Geogiraph
Secure Truth

Privacy Policy

Last updated: 22 June 2026

1. Data Controller

Geogiraph AB is the data controller for personal data collected through our AI Trust Audit service. For any privacy-related inquiries, contact us at info@geogiraph.com.

2. What We Collect

We collect only the business data necessary to generate your complimentary AI trust analysis:

  • Corporate domain name
  • Company / organization name
  • Validated corporate email address
  • IP address (for rate-limiting and security)
  • Marketing consent preference

3. How We Use Your Data

Your data is used for:

  • Generating and delivering your AI Trust Audit report
  • Sending the verification code required to access your results
  • Internal commercial follow-up by our team based on the audit findings (legitimate interest under Art. 6(1)(f) GDPR — you may object at any time)
  • Occasional insights and updates (only with your explicit consent)
  • Internal quality assurance and service improvement

4. Legal Basis & Retention

We process your data on the basis of contractual necessity and legitimate interest in securing your corporate AI profile. Audit data is retained for 12 months, after which it is automatically anonymized or deleted. You may request deletion at any time.

5. Subprocessors & Data Flow

To deliver the audit we rely on the subprocessors listed below. Each is bound by a Data Processing Agreement (DPA) and, where data leaves the EU/EEA, by Standard Contractual Clauses (SCC) approved by the European Commission.

Lovable Cloud (Supabase)

Database & application hosting · EU

Stores email, domain, company name, IP, verification code, scores and the generated report.

Brevo

Transactional email delivery · EU (France)

Receives your email address, company name, domain and score summaries in order to deliver the verification code and the finished report.

OpenAI

AI analysis · USA (SCC)

Receives only the public company name and domain. Your email address, IP and any other personal identifier are never transmitted to OpenAI.

Firecrawl

Public web crawling · USA (SCC)

Receives only the public domain to retrieve publicly available web content for the analysis. No personal data is sent.

Cloudflare

Edge network & DDoS protection · Global

Processes request metadata and IP addresses in transit to protect the service.

Internal Geogiraph team

Commercial follow-up · EU

A copy of the full audit (including your contact data) is delivered to our sales inbox so we can follow up on the findings. You may opt out by emailing us.

6. Your Rights

Under GDPR, you have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to withdraw consent at any time. To exercise these rights, email us at info@geogiraph.com.

7. Security & Transfers

Data is transmitted over TLS. Database and email delivery are hosted in the EU. AI analysis and public web crawling are performed by US-based subprocessors (OpenAI, Firecrawl) under Standard Contractual Clauses, and receive only non-personal company/domain information. We do not sell, rent or share your data with third parties for marketing purposes.

← Back to Home