Privacy Policy
Last updated: March 27, 2026
Overview
GEOCraft, Inc. (“GEOCraft”, “we”, “our”, or “us”) operates the GEOCraft platform available at geocraft.ai. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. By using our services you agree to this policy.
Data We Collect
Account & Profile Data
When you sign up we collect your name, email address, company name, and a hashed password. If you sign in via OAuth (Google, GitHub) we receive the profile information your identity provider grants us.
Billing Data
Payment card details are collected and stored by our payment processor, Stripe. We store only a non-sensitive billing token and the last four digits of your card. We never have access to your full card number.
Usage & Content Data
We collect the GEO briefs, keywords, target URLs, and generated content you create through the platform. This data is associated with your organization and is used exclusively to deliver the service.
Technical & Log Data
We automatically collect IP addresses, browser type, operating system, referring URLs, pages visited, and timestamps when you use our platform or marketing site. This data is used for security monitoring, debugging, and aggregate analytics.
Cookies & Tracking
We use cookies and similar technologies as described in our Cookie Policy. These include strictly necessary cookies for authentication, analytics cookies (Google Analytics 4), and functional cookies for UI preferences.
How We Use Your Data
- Provide, operate, and improve the GEOCraft platform
- Process payments and manage your subscription
- Send transactional emails (receipts, password resets, usage alerts)
- Send product updates and marketing communications (you can opt out at any time)
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
- Analyze aggregate usage patterns to improve our product
We do not sell your personal data to third parties. We do not use your content to train AI models without your explicit consent.
Third-Party Services
We share data with the following categories of trusted service providers to operate the platform. Each provider is bound by a data processing agreement consistent with applicable law.
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Name, email, billing address |
| OpenAI / Perplexity | AI content generation | Brief content and keywords you submit |
| Google Analytics 4 | Marketing site analytics | Anonymized page-view data |
| Railway / Vercel | Cloud infrastructure | All platform data (encrypted at rest) |
| SendGrid / Resend | Transactional email | Email address, message content |
Data Retention
We retain your account and content data for as long as your account is active and for up to 90 days after cancellation to allow for re-activation. Aggregated analytics data may be retained indefinitely in anonymized form. Log data is purged after 90 days. You can request earlier deletion (see Your Rights below).
Data Security
We implement industry-standard security controls including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and multi-factor authentication options. No method of transmission or storage is 100% secure; if you suspect a security issue please contact us immediately at [email protected].
Your Rights
Depending on your location you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate or incomplete data
- Deletion — request erasure of your personal data (“right to be forgotten”)
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests or for direct marketing
- Restriction — ask us to restrict processing in certain circumstances
To exercise any of these rights, email [email protected]. We will respond within 30 days. You may also delete your account directly from your account settings, which will schedule your data for deletion within 30 days.
Children's Privacy
GEOCraft is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
International Transfers
GEOCraft is based in the United States. If you access our services from outside the US, your data may be transferred to and processed in the US or other countries where our service providers operate. We rely on Standard Contractual Clauses and other appropriate safeguards for cross-border transfers involving EU/EEA or UK personal data.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.
Contact
For privacy-related questions, requests, or complaints:
GEOCraft, Inc.
340 S Lemon Ave #8689, Walnut, CA 91789
Email: [email protected]
See also our Terms of Service and Cookie Policy.