to, so you can select which property to connect
  • Aggregated traffic reports from your selected GA4 property: sessions, users, page views, and referral sources
  • Standard GA4 dimensions used for reporting: source / medium, country, device category, new vs. returning users, and date ranges

We do not access user-level identifiers, individual event streams, custom user properties, audience definitions, or any personally identifiable information stored in your GA4 account.

Why we access it: GeoVector uses Google Analytics data solely to correlate your website’s organic traffic with the AI-assistant visibility metrics we track on your behalf. This lets you see how your brand’s visibility across AI assistants (such as ChatGPT, Gemini, Claude, and Perplexity) translates into real website traffic. The data is shown only to authenticated users inside your GeoVector workspace.

How we store and protect it:

  • OAuth access and refresh tokens are encrypted at rest using AES-256-GCM before being stored in our database
  • Tokens are retained only while the Google Analytics integration is connected, and are permanently deleted from our systems when you disconnect the integration or delete your GeoVector account
  • Cached GA report data used to render your dashboard is kept for up to 90 days for performance, and is overwritten by the latest sync
  • Access to tokens and GA data is restricted to GeoVector services strictly required to render your dashboard; no GeoVector employee accesses your GA data as part of normal operations

How we share it: GeoVector does not sell, rent, or trade Google user data. We do not use Google user data for advertising, retargeting, or to build user profiles across properties we do not own. We do not use Google user data to train, fine-tune, or evaluate generalized artificial intelligence or machine learning models. Google user data is disclosed to third parties only in these narrow cases: (a) sub-processors strictly required to operate the Service (our cloud infrastructure provider and our database host), under contracts that require equivalent confidentiality and security commitments; (b) when required by law, valid legal process, or to protect the rights, safety, or property of GeoVector, our users, or the public; (c) with your explicit consent. We do not allow humans to read Google user data except (a) with your affirmative consent for specific data, (b) as necessary for security purposes, (c) to comply with applicable law, or (d) when the data has been aggregated and anonymized.

How to revoke access: You can disconnect the Google Analytics integration at any time from within GeoVector by going to the Traffic page and clicking Disconnect on the Google Analytics connection card. This immediately revokes the refresh token on our side and deletes the stored tokens for your account. You can additionally revoke GeoVector’s access to your Google account at any time by visiting https://myaccount.google.com/permissions and removing GeoVector from the list of connected apps.

Limited Use compliance: GeoVector’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Scope requested: https://www.googleapis.com/auth/adwords — access to the Google Ads API for the Google Ads accounts you choose to connect. This is the only Google OAuth scope GeoVector requests for the Google Ads integration. We use this scope for read-only reporting only: we do not create, modify, pause, or delete any campaigns, ad groups, ads, keywords, audiences, conversions, billing settings, or any other entity in your Google Ads account.

What we access:

  • The list of Google Ads customer accounts (including manager and child accounts) accessible to the Google identity you authenticate with, so you can select which account to connect
  • For the connected account: campaign metadata (campaign id, name, status, advertising channel type)
  • Daily campaign performance metrics for the most recent 30 days: impressions, clicks, cost, conversions, click-through rate, and average cost-per-click
  • Search-terms reporting for the most recent 30 days: the user query that triggered an ad, match type, impressions, clicks, and cost
  • The final URLs from your active ads, used solely to infer the website domain associated with the connected Ads account so we can match it to the brand you are tracking in GeoVector

We do not access account billing details, payment methods, audience lists, remarketing lists, customer match lists, or any personally identifiable information about end users who clicked on your ads.

Why we access it: GeoVector uses Google Ads data solely to let you cross-reference your paid-search performance with the AI-assistant visibility metrics we track for your brand — for example, comparing the search terms that triggered your ads with the prompts users send to AI assistants about your category. The data is shown only to authenticated users inside your GeoVector workspace.

How we store and protect it:

  • OAuth access and refresh tokens are encrypted at rest using AES-256-GCM before being stored in our database
  • Tokens are retained only while the Google Ads integration is connected, and are permanently deleted from our systems when you disconnect the integration or delete your GeoVector account
  • Campaign and search-terms metrics are stored on a 30-day rolling window; rows older than 30 days are deleted on each sync
  • Access to tokens and Ads data is restricted to GeoVector services strictly required to render your dashboard; no GeoVector employee accesses your Ads data as part of normal operations

How we share it: GeoVector does not sell, rent, or trade Google Ads data. We do not use Google Ads data for our own advertising, retargeting, or to build user profiles across properties we do not own. We do not use Google Ads data to train, fine-tune, or evaluate generalized artificial intelligence or machine learning models. Google Ads data is disclosed to third parties only in these narrow cases: (a) sub-processors strictly required to operate the Service (our cloud infrastructure provider and our database host), under contracts that require equivalent confidentiality and security commitments; (b) when required by law, valid legal process, or to protect the rights, safety, or property of GeoVector, our users, or the public; (c) with your explicit consent. We do not allow humans to read Google Ads data except (a) with your affirmative consent for specific data, (b) as necessary for security purposes, (c) to comply with applicable law, or (d) when the data has been aggregated and anonymized.

