Privacy Policy

1. Introduction

GeoPulse Tech ("we," "our," or "us") operates the website https://geopulse-tech.com and provides an AI-powered e-commerce optimization platform and applications for Shopify, WooCommerce, BigCommerce, and other e-commerce platforms (collectively, the "Service"). We are committed to protecting your privacy and handling your personal information with transparency and care.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, organization name, and contact details when you create an account
• Store Connection Data: OAuth tokens, API keys, and credentials necessary to connect your e-commerce store (all encrypted at rest)
• Product Data: Product titles, descriptions, prices, images, SKUs, and other product information from your connected store
• Payment Information: Billing address, payment method details (processed securely through Stripe, we do not store full credit card numbers)
• Support Communications: Messages, emails, and other communications when you contact our support team
• Store Analytics: Website performance data, traffic metrics, and SEO-related information you choose to share

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns
• Technical Data: IP address, browser type and version, device information, operating system, and unique device identifiers
• Performance Metrics: Service response times, error rates, and system performance data
• Log Data: Server logs, error logs, and diagnostic information for troubleshooting and security
• Cookies and Tracking Technologies: See Section 3 for detailed information about our use of cookies

2.3 Information from Third Parties

• E-commerce Platforms: Data received from Shopify, WooCommerce, BigCommerce, or other platforms you connect
• Payment Processors: Transaction information from Stripe for billing purposes
• Authentication Providers: User information from Supabase (our authentication provider)

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

Types of Cookies We Use:

• Essential Cookies: Required for the Service to function properly (authentication, security, session management)
• Analytics Cookies: Help us understand how visitors interact with our Service (we use Vercel Analytics)
• Functional Cookies: Remember your preferences and settings to improve your experience

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

4. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve our Service, including processing your requests and managing your account
• AI Processing: To generate AI-powered optimizations such as schema markup (JSON-LD), product descriptions, FAQs, content briefs, and llms.txt files
• Payment Processing: To process payments, manage subscriptions, and handle billing through Stripe
• Communication: To send you service-related notifications, weekly performance reports, product updates, and respond to your support requests
• Analytics and Improvement: To analyze usage patterns, monitor performance, and develop new features
• Security: To detect, prevent, and address technical issues, fraud, and security threats
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Marketing: To send you promotional communications (with your consent, which you can opt-out of at any time)

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• AI Service Providers: We share product data (titles, descriptions, images) with AI providers including OpenAI, Anthropic (Claude), Google (Gemini), Groq, and other AI services to generate optimizations. These providers are contractually bound to:
  • Use data solely for processing your requests
  • Not use your data to train their models without your explicit consent
  • Maintain appropriate security measures
  • Comply with applicable data protection laws
• Service Providers: We share data with trusted third-party service providers who perform services on our behalf:
  • Hosting: Vercel (hosting and infrastructure)
  • Database: Supabase (database and authentication)
  • Payment Processing: Stripe (payment processing - they handle all payment card data)
  • Analytics: Vercel Analytics (usage analytics)
  • Error Tracking: Sentry (error monitoring and diagnostics)
  • Email Services: SMTP providers for transactional emails
• Legal Requirements: When required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company
• With Your Consent: We may share your information with your explicit consent for any other purpose

6. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption: All sensitive data (OAuth tokens, API keys, credentials) is encrypted at rest using AES-256-GCM encryption
• Transport Security: All data transmission is encrypted using HTTPS/TLS 1.3
• Access Controls: Strict access controls and authentication mechanisms limit access to personal data to authorized personnel only
• Secure Storage: Data is stored in secure, SOC 2 compliant data centers (Supabase infrastructure)
• Regular Audits: We conduct regular security audits and vulnerability assessments
• Token Management: OAuth tokens and API credentials are encrypted and stored securely, never in plain text
• Payment Security: Payment card data is handled exclusively by Stripe (PCI DSS Level 1 compliant) - we never store full credit card numbers

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest standards.

7. Your Privacy Rights

7.1 GDPR Rights (European Economic Area)

If you are located in the EEA, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format
• Right to Object: Object to processing of your personal data for certain purposes
• Right to Restrict Processing: Request restriction of processing in certain circumstances
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Exercise your rights without discrimination

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@geopulse-tech.com with:

• Your full name and email address associated with your account
• A clear description of the right you wish to exercise
• Any additional information needed to verify your identity

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

8. Data Retention

We retain your personal information only for as long as necessary to:

• Provide our Service to you
• Comply with legal obligations (e.g., tax records, accounting requirements)
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

Account Deletion: When you delete your account or uninstall our app from your store, we will:

• Delete or anonymize your personal data within 30 days
• Remove all product data and generated content from our systems
• Delete encrypted credentials and API tokens
• Retain only data required by law (e.g., transaction records for tax purposes) for the legally required period

Backup Data: Deleted data may remain in our backup systems for up to 90 days before being permanently removed.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18 ("Children"). We do not knowingly collect personal information from Children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@geopulse-tech.com. If we become aware that we have collected personal information from Children without verification of parental consent, we will take steps to delete that information from our servers.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. Specifically:

• Our servers and data centers are located in the United States and other countries
• AI providers (OpenAI, Anthropic, Google, Groq) may process data in various international locations
• We ensure appropriate safeguards are in place, including:
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all service providers
  • Compliance with applicable data protection frameworks

By using our Service, you consent to the transfer of your information to these countries.

11. Third-Party Links and Services

Our Service may contain links to third-party websites or services that are not owned or controlled by GeoPulse Tech. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page with a new "Last Updated" date
• Sending you an email notification (if you have an account with us)
• Displaying a prominent notice on our Service

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: