Privacy Policy

Effective Date: Mar 24, 2026

This Privacy Policy describes how SpyderBot Inc., a Delaware corporation ("SpyderBot", "we", "us", or "our"), collects, uses, discloses, and protects personal data when you access or use our website, platform, APIs, and services (collectively, the "Services").

SpyderBot is an analytics platform that helps organizations understand how large language models (LLMs) reference brands and websites, and how AI-driven visibility impacts user behavior and conversions.

1. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website
  • Users of our Services
  • Customers and prospective customers

This Policy does not apply to third-party platforms (e.g., Google, OpenAI), which are governed by their own privacy policies.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Account and Contact Information

  • Name
  • Email address
  • Company name
  • Account credentials

2.2 Billing and Payment Data

Billing details and subscription information. Payment processing is handled by third-party providers (e.g., Stripe). We do not store full payment card details.

2.3 Authentication Data

If you sign in using third-party providers (e.g., Google OAuth), we may receive:

  • Name
  • Email address
  • Account identifier

2.4 Usage and Technical Data

  • IP address
  • Device and browser type
  • Log data (e.g., queries, dashboards accessed, features used)

2.5 Analytics and GEO Data

We process data related to:

  • LLM outputs (e.g., brand mentions, citations, sentiment signals)
  • Website tracking signals (e.g., crawler activity, referral patterns)

Important: SpyderBot analyzes outputs generated by third-party AI systems. We do not control, verify, or guarantee the accuracy of such outputs.

2.6 Customer-Provided Analytics Data (Optional Integrations)

SpyderBot may process analytics and behavioral data that customers choose to integrate or provide, including data from tools such as:

  • Google Analytics (GA4)
  • Google Tag Manager (GTM)
  • Other analytics platforms

This data may be used to:

  • Improve LLM tracking accuracy
  • Enhance attribution modeling
  • Analyze conversion behavior across AI and web channels

SpyderBot does not access or collect data from such systems without explicit user authorization. All integrations are optional and fully controlled by the user.

2.7 Communications Data

  • Support requests
  • Emails and feedback
  • Customer success interactions

2.8 Cookies and Tracking Technologies

We use cookies and similar technologies for authentication, performance, and analytics.

Google API Services User Data Policy

This section describes how SpyderBot accesses, uses, stores, and shares Google user data in compliance with the Google API Services User Data Policy and Google APIs Terms of Service.

Data Accessed

SpyderBot uses Google OAuth to allow users to sign in with their Google Account and export GEO Reports. When you authenticate via Google, we access:

  • Basic Profile Information: Name, email address, and profile picture (when using Google Sign-In).
  • Google Account ID: The unique identifier for your Google Account.

We only request the minimum scopes necessary for authentication and account creation.

Data Usage

Google user data is used exclusively for:

  • Creating and managing your SpyderBot account
  • Authenticating your login sessions
  • Enabling GEO Report export functionality
  • Sending service-related notifications to your registered email

We do NOT use Google user data for:

  • Advertising or marketing purposes
  • Sharing with third parties (except as required by law)
  • AI training or analytics beyond what is disclosed in this policy

Data Retention & Deletion

We retain Google user data only as long as your SpyderBot account is active. Inactive accounts may be deleted after 12 months of inactivity.

To request deletion of your Google user data:

  • Email [email protected] with subject "Delete Google Account Data"
  • Log into your account and use the "Delete Account" feature in Settings
  • We will process deletion requests within 30 days

Compliance Statement

SpyderBot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contractual necessity → to provide the Services
  • Legitimate interests → analytics, security, product improvement
  • Consent → cookies and marketing communications (where required)
  • Legal obligations → compliance with applicable laws

4. How We Use Personal Data

We use personal data to:

  • Provide and operate the Services
  • Deliver GEO analytics and LLM insights
  • Improve platform functionality and performance
  • Analyze user behavior and conversion patterns
  • Detect and prevent fraud or abuse
  • Communicate with users (support, updates, notifications)
  • Comply with legal obligations

We do not sell personal data.

5. Sharing and Disclosure of Data

5.1 Service Providers (Subprocessors)

We use trusted third-party providers for cloud infrastructure, payment processing, and analytics and monitoring. All subprocessors are bound by contractual data protection obligations.

5.2 Legal and Compliance

We may disclose data to comply with legal obligations, enforce our Terms, or protect rights, property, or safety.

5.3 Business Transfers

In connection with mergers, acquisitions, or asset sales.

5.4 Aggregated or De-Identified Data

We may use and share anonymized data that does not identify individuals.

6. International Data Transfers

SpyderBot operates globally. Personal data may be transferred to and processed in the United States and other jurisdictions.

Where required, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Other lawful transfer mechanisms

7. Data Retention

We retain personal data only as long as necessary:

  • Account data → for the duration of the account
  • Usage logs → typically 30–90 days
  • Billing data → as required by law

We may retain anonymized data for analytics and research purposes.

8. Data Security

We implement industry-standard safeguards, including:

  • Encryption in transit (TLS) and at rest (AES-256)
  • Access controls (RBAC, MFA)
  • Monitoring and logging

No system is completely secure, but we take reasonable measures to protect data.

9. Your Privacy Rights

Depending on your location, you may have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent

To exercise your rights, contact: [email protected]

10. U.S. Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal data we collect and how it is used
  • Request deletion of your data
  • Correct inaccurate data
  • Opt out of the sale or sharing of personal data

SpyderBot does not sell personal data. Requests can be submitted via: [email protected]

11. Cookies

We use cookies to support functionality and analytics.

You can:

12. Children's Privacy

The Services are not intended for individuals under 18. We do not knowingly collect personal data from children.

13. Third-Party Services

Our Services may interact with third-party platforms, including LLM providers and analytics tools. We are not responsible for the privacy practices of these third parties.

14. Data Processing Addendum (DPA)

For enterprise customers, data processing is governed by our Data Processing Addendum (DPA), which forms part of our contractual commitments.

15. Changes to This Policy

We may update this Privacy Policy from time to time.

  • Updates will be posted with a revised effective date
  • Continued use of the Services constitutes acceptance

16. Contact Us

SpyderBot Inc.

A Delaware Corporation

Email: [email protected]