BrandGEO Privacy Policy — BrandGEO A Markdown version of this page is available at https://brandgeo.co/privacy.md, optimized for AI and LLM tools. Legal · Privacy · Updated Apr 23, 2026 Privacy Policy ================ How BrandGEO.co collects, uses, and protects your personal data. Operated by A2Z WEB PTE. LTD., Singapore. **Last updated: 23 April 2026** This Privacy Policy describes how **BrandGEO.co** ("the Service") collects, uses, and discloses information when you use our AI brand visibility monitoring platform, and tells you about your privacy rights and how the law protects you. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. 1. Who we are ------------- The Service is operated by: > **A2Z WEB PTE. LTD.** ("we", "us", "our") 7 Temasek Boulevard #12-07 Suntec Tower One Singapore 038987 Registration number: 202614429R Contact: **** Throughout this policy, "**the Company**", "**we**", "**us**" and "**our**" refer to A2Z WEB PTE. LTD. "**You**" refers to the individual accessing or using the Service, or the legal entity on whose behalf such individual is acting. 2. Definitions -------------- - **Account** — a unique account created for you to access the Service. - **Service** — BrandGEO.co, including the web application, PDF reports, monitoring scheduler, and all API endpoints. - **Personal Data** — any information that relates to an identified or identifiable individual. - **Usage Data** — data collected automatically, generated by use of the Service or from the Service infrastructure itself. - **Cookies** — small files placed on your device by the Service. - **Third-party Social Media Service** — a social-network provider through which you may log in or create an account (currently only Google). 3. Data we collect ------------------ ### Personal Data you provide - Email address - Name - Password (stored as a cryptographic hash; we never see the plaintext) - Company name, URL and tagline (only if you configure white-label branding on the Business plan) - Brand name and URL for each audit or monitor you create - Payment information, processed by our payment provider (see §6) ### Data from Google, when you sign in with Google If you register or sign in using "Continue with Google", we receive your email address, name, and Google account identifier from Google. We do **not** receive your Google password or broader Google account data. You can unlink Google at any time from **Settings → Profile → Connected accounts**. ### Usage Data Collected automatically when you use the Service. Includes your IP address, browser type and version, device identifier, the pages you visit, the time and date of each visit, and time spent on pages. We use this for security, analytics, and product improvement. ### Content you generate - Audit requests, monitor configurations, competitor lists, scheduled prompts. - Results returned by AI providers for your prompts (stored against your account for the retention window described in §8). 4. How we use your data ----------------------- We process your data for the following purposes: - **Service delivery** — to run your audits, operate your monitors, generate PDF reports, and show your dashboard. - **Account management** — registration, email verification, password reset, two-factor authentication. - **Billing** — to charge your subscription and provide receipts (via Stripe; see §5). - **Transactional communication** — verification emails, audit completion notifications, alerts when your visibility score drops, trial-expiring and billing emails. These are always sent. - **Marketing** — product updates, tips, and occasional marketing emails **only if you opted in** at registration (checkbox on the register form, editable at **Settings → Profile → Email preferences**). You can unsubscribe at any time. - **Security and abuse prevention** — rate limiting, fraud detection, captcha verification. - **Product improvement** — anonymized and aggregated analytics to understand usage patterns. 5. Sub-processors and third-party services ------------------------------------------ We rely on the following third parties to deliver the Service. Each has its own privacy policy and has signed a Data Processing Agreement with us where required. CategorySub-processorPurposeAI providersOpenAI, Anthropic, Google (Gemini), xAI, DeepSeekExecuting prompts for brand-visibility audits and monitoringSocial loginGoogle (via OAuth 2.0)AuthenticationPaymentsStripe (via Laravel Spark)Subscription billing, card processingError monitoringSentryException tracking to keep the Service reliableAnti-abuseGoogle reCAPTCHA v2Bot detection on the registration formEmail deliveryResend / Mailgun / AWS SES (whichever is configured in production)Sending transactional and opted-in marketing emails6. Payments ----------- Payment cards are processed directly by **Stripe**. We do not see or store your full card number; we only retain a Stripe customer ID, the card's last four digits, card brand, and expiration date for display in billing settings. Stripe's privacy policy applies to card processing: [stripe.com/privacy](https://stripe.com/privacy). 