Legal

Privacy Policy

Effective Prime Sentia INCGDPR · CCPA · LSSICE
§01

Data Controller

Prime Sentia INC (“Prime Sentia”, “we”, “us”) is the data controller for personal data collected through geo.primesentia.ai and geo-auditor.primesentia.ai.

Contact for data protection matters: dpo@primesentia.ai

§02

Data We Collect

We collect the following categories of personal data:

CategoryDataLegal Basis
Account dataName, work email, hashed passwordContract · Art. 6(1)(b)
Organization dataCompany name, domain(s) auditedContract · Art. 6(1)(b)
Usage dataAudit runs, sessions, feature interactionsLegitimate interest · Art. 6(1)(f)
Technical dataIP address, browser, device typeLegitimate interest · Art. 6(1)(f)
Audit contentCrawled pages of submitted domainsContract · Art. 6(1)(b)
CommunicationsEmails and support messagesLegitimate interest · Art. 6(1)(f)

We do not collect special categories of data (Art. 9 GDPR) or data relating to criminal convictions. We do not knowingly collect data from individuals under 18.

§03

How We Use Your Data

  • Providing, operating, and improving the GEO platform;
  • Processing audit runs and generating AI-assisted reports;
  • Managing your account, billing, and authentication;
  • Sending transactional communications (account events, audit completions);
  • Sending product updates and feature announcements (you may opt out at any time);
  • Detecting and preventing fraud, abuse, or security incidents;
  • Complying with legal obligations.

We do not sell, rent, or trade your personal data with third parties for their own marketing purposes.

§04

AI Processing and Sub-processors

To generate GEO analysis, your submitted domain data is sent as queries to the following AI service providers. Each acts as a sub-processor under a DPA with Prime Sentia:

ProviderLocationDPA / Policy
OpenAIUnited Statesopenai.com/policies/data-processing-addendum
AnthropicUnited Statestrust.anthropic.com
Google GeminiEU / USAcloud.google.com/terms/data-processing-addendum
Perplexity AIUnited Statesperplexity.ai/hub/legal/privacy-policy

International transfers to the United States are carried out on the basis of Standard Contractual Clauses (SCCs) as approved by the European Commission (Art. 46(2)(c) GDPR), or under an applicable adequacy decision.

AI providers do not use your data to train their general-purpose models under the API agreements Prime Sentia has in place.

§05

Infrastructure Sub-processors

In addition to AI providers, we use:

PostgreSQLPrimary database — EU location, Prime Sentia-managed server
QdrantVector database for page embeddings — EU location
CoolifyContainer orchestration on Prime Sentia infrastructure
§06

Data Retention

We retain your personal data for the following periods:

Account dataSubscription + 12 months
Audit reports & runs24 months
Usage logs12 months
Billing records7 years (legal obligation)

After the applicable retention period, data is deleted or irreversibly anonymized. You may request earlier deletion (see §8 — Your Rights).

§07

Security

Prime Sentia implements technical and organizational security measures in accordance with GDPR Article 32:

Encryption in transit (TLS 1.2+) and at rest
Access controls and role-based permissions
Regular security reviews
Incident response procedures

In the event of a personal data breach posing a risk to your rights, we will notify the competent supervisory authority within 72 hours (GDPR Art. 33) and inform affected users without undue delay (GDPR Art. 34) where required.

§08

Your Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under GDPR:

Art. 15AccessRequest a copy of your personal data
Art. 16RectificationCorrect inaccurate data
Art. 17ErasureRequest deletion (right to be forgotten)
Art. 18RestrictionLimit processing in certain circumstances
Art. 20PortabilityReceive your data in a machine-readable format
Art. 21ObjectionObject to processing based on legitimate interest
WithdrawWhere processing is based on consent, withdraw it at any time

To exercise any of these rights, contact dpo@primesentia.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) or the supervisory authority in your country of residence.

§09

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information is collected about you;
  • Delete personal information we hold about you;
  • Opt out of the sale or sharing of personal information (we do not sell or share personal information);
  • Non-discrimination for exercising your rights.

To submit a verifiable consumer request, contact privacy@primesentia.ai.

§10

Cookies

We use a minimal set of cookies strictly necessary for platform operation:

geo_sessionAuthentication session — 7-day TTL, HttpOnly, Secure
__Host- prefixedCSRF protection

We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies (e.g., Google Analytics). If we add analytics in the future, this policy will be updated and user consent will be sought.

§11

Prime Sentia as Data Processor

When you submit a domain for auditing, Prime Sentia processes the content of that website on your behalf. In this context, Prime Sentia acts as a data processor and you (the customer) are the data controller for any personal data contained in that website content.

You warrant that you have the legal authority to submit the domain for processing. A Data Processing Agreement (DPA) is available on request at dpo@primesentia.ai.

§12

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email and/or a notice on the platform at least 30 days before taking effect. The effective date at the top of this page indicates when the policy was last updated.

Contact

Privacy & DPA requestsdpo@primesentia.ai
General legal mattersprivacy@primesentia.ai

Last updated: April 26, 2026. This Privacy Policy is designed to be compliant with GDPR (Regulation (EU) 2016/679), Spain's LSSICE (Ley 34/2002), and applicable US privacy law including CCPA/CPRA. Prime Sentia recommends independent legal review for specific compliance needs.