Legal

Privacy Policy

How SmartGEO collects, uses, protects, and deletes personal data and customer SEO data.

Last updated: June 4, 2026

This policy explains how SmartGEO handles account, website, Search Console, CMS, support, and operational data.

1. Who we are

SmartGEO, also operated as geo4seo, is provided by Galylio. The service helps customers audit websites, prioritize SEO and GEO recommendations, connect Google Search Console, connect supported CMS platforms, review proposed changes, and publish only approved changes through controlled workflows.

For privacy, security, support, and data requests, contact us at smartgeo@galylio.com.

2. Scope of this policy

This policy covers personal data and customer data processed through geo4seo.com, api.geo4seo.com, SmartGEO dashboards, onboarding forms, contact forms, email flows, Google Search Console integrations, CMS integrations, crawler jobs, support interactions, and security monitoring.

When a customer connects a website, Search Console property, or CMS, the customer is responsible for having the rights and permissions needed to process that site and its data through SmartGEO.

3. Data we process

SmartGEO is designed for B2B website optimization. The data we process depends on how the customer uses the service.

  • Account data: name, email address, login provider, password hash where password login is used, verification and reset status, and account preferences.
  • Project data: website URL, project name, crawl settings, audit configuration, integrations, selected Search Console property, CMS connection state, and publish configuration.
  • Website data: public page URLs, page HTML snapshots, metadata, headings, structured data, internal links, indexability signals, page type, audit findings, and recommendation inputs.
  • Search performance data: Google Search Console impressions, clicks, CTR, query and page performance, date ranges, sync state, and matching diagnostics.
  • CMS data: CMS base URL, resource IDs, page mappings, preview data, capabilities, publication status, rollback references, and encrypted credentials or tokens required for the integration.
  • Operational data: IP address, browser and device metadata, API logs, worker/job status, health checks, security logs, Sentry events, and rate-limit signals.
  • Communication data: contact sales requests, demo requests, support messages, email delivery metadata, and replies you send to us.

4. Why we process data

We process data only for defined product, security, support, and legal purposes.

  • Provide, secure, and operate SmartGEO accounts and dashboards.
  • Run crawls, audits, recommendation scoring, quality gates, and controlled publishing workflows.
  • Sync Google Search Console data and show performance, visibility, and prioritization metrics.
  • Connect CMS platforms, validate mappings, prepare previews, publish approved changes, and support rollback.
  • Send verification codes, password reset messages, service notifications, demo replies, and support responses.
  • Monitor uptime, investigate errors, prevent abuse, enforce rate limits, and protect the service.
  • Maintain internal records needed for security, compliance, accounting, and dispute handling.

6. Customer-controlled website data

For most website, Search Console, CMS, and recommendation data, SmartGEO acts as a service provider or processor acting on the customer's instructions. The customer remains responsible for the websites, properties, and CMS resources they connect.

For account administration, service security, billing, product analytics, and legal compliance, Galylio may act as an independent controller of the relevant personal data.

7. Sub-processors and third-party services

We use trusted third-party services to host, secure, monitor, and operate SmartGEO. These providers process data only as needed for their service function.

  • Infrastructure and hosting providers, including VPS, database, cache, and storage providers.
  • Google APIs, when a customer connects Google Search Console.
  • CMS platforms and plugins, when a customer connects a CMS or SmartGEO companion plugin.
  • AI and language-processing providers used to evaluate, score, or draft recommendations behind SmartGEO quality gates.
  • Monitoring and error-tracking providers such as Sentry.
  • SMTP and email delivery providers used for transactional and support email.
  • Open-source libraries and security tooling used to operate the service.

8. International transfers

SmartGEO may process data in countries other than your country of residence, depending on the providers used for hosting, databases, email, monitoring, AI processing, and integrations.

Where required, we aim to use appropriate transfer safeguards such as contractual protections, approved transfer mechanisms, and vendor security commitments.

9. Retention

We keep data only as long as needed for the purposes described in this policy, unless a longer period is required for legal, security, billing, or dispute reasons.

  • Account and project data are retained while the account or project remains active.
  • Crawl, audit, recommendation, and history data may be retained to provide comparisons, traceability, rollback, and product history.
  • Connection credentials are encrypted and retained only while the relevant integration remains connected.
  • Operational logs and security events are retained for a limited period appropriate for debugging, abuse prevention, and incident response.
  • Deleted projects and accounts are removed or anonymized within a reasonable period, subject to backups and legal retention needs.

10. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also withdraw consent where processing is based on consent.

To exercise rights, contact smartgeo@galylio.com. We may need to verify your identity and authority before fulfilling a request.

11. Security

We use technical and organizational measures designed to protect data, including encrypted credentials, least-privilege integration flows, controlled publishing, rate limits, monitoring, secrets management, and production health checks.

No internet service can be guaranteed fully secure. If you suspect a vulnerability, use the process described in our Security page.

12. Automation and human approval

SmartGEO uses deterministic rules, scoring, crawlers, NLP, and controlled AI-assisted analysis to prioritize recommendations. The service does not guarantee rankings, traffic growth, or citations in generative engines.

Publishing workflows are designed around preview, approval, CMS mapping, safety checks, and rollback. Customers remain responsible for reviewing and approving changes before they are published.

13. Changes to this policy

We may update this policy as the service, vendors, laws, or product flows evolve. Material changes will be reflected by updating the date above and, where appropriate, notifying affected users.