LEGAL

Privacy Policy

Last updated: March 11, 2026

AI Visibility Tracker ("we", "our", "the Service") is operated by GM Labs. This Privacy Policy explains how we collect, use, and protect your information when you use our AI visibility monitoring platform.

1. Information We Collect

Account Information

When you create an account, we collect:

Email address
Name (optional)
Company/organization name
Password (stored as a salted hash, never in plain text)

Project Configuration Data

Brand names and website domains you choose to track
Competitor brand names and domains
AI prompts/queries you define for monitoring
Topic categories and tags

AI Response Data

We collect responses from public AI platforms (ChatGPT, Claude, Gemini, Perplexity) based on the prompts you configure. This data includes:

AI-generated response text
Brand mentions detected within responses
Source URLs cited by AI platforms
Sentiment analysis scores

Third-Party Integration Data

If you choose to connect optional integrations, we access:

Integration	Data Accessed	Scope
Google Search Console	Search queries, clicks, impressions, average position for your verified sites	`webmasters.readonly` (read-only)
Google Analytics 4	Traffic sessions, revenue, and referral data attributed to AI platforms	`analytics.readonly` (read-only)

        Read-Only Access: We only request read-only permissions for Google integrations. We cannot modify your Search Console or Analytics data. You can disconnect integrations at any time from Settings.
    

2. How We Use Your Information

Provide the Service: Monitor AI platform responses, detect brand mentions, analyze source citations, and generate visibility reports.
Generate Insights: Calculate visibility scores, sentiment trends, competitive positioning, and source gap analysis.
Prompt Suggestions: When Search Console is connected, we use your top-performing keywords to suggest relevant AI monitoring prompts.
Email Reports: Send periodic visibility reports to your configured email addresses (if enabled).
Improve the Service: Analyze aggregate, anonymized usage patterns to improve platform features.

3. Google API Services - Limited Use Disclosure

AI Visibility Tracker's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only access Google user data that is necessary to provide the features you explicitly enable (Search Console keywords, Analytics traffic data).
We do not use Google user data for advertising purposes.
We do not sell Google user data to third parties.
We do not use Google user data for purposes unrelated to the Service.
Human access to Google user data is limited to what is necessary for debugging, security, or legal compliance.

4. Data Storage & Security

Infrastructure: All data is stored on Google Cloud Platform (BigQuery, Cloud Run) within the us-central1 region.
Encryption: Data is encrypted at rest (Google-managed encryption) and in transit (TLS 1.2+).
Authentication: User sessions are managed via JWT tokens with secure, HTTP-only cookies.
OAuth Tokens: Google OAuth refresh tokens are stored encrypted in BigQuery and are never exposed to the client.
Access Control: Multi-tenant architecture ensures each account's data is isolated by tenant ID in all queries.

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

Service Providers: Google Cloud Platform (infrastructure), AI platform APIs (to collect responses on your behalf).
Legal Requirements: If required by law, court order, or government regulation.
Agency Access: If your account is linked to an agency parent account, the agency administrator may view aggregate performance data for your property.

6. Data Retention

AI Response Data: Retained for the duration of your active subscription.
Account Data: Retained until you delete your account.
OAuth Tokens: Retained until you disconnect the integration or delete your account.
Audit Logs: Retained for 12 months for security and compliance purposes.

Upon account deletion, all associated data is permanently removed within 30 days.

7. Your Rights

You have the right to:

Access your data through the dashboard and export features.
Correct your account information via Settings.
Delete your account and all associated data by contacting support.
Disconnect Google integrations at any time from Settings, which immediately revokes our access.
Export your data using the CSV/JSON export buttons available on each dashboard page.
Revoke Google permissions directly from your Google Account permissions page.

8. Cookies

We use essential cookies only:

Cookie	Purpose	Duration
`auth_token`	User authentication (JWT)	Session / 7 days
`darkMode`	Theme preference	Persistent (localStorage)

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: privacy@gmlabs.dev
Website: https://ai.gmlabs.dev