Privacy Policy

Last Updated: December 25, 2025

1. Introduction

Welcome to surfgeo ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

By using surfgeo, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

We collect several types of information from and about users of our services:

Personal Information:

Name and contact information (email address, phone number)
Company name and website URL
Payment information (processed securely through third-party payment processors)
Account credentials (username, password)

Usage Data:

Browser type and version
IP address and location data
Pages visited and time spent on pages
Search queries and interactions with our platform
Device information (operating system, device type)

Tracking Data:

Cookies and similar tracking technologies
Analytics data (via Google Analytics, Vercel Analytics)
Session recordings (via Hotjar, if enabled)

AI Visibility Data:

Brand mentions across AI platforms
Competitor data you provide
Content you create using our Content Agent
Prompts and queries you track

3. How We Use Your Information

We use the information we collect for the following purposes:

Provide Services: To operate and maintain our AI Engine Optimization platform
Account Management: To create and manage your account
Communication: To send you updates, newsletters, and marketing communications
Customer Support: To respond to your requests and provide technical support
Analytics: To analyze usage patterns and improve our services
Payment Processing: To process transactions and manage subscriptions
Legal Compliance: To comply with legal obligations and enforce our terms
Security: To protect against fraud, abuse, and security threats

4. Data Storage & Security

Storage Location:

Your data is stored on secure servers provided by Vercel (frontend) and Neon/Supabase (database). Servers are located in the United States and European Union.

Security Measures:

Data encryption in transit (HTTPS/TLS)
Data encryption at rest
Regular security audits
Access controls and authentication
SOC 2 Type II compliance

Data Retention:

Account data: Retained while your account is active
Usage data: Retained for up to 2 years (Enterprise plan)
After account deletion: Data is retained for 30 days, then permanently deleted
Backup data: Retained for 90 days in encrypted backups

While we implement reasonable security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

We use the following third-party services that may collect your information:

Analytics: Google Analytics 4, Vercel Analytics
Payment Processing: Stripe (credit card processing)
Email Services: Resend (transactional emails)
Hosting: Vercel (web hosting), Neon/Supabase (database)
Monitoring: Sentry (error tracking), Hotjar (optional session recording)

These third parties have their own privacy policies. We are not responsible for the privacy practices of these external services.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to:

Maintain your session and keep you logged in
Remember your preferences and settings
Analyze website traffic and usage patterns
Personalize content and advertisements

Types of Cookies:

Essential Cookies: Required for the website to function (cannot be disabled)
Analytics Cookies: Help us understand how visitors use our site
Marketing Cookies: Used to deliver relevant advertisements

You can control cookies through your browser settings. Disabling certain cookies may limit functionality of our services.

7. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

GDPR Rights (EU Users):

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to certain types of processing
Right to Withdraw Consent: Withdraw consent at any time

CCPA Rights (California Users):

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to say no to the sale of personal information
Right to access your personal information
Right to request deletion of personal information
Right to non-discrimination for exercising your rights

To exercise your rights:

8. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy:

Active Accounts: Data retained while account is active
Inactive Accounts: Data retained for 12 months, then deleted
Deleted Accounts: Data accessible for 30 days, then permanently deleted
Legal Requirements: Some data may be retained longer to comply with legal obligations
Backup Data: Encrypted backups retained for 90 days

You can request deletion of your data at any time by contacting us.

9. Children's Privacy

surfgeo is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information immediately.

If you believe we have collected information from a child under 18, please contact us at legal@surfgeo.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

We ensure appropriate safeguards are in place for international transfers:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission
Your consent to the transfer

By using our services, you consent to the transfer of your information to the United States and other countries where we operate.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date at the top of this policy
Sending you an email notification (for material changes)

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: legal@surfgeo.com
Address: surfgeo Inc., [Address TBD]
Data Protection Officer: dpo@surfgeo.com

We will respond to all requests within 30 days.

