Privacy Policy

GenSight.AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Generative Engine Optimization (GEO) SaaS platform. We operate in compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and applicable United States privacy laws (including CCPA/CPRA).

1. Information We Collect

We collect information that identifies, relates to, or could reasonably be linked to you ("Personal Data") in the following categories:

• Account & Contact Information: Name, email address, company name, and job title when you register for a trial or premium account.
• Audit & Input Data: URLs, target niches, and metadata you submit into the GenSight Engine. Note: Public URLs submitted for auditing are not considered Personal Data, but any proprietary data entered into search parameters is processed under this policy.
• Billing Information: Payment details processed securely via our PCI-DSS compliant third-party payment processors (e.g., Stripe). We do not store full credit card numbers on our servers.
• Technical & Usage Data: IP addresses, browser type, operating system, and interaction metrics (e.g., audit generation history, PDF downloads) collected via server logs and application functionality.

Cookies & Local Storage

GenSight.AI does not use third-party tracking cookies, advertising pixels, or analytics services (such as Google Analytics). We do not track you across websites or share browsing data with any third party.

We use your browser's localStorage (not cookies) to store functional preferences such as your light/dark mode setting, active session email, and temporary audit data for page navigation. This data never leaves your browser and is not transmitted to our servers or any third party.

Our authentication system (Supabase Auth) may set a strictly necessary session token to maintain your login state. This is exempt from consent requirements under the UK GDPR, EU ePrivacy Directive, and PECR as it is essential for the service to function.

When you use our payment system, Stripe may set its own cookies on its domain (stripe.com) during checkout. These are governed by Stripe's own privacy policy and are not controlled by GenSight.AI.

Because we do not set any tracking, advertising, or non-essential cookies, a cookie consent banner is not required for our platform.

2. How We Use Your Data (Lawful Basis)

Under the UK/EU GDPR, we must have a lawful basis for processing your data. We utilize your data for the following purposes:

• Performance of a Contract: To generate GEO audits, render dashboards, deliver PDF artifacts, and manage your subscription.
• Legitimate Interests: To analyze usage trends, improve our deterministic scoring algorithms, and maintain the security of our infrastructure against scraping or API abuse.
• Consent: To send marketing communications, which you can opt out of at any time.

3. AI Processing & Third-Party Subprocessors

GenSight.AI utilizes Large Language Models (LLMs) to perform vector gap analysis. By using our service, you acknowledge that input data (URLs and target niches) are transmitted via secure API to third-party sub-processors (e.g., Google Cloud / Gemini API).

Strict Data Perimeter: We configure our enterprise API agreements such that your submitted data and audit results are not used by these third-party providers to train their foundational models.

4. United States Privacy Rights (CCPA/CPRA)

If you are a resident of California or a state with similar privacy frameworks, you have specific rights regarding your personal information. GenSight.AI does not sell or share your personal information to third parties for cross-context behavioral advertising.

5. Your European and UK Data Rights

If you reside in the EEA or the UK, you possess the following rights:

• The Right to Access & Portability: Request a copy of the personal data we hold about you.
• The Right to Erasure (Right to be Forgotten): Request the deletion of your account and associated personal data.
• The Right to Rectification: Correct inaccurate or incomplete data.
• The Right to Restrict Processing: Limit how we use your data under certain circumstances.

To exercise any of these rights, please contact us at contact@gensight.ai. We will respond within 30 days.

6. Data Security and Retention

We implement commercially reasonable technical and organizational measures to protect your data, including TLS encryption in transit and AES-256 encryption at rest. We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. If an account is deleted, audit history and associated data are purged from our active databases within 60 days.

7. International Data Transfers

As a global SaaS platform operating from the United Kingdom, your data may be transferred to, stored, and processed in the United States (where our cloud servers or API providers may be located). We ensure such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the UK ICO and the European Commission.

8. Changes to this Policy

We may update this Privacy Policy to reflect changes in our technology or legal requirements. We will notify active users of material changes via email or a prominent notice on our platform.