← Back to home

Privacy Policy

Last updated: 26 April 2026

GeoGibbon is a service of Gibbon Limited. This Privacy Policy describes what personal data we collect when you use geogibbon.com, why we collect it, who has access to it, and the rights you have under applicable data protection law, including the EU General Data Protection Regulation (GDPR).

1. Who is the data controller

Gibbon Limited is the data controller for personal data collected through GeoGibbon. For privacy questions, contact us at [email protected].

2. What data we collect

2.1 Data you provide directly

When you submit an audit request, we collect:

  • Business name
  • Business website URL
  • Industry / sector
  • Primary location
  • Business type (local, B2B, e-commerce, other)
  • Email address
  • Audit tier selected (Free, Standard, Expert)

For paid audits (Standard, Expert), Stripe processes your payment data directly. We never see or store your card details. Stripe sends us a confirmation token only.

2.2 Data collected automatically

When you visit geogibbon.com, our infrastructure logs basic technical information for security and reliability purposes: IP address, user agent, page accessed, timestamp. These logs are retained for 30 days, then deleted.

We use Cloudflare as a CDN and DDoS protection service. Cloudflare may also collect technical data per its own privacy policy.

2.3 What we do NOT collect

  • We do not use third-party analytics that track you across sites (no Google Analytics, no Meta Pixel, etc.)
  • We do not use advertising cookies
  • We do not collect demographic data
  • We do not collect data from your business website beyond what is publicly available on the open web

3. How we use your data

We use your data only to:

  • Run your AI search visibility audit
  • Send you the audit results via email
  • Send re-scans included in your tier
  • Process payment (paid tiers)
  • Provide customer support if you contact us

We do not sell your data. We do not share it with third parties for marketing. We do not use your data to train AI models.

4. Third-party services we use

To deliver the service, we share necessary data with the following processors. Each is GDPR-compliant and bound by a Data Processing Agreement:

  • DigitalOcean — server and database hosting (Singapore region)
  • Cloudflare — CDN, DNS, DDoS protection
  • Resend — transactional email delivery
  • Stripe — payment processing (paid tiers only)
  • OpenAI, Anthropic, Perplexity — we send queries about your business to these AI platforms as part of the audit. We do not send your email or other identifying personal data to them.
  • Cal.com — booking the debrief call (Expert tier only)

5. Where your data is stored

Your data is stored on servers in Singapore (DigitalOcean SGP1 region). When data is transferred to processors outside the EU, we rely on Standard Contractual Clauses or equivalent safeguards.

6. How long we keep your data

  • Audit data: kept for 24 months from the date of the audit, so we can serve re-scans and let you reference your history. Deleted after 24 months unless you request otherwise.
  • Email and account data: kept until you ask us to delete it.
  • Server access logs: 30 days.
  • Payment records: kept for 7 years as required by accounting law.

7. Your rights under GDPR

If you are in the EU/EEA, UK, or Switzerland, you have the following rights:

  • Right to access — request a copy of the data we hold on you
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data
  • Right to restriction — limit how we use your data
  • Right to portability — receive your data in a machine-readable format
  • Right to object — object to certain processing activities
  • Right to lodge a complaint — with your local data protection authority

To exercise any of these rights, email [email protected]. We respond within 30 days.

8. Cookies

GeoGibbon uses only strictly necessary cookies (session cookies for authenticated areas). We do not use any non-essential, tracking, or advertising cookies. Cloudflare may set its own cookies for security purposes; these are functional and required for the site to operate.

9. Children's privacy

GeoGibbon is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has submitted data, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the latest version. For material changes that affect your rights, we will notify you by email if we have one on file.

11. Contact

Privacy questions and GDPR requests: [email protected]

General contact: [email protected]