Privacy Policy

Effective date: May 27, 2026 Version: 1.7 (English)

This English version is provided for convenience. Users located in the Russian Federation are additionally governed by the Russian-language Privacy Policy at /privacy, which reflects the requirements of Federal Law No. 152-FZ. In case of discrepancy, the Russian version prevails for users in the Russian Federation.


1. Who we are

The data controller is Individual Entrepreneur Vladislav Puchkov (OGRNIP 325527500077954, INN 525714183108), operator of the GEO Scout Service (the "we", "us", "Operator").

Contact: support@geoscout.pro

2. Scope

This Privacy Policy describes how we collect, use, share, and protect personal data of visitors, registered Users, and paying customers of GEO Scout. It applies to our website, dashboard, APIs, and related services.

3. Data we collect

3.1 Account data

Email address, hashed password, authentication tokens, profile preferences, language, locale, timezone.

3.2 Billing data

Subscription plan, billing period, invoice history, receipt identifiers, payment status. Card details are processed directly by the payment provider (YooKassa or, for international users, another processor we may integrate) and are never stored on our servers.

3.3 Service data

Brand URLs, competitor URLs, prompts, keyword clusters, content plans, notification settings, reports — any data you submit in order to use the Service.

3.4 Usage data

Device type, browser, IP address, country, pages viewed, actions performed, feature usage, performance metrics, and error logs. Collected for security, analytics, and product improvement.

3.5 Support data

Contents of your support requests and communications with us.

3.6 Cookies

See our Cookie Policy.

4. Legal bases (for EEA/UK users)

We rely on the following legal bases under GDPR:

  • Contract — to provide the Service you requested;
  • Legitimate interests — to secure the Service, prevent fraud, analyse usage, and improve features;
  • Consent — for marketing communications and non-essential cookies;
  • Legal obligation — to comply with accounting, tax, and law enforcement requirements.

5. How we use your data

  • Operate and maintain the Service;
  • Authenticate you and secure your Account;
  • Process payments and issue receipts;
  • Provide customer support;
  • Send transactional emails (e.g. receipts, security alerts, service notices);
  • Send product updates and marketing if you opted in;
  • Analyse usage in aggregate to improve the product;
  • Detect and prevent abuse, fraud, and violations of these Terms;
  • Comply with legal obligations.

6. Third-party processors

We share data only with trusted processors acting on our instructions. We distinguish two categories:

Processors of personal data (account, billing, communications):

  • Supabase (self-hosted in Russia) — primary database and authentication;
  • YooKassa — payment processing (Russia);
  • Individual Entrepreneur Tatiana Puchkova — seller of record under the Public Offer: payment acceptance, fiscal receipts, accounting and tax compliance (Russia; OGRNIP 326527500088856, INN 525811093996); receives only the customer email (for fiscal receipts), payment amount and description, and payment status, via the YooKassa payment infrastructure;
  • Transactional email provider — registration and service emails (specific provider available on request);
  • Sentry — application error monitoring (US/EU);
  • Umami Analytics — privacy-friendly, first-party usage analytics (self-hosted by the Operator in Russia; the public cloud.umami.is service is not used);
  • Telegram — optional bot notifications, Chat ID only (UAE/Germany).

Processors of business data (NOT personal data) — receive only search prompts and public URLs:

  • OpenAI (ChatGPT — responses collected by scraping the public web product, not via the API) — US;
  • Anthropic (Claude) — US;
  • Google (Gemini via AI Studio; Google AI Mode and Google AI Overview via ScrapingDog) — US;
  • xAI (Grok via OpenRouter) — US;
  • Perplexity AI (responses collected by scraping the public web product) — US;
  • Microsoft (Copilot — responses collected by scraping the public web product) — US;
  • DeepSeek — China;
  • Yandex — Russian Search with Alice and Alice AI (Russia);
  • Sber (GigaChat) — Russia;
  • Firecrawl — web scraping for brand websites (US);
  • Jina AI — web content extraction (Jina Reader) used as an alternative to Firecrawl (US);
  • Google PageSpeed Insights — performance metrics (US);
  • Yandex Webmaster API — site quality metrics (Russia, optional integration).

A full list of sub-processors and their current locations is available on request via support@geoscout.pro.

6.1 Programmatic access (MCP, OAuth 2.0, Personal Access Tokens)

The Service exposes a Model Context Protocol (MCP) server, a public API (/api/v1/*), and an OAuth 2.0 endpoint with Dynamic Client Registration so you can connect external AI clients (Claude Desktop, Claude Code, Cursor, ChatGPT, etc.) to your data.

  • Personal Access Tokens (PAT): you issue tokens yourself in Settings → API tokens and choose their scope (mcp:read, mcp:write:campaigns, mcp:write:prompts, mcp:write:clusters, mcp:write:monitoring).
  • OAuth 2.0 with DCR: an external client registers via /api/oauth/register; you then explicitly authorise that client and the scopes it requests.
  • Data exposed: brand monitoring metrics, AI provider responses, content plans, cited sources, competitors, prompts — limited by the granted scope.

You are responsible for the safe storage of issued tokens and for any actions performed by AI clients authorised on your behalf. Tokens and OAuth grants can be revoked at any time in your account or via /api/oauth/revoke. Passwords, payment card details, and other users' email addresses are never exposed through MCP/OAuth.

7. International transfers

Personal data of Russian residents (account credentials, profile, billing identifiers) is stored on infrastructure located in the Russian Federation, in line with Article 18 of Federal Law No. 152-FZ. Business data sent to AI providers (search prompts, public URLs) may be processed in the United States, the European Union, China, the United Arab Emirates, or other jurisdictions where the relevant processor operates. For users outside Russia, the same flows apply: account data is stored on our Russian infrastructure and processing of business data abroad is performed under the providers' standard terms; where required by your local law, transfers rely on Standard Contractual Clauses or equivalent safeguards. By using the Service from outside Russia you acknowledge and consent to this transfer.

8. Data retention

  • Account data — while your Account is active. Upon confirmed deletion (via your Account settings or a written request to support@geoscout.pro) personal data is removed immediately; the account cannot be restored;
  • Billing data — retained as required by accounting and tax law (typically 5 years);
  • Usage logs — up to 12 months;
  • Support correspondence — up to 3 years.

After the retention period ends, data is deleted or anonymised.

9. Your rights

You may, subject to applicable law:

  • Access the personal data we hold about you;
  • Correct inaccurate data;
  • Request deletion ("right to be forgotten") subject to legal retention;
  • Restrict or object to processing;
  • Export your data in a portable format;
  • Withdraw consent for marketing and optional cookies;
  • Lodge a complaint with your local data protection authority.

Exercise requests: support@geoscout.pro. We will respond within 30 days.

10. Security

We apply industry-standard measures including encryption in transit (TLS), encryption at rest where supported by the underlying service, Row Level Security (RLS) at the database layer, hashed passwords, access controls, and continuous monitoring. No system is perfectly secure; please use strong passwords and keep your credentials safe.

11. Children

The Service is not directed to individuals under 18. We do not knowingly collect data from children.

12. Automated decision-making

We do not make decisions with legal or similarly significant effects based solely on automated processing.

13. Changes

We may update this Policy. Material changes will be announced in-app or by email at least 14 days before they take effect.

14. Contact

Privacy questions and requests: support@geoscout.pro.