How to revoke access: You can disconnect the Google Ads integration at any time from within GeoVector by going to the Google Ads page and selecting Disconnect from the connection menu. This immediately revokes the refresh token on our side and deletes the stored tokens for your account. You can additionally revoke GeoVector’s access to your Google account at any time by visiting https://myaccount.google.com/permissions and removing GeoVector from the list of connected apps.

Limited Use compliance: GeoVector’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2.4.3 Google Search Console

Scope requested: https://www.googleapis.com/auth/webmasters.readonly — read-only access to the Google Search Console properties you have access to. This is the only Google OAuth scope GeoVector requests for the Google Search Console integration. We explicitly do not request the writable webmasters scope, and we do not modify properties, submit or delete sitemaps, request indexing, or change any settings in your Search Console account.

What we access:

  • The list of Search Console properties (sites and domain properties) you have access to, so you can select which property to connect
  • Search analytics for the most recent 90 days from the connected property: queries, impressions, clicks, click-through rate, and average position

We do not access Search Console messages, security issues, manual actions, sitemaps, URL inspection results, or any personally identifiable information about searchers.

Why we access it: GeoVector uses Search Console data solely to let you compare your organic-search performance (the queries that surface your site in Google Search and how it ranks for them) with the AI-assistant visibility metrics we track for the same brand. The data is shown only to authenticated users inside your GeoVector workspace.

How we store and protect it:

  • OAuth access and refresh tokens are encrypted at rest using AES-256-GCM before being stored in our database
  • Tokens are retained only while the Google Search Console integration is connected, and are permanently deleted from our systems when you disconnect the integration or delete your GeoVector account
  • Search analytics rows are stored on a rolling window aligned with Search Console’s own 16-month availability and refreshed on each sync
  • Access to tokens and Search Console data is restricted to GeoVector services strictly required to render your dashboard; no GeoVector employee accesses your Search Console data as part of normal operations

How we share it: GeoVector does not sell, rent, or trade Search Console data. We do not use Search Console data for advertising, retargeting, or to build user profiles across properties we do not own. We do not use Search Console data to train, fine-tune, or evaluate generalized artificial intelligence or machine learning models. Search Console data is disclosed to third parties only in these narrow cases: (a) sub-processors strictly required to operate the Service (our cloud infrastructure provider and our database host), under contracts that require equivalent confidentiality and security commitments; (b) when required by law, valid legal process, or to protect the rights, safety, or property of GeoVector, our users, or the public; (c) with your explicit consent. We do not allow humans to read Search Console data except (a) with your affirmative consent for specific data, (b) as necessary for security purposes, (c) to comply with applicable law, or (d) when the data has been aggregated and anonymized.

How to revoke access: You can disconnect the Google Search Console integration at any time from within GeoVector by going to the Search Console page and clicking Disconnect on the Google Search Console connection card. This immediately revokes the refresh token on our side and deletes the stored tokens for your account. You can additionally revoke GeoVector’s access to your Google account at any time by visiting https://myaccount.google.com/permissions and removing GeoVector from the list of connected apps.

Limited Use compliance: GeoVector’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. How We Use Your Information

We use your information to:

  • Provide and improve our AI search visibility analytics services
  • Monitor your brand's presence across AI platforms
  • Generate visibility reports, alerts, and recommendations
  • Communicate with you about your account and our services
  • Process payments and manage subscriptions
  • Provide customer support and respond to inquiries
  • Analyze platform usage to improve our services
  • Comply with legal obligations and protect our rights

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist us in operating our platform, including:

  • Cloud hosting and infrastructure providers
  • Payment processing companies
  • Email and communication services
  • Analytics and monitoring tools
  • Customer support platforms

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, safety, or the rights of others.

4.4 Consent

We may share your information with your explicit consent or at your direction.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication
  • Regular security audits and monitoring
  • Employee training on data protection
  • Incident response procedures

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Specifically:

  • Account data is retained while your account is active
  • Analytics data is retained for up to 3 years to provide historical insights
  • Communication records are retained for up to 2 years
  • Payment records are retained as required by law

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing of your information
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact us at privacy@geovector.ai.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Authenticate your account and maintain security
  • Analyze platform usage and performance
  • Provide personalized content and recommendations

You can control cookies through your browser settings, but disabling them may affect platform functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses and adequacy decisions.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the “Last updated” date. Your continued use of our services constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

14. Regional Specific Information

14.1 European Union (GDPR)

If you are located in the EU, you have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with a supervisory authority.

14.2 California (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act, including the right to know what personal information we collect and the right to opt-out of the sale of personal information (which we do not engage in).

Privacy Policy | GeoVector