Privacy Policy

Last updated: March 2026 · Effective: March 1, 2026

1. Introduction

LumenGEO (“we”, “our”, or “us”) operates lumengeo.co, a GEO (Generative Engine Optimization) citation monitoring and optimization platform. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our services.

By using LumenGEO, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

2. Information We Collect

2.1 Information you provide

  • Email address — required to run a free audit, create an account, or purchase a subscription.
  • Name and company — optional profile fields.
  • Domain name — the website you want analyzed; submitted via the audit form.
  • Billing information — collected and processed directly by Stripe; we never see or store raw card data.

2.2 Information collected automatically

  • Usage data — pages visited, features used, audit history, and interaction events.
  • UTM parameters — source, medium, campaign, content, and term from referring URLs, used to measure advertising effectiveness.
  • IP address and device info — collected by Cloudflare for security and bot protection; not stored by us beyond standard logs.
  • Cookies — session cookies for authentication; analytics cookies from Google Analytics and Meta Pixel (see Section 4).

2.3 Information from third-party analysis

When you submit a domain for analysis, we query the DataForSEO API to retrieve citation data from AI search engines (ChatGPT, Perplexity, Claude, etc.). This data relates to your domain's public presence, not to you personally.

3. How We Use Your Information

  • Deliver the service — run audits, generate GEO scores, send your results via email.
  • Account management — authenticate you, manage your subscription, and sync your data across devices.
  • Email communications — send your audit report, weekly digests, product updates, and marketing emails. You can unsubscribe from marketing emails at any time (see Section 7).
  • Billing — process payments, issue receipts, and manage subscription lifecycle via Stripe.
  • Improvement and analytics — understand how the product is used to fix bugs, improve features, and optimize conversion flows.
  • Security and fraud prevention — detect abuse, enforce rate limits, and protect accounts.

Legal bases (GDPR): Contract performance (delivering the service you signed up for), legitimate interests (product improvement, security), and consent (marketing emails).

4. Third-Party Service Providers

We share data with the following processors only as necessary to operate the service:

ProviderPurposeData shared
SupabaseDatabase & authenticationEmail, profile, audit history
StripePayment processingEmail, billing address, payment method
ResendTransactional & marketing emailEmail, name, subscription status
DataForSEOAI citation analysisDomain name (no personal data)
Cloudflare TurnstileBot protectionIP address, browser signals
Google AnalyticsUsage analyticsAnonymized usage events, pages visited
Meta PixelAd conversion trackingHashed email (if provided), page events

All providers are under data processing agreements. We do not sell your personal information to third parties.

5. Data Retention

  • Account data — retained while your account is active and for 90 days after deletion to allow recovery.
  • Audit history — retained for the life of your account.
  • Email logs — retained for 12 months for deliverability and compliance.
  • Billing records — retained for 7 years to comply with financial regulations.
  • Lead-only records (free audit without account) — retained for 24 months or until deletion is requested.

6. Cookies

We use the following categories of cookies:

  • Strictly necessary — authentication session cookies (Supabase). Cannot be disabled without breaking the service.
  • Analytics — Google Analytics cookies to understand aggregate usage patterns. You can opt out via Google's opt-out tool.
  • Advertising — Meta Pixel cookies for ad attribution. You can opt out via Meta ad preferences.

7. Email Communications & Unsubscribe

We send two types of email:

  • Transactional emails — audit results, billing receipts, account security notices. These are sent regardless of marketing preferences because they are essential to the service.
  • Marketing emails — weekly digests, GEO tips, product announcements. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by emailing support@lumengeo.co.

We honor unsubscribe requests within 10 business days as required by CAN-SPAM and CASL. GDPR users have the right to withdraw consent immediately.

8. Your Privacy Rights

GDPR (EU/UK residents)

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (receive your data in a structured format)
  • Lodge a complaint with your supervisory authority

CCPA (California residents)

You have the right to:

  • Know what personal information is collected and how it's used
  • Delete your personal information
  • Opt out of the sale of personal information (we do not sell data)
  • Non-discrimination for exercising your rights

To exercise any of these rights, email support@lumengeo.co with the subject “Privacy Rights Request”. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • AES-256 encryption for data at rest (Supabase)
  • Row-level security policies restricting data access by user
  • Service role keys stored as environment variables, never in source code
  • Regular dependency audits

No system is 100% secure. In the event of a breach affecting your data, we will notify you as required by applicable law.

10. Children's Privacy

LumenGEO is not directed at children under 16. We do not knowingly collect personal information from children. If we discover we have done so, we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or prominent notice on the site. Continued use after the effective date constitutes acceptance.

12. Contact

For privacy questions, requests, or complaints:

LumenGEO
support@lumengeo.co