GeoGoal
Home/Privacy Policy
Legal

Privacy Policy

Last Updated: March 23, 2026

🇬🇧
UK GDPR Compliant
GeoGoal.ai is operated by Amobcom Limited, a UK-based company. This policy is written in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

GeoGoal.ai is operated by Amobcom Limited, a company incorporated in England and Wales. Amobcom Limited is the data controller for the personal information we collect through GeoGoal.ai.

As a UK-based data controller, we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting your personal data and processing it in a fair, lawful, and transparent manner.

2. Data We Collect

We collect and process the following categories of personal data:

Audit Information
We collect public URLs submitted by users for analysis. We do not scrape, store, or process Personally Identifiable Information (PII) from your website's internal content.
Account & Billing Information
We collect email addresses and billing information (processed securely via Stripe) for users who purchase our plans.
Usage Data
We track interactions with our platform (pages visited, features used, session duration) to improve our GEO algorithms and service quality.
Cookie Data
We use essential cookies required for platform functionality. See Section 7 for full details on our cookie usage.

4. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights regarding your personal data:

Right of Access
Request a copy of the data we hold about you.
Right to Rectification
Correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your account data ("Right to be Forgotten").
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Restrict Processing
Ask us to limit how we use your data in certain circumstances.
Right to Object
Object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, please email us at [email protected]. We will respond within 30 days in accordance with UK GDPR requirements.

5. Data Sharing

We do not sell your personal data to third parties. We share data only with trusted service providers necessary to operate our platform, all of whom are bound by strict data protection obligations:

  • AWS / CloudFront — cloud infrastructure and content delivery, operating under AWS's GDPR-compliant data processing agreements.
  • Stripe — secure payment processing, PCI DSS Level 1 certified and UK GDPR compliant.
  • Resend — transactional email delivery for order confirmations and audit reports.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply:

Audit Report Data
We retain your audit report data for a period of 30 days after generation. After this period, data is permanently deleted from our servers and storage providers (AWS/S3).
Billing Records
Retained for 7 years in accordance with UK HMRC requirements.
Usage Logs
Retained for up to 12 months to support platform improvement and security monitoring.
Account Data
Retained for the duration of your account. Deleted within 30 days of an account deletion request.

You may request deletion of your data at any time by contacting [email protected].

7. Sub-processors

We work with the following trusted sub-processors to deliver our service. Each sub-processor is bound by a Data Processing Agreement (DPA) and adheres to GDPR/UK GDPR standards:

Amazon Web Services (AWS) — CloudFront & S3
Purpose: Cloud infrastructure, content delivery, and secure file storage for audit reports.
Location: EU/UK regions
Compliance: AWS GDPR DPA, ISO 27001, SOC 2
Resend
Purpose: Transactional email delivery for order confirmations and audit report notifications.
Location: EU
Compliance: GDPR/UK GDPR compliant, DPA available
Stripe
Purpose: Secure payment processing. Stripe processes billing data directly and does not share raw card data with us.
Location: EU/UK
Compliance: PCI DSS Level 1, GDPR DPA

8. Cookies

We use essential cookies to maintain your session and ensure platform security. We do not use advertising or tracking cookies.

  • Session Cookies: Required for authentication and to maintain your login state during a session. These are deleted when you close your browser.
  • Security Cookies: Used to prevent cross-site request forgery (CSRF) and ensure platform integrity. These are essential and cannot be disabled.
We do not use advertising cookies, third-party tracking cookies, or any cookies that profile your browsing behaviour across other websites.

9. Right to Lodge a Complaint with the ICO

If you believe we have not handled your personal data in accordance with the UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection authority.

Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by updating the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

View Terms of Service →← Back to Home