Privacy Policy

Last Updated: December 25, 2025

1. Introduction

By using surfgeo, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

We collect several types of information from and about users of our services:

Personal Information:

Name and contact information (email address, phone number)
Company name and website URL
Payment information (processed securely through third-party payment processors)
Account credentials (username, password)

Usage Data:

Browser type and version
IP address and location data
Pages visited and time spent on pages
Search queries and interactions with our platform
Device information (operating system, device type)

Tracking Data:

Cookies and similar tracking technologies
Analytics data (via Google Analytics, Vercel Analytics)
Session recordings (via Hotjar, if enabled)

AI Visibility Data:

Brand mentions across AI platforms
Competitor data you provide
Content you create using our Content Agent
Prompts and queries you track

3. How We Use Your Information

We use the information we collect for the following purposes:

Provide Services: To operate and maintain our AI Engine Optimization platform
Account Management: To create and manage your account
Communication: To send you updates, newsletters, and marketing communications
Customer Support: To respond to your requests and provide technical support
Analytics: To analyze usage patterns and improve our services
Payment Processing: To process transactions and manage subscriptions
Legal Compliance: To comply with legal obligations and enforce our terms
Security: To protect against fraud, abuse, and security threats

4. Data Storage & Security

Storage Location:

Your data is stored on secure servers provided by Vercel (frontend) and Neon/Supabase (database). Servers are located in the United States and European Union.

Security Measures:

Data encryption in transit (HTTPS/TLS)
Data encryption at rest
Regular security audits
Access controls and authentication
SOC 2 Type II compliance

Data Retention:

Account data: Retained while your account is active
Usage data: Retained for up to 2 years (Enterprise plan)
After account deletion: Data is retained for 30 days, then permanently deleted
Backup data: Retained for 90 days in encrypted backups

While we implement reasonable security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

We use the following third-party services that may collect your information:

Analytics: Google Analytics 4, Vercel Analytics
Payment Processing: Stripe (credit card processing)
Email Services: Resend (transactional emails)
Hosting: Vercel (web hosting), Neon/Supabase (database)
Monitoring: Sentry (error tracking), Hotjar (optional session recording)

These third parties have their own privacy policies. We are not responsible for the privacy practices of these external services.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to:

Maintain your session and keep you logged in
Remember your preferences and settings
Analyze website traffic and usage patterns
Personalize content and advertisements

Types of Cookies:

Essential Cookies: Required for the website to function (cannot be disabled)
Analytics Cookies: Help us understand how visitors use our site
Marketing Cookies: Used to deliver relevant advertisements

You can control cookies through your browser settings. Disabling certain cookies may limit functionality of our services.

7. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

GDPR Rights (EU Users):

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a portable format
Right to Object: Object to certain types of processing
Right to Withdraw Consent: Withdraw consent at any time

CCPA Rights (California Users):

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to say no to the sale of personal information
Right to access your personal information
Right to request deletion of personal information
Right to non-discrimination for exercising your rights

To exercise your rights:

8. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy:

Active Accounts: Data retained while account is active
Inactive Accounts: Data retained for 12 months, then deleted
Deleted Accounts: Data accessible for 30 days, then permanently deleted
Legal Requirements: Some data may be retained longer to comply with legal obligations
Backup Data: Encrypted backups retained for 90 days

You can request deletion of your data at any time by contacting us.

9. Children's Privacy

surfgeo is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information immediately.

If you believe we have collected information from a child under 18, please contact us at legal@surfgeo.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

We ensure appropriate safeguards are in place for international transfers:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission
Your consent to the transfer

By using our services, you consent to the transfer of your information to the United States and other countries where we operate.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date at the top of this policy
Sending you an email notification (for material changes)

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: legal@surfgeo.com
Address: surfgeo Inc., [Address TBD]
Data Protection Officer: dpo@surfgeo.com

We will respond to all requests within 30 days.

1. Introduction

2. Information We Collect

3. How We Use Your Information

4. Data Storage & Security

5. Third-Party Services

6. Cookies & Tracking Technologies

7. Your Rights (GDPR/CCPA)

8. Data Retention

9. Children&apos;s Privacy

10. International Data Transfers

11. Changes to This Privacy Policy

12. Contact Us

1. Introduction

2. Information We Collect

3. How We Use Your Information

4. Data Storage & Security

5. Third-Party Services

6. Cookies & Tracking Technologies

7. Your Rights (GDPR/CCPA)

8. Data Retention

9. Children&apos;s Privacy

10. International Data Transfers

11. Changes to This Privacy Policy

12. Contact Us

9. Children's Privacy

9. Children's Privacy