G
GEO Toolbox

Privacy Policy

Last updated: April 22, 2026

1. What We Collect

When you sign in with Google, we receive your name, email address, and profile picture from your Google account.

If you connect Google Search Console, we access your GSC property list and search performance data (queries, clicks, impressions, average position, country, device, page, date) for the sites you authorize, under the https://www.googleapis.com/auth/webmasters.readonly scope.

If you connect Google Analytics 4, we access your GA4 property list and traffic metrics (sessions, users, engagement rate, conversions, landing pages, source dimensions) under the https://www.googleapis.com/auth/analytics.readonly scope. We use this to identify traffic from AI search engines (ChatGPT, Gemini, Claude, Perplexity, NotebookLM).

2. How We Use Your Data

  • To authenticate you and display your account information
  • To show your Google Search Console and Google Analytics 4 data within the GEO Toolbox dashboard
  • To generate AI visibility reports for your domains

Google user data use is strictly limited to the purposes listed above. We do not use Google user data to develop, improve, or train generalized AI or machine-learning models. We do not transfer Google user data to third parties except as necessary to provide or improve the Service, or as required by law. Our handling of Google user data conforms to the Google API Services User Data Policy, including the Limited Use requirements.

3. Data Storage and Retention

We do not store your raw Google Search Console or Google Analytics 4 data on our servers.All GSC and GA4 API responses are cached in your browser's localStorage for up to 6 hours and then automatically cleared. Clearing browser storage removes them immediately.

Server-side storage is limited to:

  • Your OAuth tokens (access and refresh), encrypted at rest, retained until you disconnect
  • Your connected GSC property and GA4 property identifiers
  • Authentication logs (sign-in attempts, session cookies) — purged automatically within 7 days of inactivity
  • Page-fetch cache (rendered HTML we fetched on your behalf to analyze) — held up to 24 hours, then superseded on the next fetch
  • Analysis outputs you generate (scan reports, domain overviews, agent-readiness checks, content briefs, citability analyses, competitor radar scans, AI-ready export transforms, AI visibility tracking) — retained indefinitely so you and your team can compare performance over time. Your plan controls how much of that history is visible in the dashboard: on the Free plan the Tracker shows the most recent 12 weeks of scan history; the Agency plan shows your complete history. Older data is not displayed on the Free plan, but it is never modified or deleted while your account is active.
  • Internal cost and audit logs for our own infrastructure monitoring, containing no personal data beyond a non-identifying account ID
  • Error telemetry (anonymized, no PII) for up to 90 days

Right to deletion. You can delete all of your data at any time by deleting your account or emailing samy@geotoolbox.ai. We action account-wide deletion within 14 days. Removing a tracked brand from your dashboard immediately soft-deletes it and its watchlist.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We use the following subprocessors to operate the Service:

  • Google OAuth: authentication
  • Google Search Console API: search performance data
  • Google Analytics Data API: AI traffic data
  • Vercel: application hosting
  • Replit: application hosting (PHP backend)
  • Neon: PostgreSQL database hosting
  • Sentry: error monitoring (no PII transmitted)

5. Your Rights

You can:

  • Revoke GEO Toolbox's access to your Google account at any time at https://myaccount.google.com/permissions
  • Disconnect GSC or GA4 from within the app's Analytics tab (the “disconnect” link under the connected-account badge)
  • Request deletion of all server-side data by emailing samy@geotoolbox.ai; we respond within 14 days
  • Clear locally cached data by clearing your browser storage

6. Cookies

We use essential cookies for session management. We do not use advertising or tracking cookies.

7. Contact

For privacy questions or data deletion requests, email samy@geotoolbox.ai.