Privacy Policy
Last updated: 8 July 2026 · Data controller: North Digital ("we", "us").
1. What we collect
| Data | Why |
|---|---|
| Email address | Account, login, transactional email |
| Password (hashed with scrypt - never stored in plain text) | Authentication |
| Content you generate (niches, clusters) | To provide and save your work |
| Usage records (generations per month) | Plan limits & billing |
| Billing identifiers (Stripe customer/subscription IDs) | Subscriptions (card data is held by Stripe, not us) |
| Optional: your own AI provider key (encrypted at rest with AES-256-GCM) | BYOK generation, if you choose it |
2. How we use it
To operate your account, provide the service, enforce plan limits, process payments, send essential transactional emails (verification, password reset, receipts), secure the service, and comply with law. We do not sell your personal data.
3. Lawful basis (UK GDPR)
Performance of our contract with you (providing the service), our legitimate interests (security, service improvement), legal obligation (tax/records), and consent where required (e.g. optional emails).
4. Processors we share data with
- Vercel - application hosting
- Neon - database hosting (your account & content)
- Stripe - payment processing (card data handled directly by Stripe)
- Anthropic - AI generation (your niche/topic inputs are sent to generate content; not used to train, per provider terms)
- Resend - transactional email delivery
Some processors may store data outside the UK/EEA under appropriate safeguards (e.g. Standard Contractual Clauses).
5. Retention
We keep your account data while your account is active. When you delete your account, your account, content, sessions, and usage records are permanently deleted from our database (subject to short-lived backups and any records we must keep for legal/tax reasons).
6. Your rights
Under UK GDPR you can access, correct, export, or delete your data, and object to or restrict certain processing. We provide self-service data export and account deletion in your account settings. To exercise other rights, contact us. You may also complain to the ICO (ico.org.uk).
7. Cookies and analytics
We use one essential, HttpOnly session cookie to keep you logged in. On our own marketing, documentation and application pages we also use Google Analytics (GA4) to understand how the site is used; it sets first-party analytics cookies (for example _ga) and sends usage data to Google. We do not run analytics on the white-label reports you share with your clients, and we do not use cookies for advertising. You can block or delete these cookies in your browser, or install Google's opt-out add-on.
8. Security
Passwords are hashed (scrypt), sessions are signed (HMAC), optional API keys are encrypted at rest (AES-256-GCM), and traffic is served over HTTPS. No system is perfectly secure, but we take reasonable measures to protect your data.
9. Contact
Privacy questions or requests: hello@geo-mode.com.