1. Introduction
Prominara is a Generative Engine Optimization (GEO) platform that helps businesses monitor and improve their visibility across AI search engines such as ChatGPT, Perplexity, and Google AI Overviews. This Privacy Policy explains how Prominara (“we”, “our”, or “us”) collects, uses, stores, and protects your information when you use our website and services.
This policy applies to all users of prominara.com and our associated services, including our API and client portal. By using our services, you agree to the practices described in this Privacy Policy and our Terms of Service.
2. Definitions
For the purposes of this Privacy Policy:
- Personal Data refers to any information that identifies or can be used to identify an individual, including name, email address, IP address, and device identifiers.
- Data Controller means the entity that determines the purposes and means of processing Personal Data. Prominara acts as the Data Controller for data collected through our platform.
- Data Processor refers to a third party that processes Personal Data on behalf of the Data Controller. Our service providers (such as Supabase, Lemon Squeezy, and PostHog) act as Data Processors.
- Aggregated Data means data that has been combined and anonymized so that it can no longer identify any individual user.
3. Information We Collect
Information You Provide Directly
- Account Information: Name, email address, and password when you create an account via email or OAuth providers (Google, GitHub).
- Payment Information: Billing address and payment method details processed securely by Lemon Squeezy, our payment processor. We do not store credit card numbers on our servers.
- URLs and Content: Website URLs you submit for AI visibility scanning, along with associated page content analyzed during scans.
- Organization Data: Company name, team member emails, and client information for agency accounts.
- Communications: Messages, feedback, and support requests you send to our team.
Information Collected Automatically
- Usage Data: Pages visited, features used, scans initiated, and actions taken within the platform, collected via PostHog analytics.
- Device Information: Browser type and version, operating system, screen resolution, and device identifiers.
- Log Data: IP address, access timestamps, referring URLs, and HTTP request metadata.
- Performance Data: Page load times, API response times, and error reports collected via Sentry for service reliability.
4. How We Use Your Information
We process your information for the following purposes:
- Providing, maintaining, and improving our AI visibility scanning and optimization services
- Processing subscription payments and managing billing through Lemon Squeezy
- Sending transactional emails including scan results, alerts, and account notifications
- Responding to support requests and providing technical assistance
- Monitoring platform performance and diagnosing technical issues via Sentry
- Analyzing usage patterns to improve features and user experience via PostHog
- Detecting, investigating, and preventing fraudulent or unauthorized activity
- Generating aggregated industry benchmarks and AI visibility trends
Legal Basis for Processing (GDPR)
Under the EU General Data Protection Regulation (GDPR), we process your data based on the following legal grounds:
- Contract Performance: Processing necessary to provide you with our services (scanning, reports, recommendations)
- Legitimate Interest: Analytics, security monitoring, and service improvements
- Consent: Marketing communications and optional cookies
- Legal Obligation: Tax records, fraud prevention, and regulatory compliance
5. Data Sharing and Third-Party Services
We do not sell, trade, or rent your personal information to third parties. We share data only with the following categories of service providers who help us operate the platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting | Account data, scan results |
| Lemon Squeezy | Payment processing | Billing details, subscription status |
| PostHog | Product analytics | Usage events, anonymized interactions |
| Sentry | Error monitoring | Error logs, performance data |
| OpenAI, Google, Perplexity | AI content analysis | Submitted URLs and page content |
| Cloudflare | CDN, storage (R2) | Reports, static assets |
| Resend | Transactional email | Email address, notification content |
We may also disclose information when required by law, to protect our rights and safety, or in connection with a merger, acquisition, or sale of assets.
6. Data Security
We implement industry-standard technical and organizational measures to protect your data:
- Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
- Encryption at Rest: Database storage is encrypted using AES-256 via Supabase's managed infrastructure
- Access Controls: Role-based access controls and authentication mechanisms for internal systems
- Infrastructure: Hosted on Vercel and Supabase, infrastructure providers that maintain their own security certifications
- Monitoring: Security monitoring and anomaly detection
- Rate Limiting: API rate limiting via Upstash Redis to prevent abuse and brute-force attacks
7. Data Retention
We retain your data for the minimum period necessary to fulfill the purposes outlined in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion |
| Scan results and history | Duration of account + 30 days after deletion |
| Payment records | 7 years (tax and legal requirements) |
| Server logs | 90 days |
| Analytics data (PostHog) | 24 months |
| Aggregated benchmarks | Indefinite (fully anonymized) |
8. Your Rights
Depending on your location, applicable data protection laws such as the GDPR (European Union), CCPA/CPRA (California), and other regional regulations grant you the following rights:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
To exercise any of these rights, contact us at contact@prominara.com. We respond to data rights requests within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under CCPA).
California Residents (CCPA/CPRA)
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights including the right to know what personal information is collected, the right to delete, the right to opt out of sale (we do not sell personal data), and the right to non-discrimination for exercising privacy rights.
9. Cookies and Tracking
We use cookies and similar technologies for essential platform functionality and analytics:
- Essential Cookies: Authentication session tokens and security cookies required for the platform to function
- Analytics Cookies: PostHog and Google Analytics 4 (GA4) cookies for understanding usage patterns and improving the product
- Preference Cookies: Theme preferences and UI settings stored locally
You can control non-essential cookies through your browser settings. Disabling analytics cookies does not affect platform functionality.
10. International Data Transfers
Our services are hosted primarily in the United States via Vercel and Supabase. If you access our services from outside the United States, your data may be transferred to and processed in the US. We rely on our service providers' data processing agreements, which include appropriate safeguards for international transfers as required by applicable law.
11. Children's Privacy
Prominara services are designed for business professionals and are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 16, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or a prominent notice on our website at least 30 days before taking effect. Continued use of our services after changes constitutes acceptance of the updated policy.
Frequently Asked Questions
Does Prominara sell personal data to third parties?
No. Prominara does not sell, trade, or rent personal data to third parties. We only share data with service providers who help us operate the platform, and only as described in this policy.
How long does Prominara retain my data?
Account data is retained while your account is active. After account deletion, personal data is removed within 30 days. Anonymized analytics data and aggregated benchmarks may be retained indefinitely as they cannot identify individuals. See Section 7 for the full retention schedule.
Is Prominara GDPR compliant?
Yes. Prominara complies with the EU General Data Protection Regulation (GDPR). We provide data access, portability, rectification, and erasure rights to all users, regardless of location.
What happens to my data if I delete my account?
When you delete your account, all personal data including your name, email, scan history, and saved sites is permanently deleted within 30 days. Payment records are retained for 7 years as required by tax law.
Does Prominara use AI to process my data?
Yes. Prominara uses AI APIs from providers like OpenAI and Google to analyze website content and generate optimization recommendations. The URLs and page content you submit are processed by these AI services via their APIs. Our AI providers' API terms generally prohibit using API data for model training, but we recommend reviewing their current policies for details.
13. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, contact us:
- Email: contact@prominara.com
- Address: Buenos Aires, Argentina
See also our Terms of Service and Documentation for more details about how our platform works.