7. Cookies ---------- We use a small set of first-party cookies: - **`brandgeo-session`** — session cookie, required for authentication. - **`XSRF-TOKEN`** — CSRF-protection cookie, required for form submissions. - **`last_social_google_email`** — persistent cookie (1 year) remembering which Google account you last used, to surface "Continue as …" on the login button. We do not currently use third-party advertising cookies. You can clear all BrandGEO cookies at any time via your browser settings; this will log you out. 8. Data retention ----------------- - **Account data** — retained while your account is active. Deleted within 30 days of account deletion, except where longer retention is required by law (e.g. invoicing records under Singapore tax law: 5 years). - **Audit results and monitor snapshots** — retained for the trend-history window of your plan at the time of data creation: **30 days** (Starter), **90 days** (Growth), **365 days** (Business). Data older than your plan's window is deleted on a rolling basis. - **Usage/diagnostic logs** — 90 days. - **Error/Sentry logs** — up to 90 days, retained separately for incident response. 9. Your rights under GDPR and equivalent laws --------------------------------------------- You have the right to: 1. **Access** — request a copy of the Personal Data we hold about you. 2. **Rectify** — correct inaccurate data via **Settings → Profile**. 3. **Erase** — delete your account and associated Personal Data ("right to be forgotten"). Self-serve at **Settings → Profile → Delete account**, or email . 4. **Object or restrict processing** — opt out of marketing emails any time via **Settings → Profile → Email preferences**, or email for broader restrictions. 5. **Data portability** — request your data in a structured, machine-readable format. Email . 6. **Withdraw consent** — revoke any consent you previously gave (e.g. marketing opt-in). 7. **Lodge a complaint** — with your local data protection authority, or with the Personal Data Protection Commission of Singapore ([pdpc.gov.sg](https://www.pdpc.gov.sg)). We respond to verified requests within 30 days. 10. International transfers --------------------------- We are based in Singapore. Some of our sub-processors (AI providers, Stripe, Sentry) operate servers outside Singapore, primarily in the United States and the European Union. Where such transfers occur, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards. For transfers to OpenAI, Anthropic and Google, we have executed Data Processing Addenda incorporating these safeguards. 11. Security ------------ We implement industry-standard security measures to protect your data: - TLS 1.2+ encryption in transit. - Encryption at rest for databases and backups. - Hashed passwords (bcrypt). - Optional two-factor authentication via TOTP. - Regular backups with limited retention. - Principle of least privilege for internal access. No method of transmission over the Internet is 100% secure. If you have reason to believe your account has been compromised, email immediately. 12. Children's privacy ---------------------- The Service is not directed at children under 13 and we do not knowingly collect Personal Data from anyone under 13. If you believe a child has provided us with Personal Data, please contact us and we will delete it promptly. 13. Links to other websites --------------------------- The Service may contain links to third-party websites (e.g. AI providers, our blog authors' profiles). We are not responsible for the privacy practices or content of such sites. We recommend reviewing their privacy policies. 14. Changes to this policy -------------------------- We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or a prominent notice in the Service at least 14 days before taking effect. The "Last updated" date at the top of this policy always reflects the latest revision. 15. Contact us -------------- For any privacy-related questions, requests, or complaints: > **A2Z WEB PTE. LTD.**7 Temasek Boulevard #12-07 Suntec Tower One Singapore 038987 Email: **** ### Have questions? We respond to every email personally, usually within one business day. [ contact@brandgeo.co ](mailto:contact@brandgeo.co) [ Back to home ](https://brandgeo.co) On this page Legal entity A2Z WEB PTE. LTD. 7 Temasek Boulevard #12-07 Suntec Tower One, Singapore 038987 Reg. 202614429R [ contact@brandgeo.co ](mailto:contact@brandgeo.co)