Privacy Policy

Effective date: July 8, 2026

BestDid Technology, LLC (“BestDid”, “we”, “us”) operates Geotally. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you have.

1. Data we collect

2. Sub-processors

We share the minimum data necessary with the following sub-processors to operate the Service. Each is bound by a written data-processing agreement. International transfers are protected by the European Commission's 2021 Standard Contractual Clauses (Module 2) and, for UK data, the UK ICO's International Data Transfer Addendum.

Infrastructure

AI engine query path

When you run a tracked prompt, we send the prompt text you authored, and only the prompt text, never your license key, email, or account identifier, to the following providers:

Copilot emulation

Microsoft does not publish a public API for Copilot. To emulate the Copilot engine we (i) retrieve Bing organic search results for your prompt via SerpAPI and (ii) synthesize a Copilot-style answer from those results using OpenAI GPT-4o. We do not transmit your prompt or any data to Microsoft. If you do not wish your prompt to be processed through this pathway, exclude Copilot from your engine selection.

Reseller and licensing

We will notify you by email at least 14 days before adding any sub-processor that materially expands the categories of data processed. You may object; if we cannot accommodate your objection, you may terminate the subscription for a pro-rated refund of unused fees.

3. How we use your data and our lawful basis

Under EU and UK data-protection law we must tell you the lawful basis for each processing purpose.

We do not sell, rent, or trade your personal data. We do not use your brand or prompt content to train AI models, and the AI providers we use (see §2) confirm in their commercial-tier terms that customer-submitted prompts are not used to train their models.

3a. AI-assisted processing disclosure

The Service uses third-party large language models to retrieve and summarise answers to the prompts you author. The Service does not make automated decisions producing legal or similarly significant effects concerning you within the meaning of GDPR Art 22. The brand- and competitor-comparison scores the Service generates are decision-support information for your marketing analysis; you remain in control of any business decision made with them.

4. Data retention

When you delete a brand or request account deletion, the data is removed immediately from our primary database. Encrypted backups roll off on a 35-day cycle; we do not selectively edit backups, so the deleted records will be fully gone from backups within 35 days.

5. Cookies

The app uses exactly one first-party cookie, bdgt_session, which is signed and HTTP-only and is used solely to keep you logged in. On the marketing site we also use consent-gated Google Analytics, set only after you accept it in our cookie banner (off by default; withdrawable any time). We do not set advertising or cross-site ad-tracking cookies. For details, see our Cookie Notice.

6. Your rights (GDPR, CCPA, UK GDPR)

Depending on where you live, you may have the right to:

How to exercise these rights. You can delete individual brands (with all their data) any time from the dashboard. For account-wide actions, full account deletion, full data export, or access requests, email privacy@geotally.ai with your license key. We acknowledge within 5 business days, complete deletion within 7 business days where technically feasible, and in any event respond fully within the 30-day window required by GDPR Art 12(3). If the request is complex we may extend that window by up to 2 additional months and will tell you why.

6a. Notice for California residents

Categories of personal information we collect: identifiers (name, email, license key), commercial information (subscription tier), internet/network activity (login timestamps, IP address held transiently for security only), inferences (brand-mention scores). Purposes: providing the Service as described in §3. We do not sell or share personal information for cross-context behavioral advertising. To exercise your CCPA/CPRA rights, including the right to know, right to delete, right to correct, and right to limit sensitive personal information, email privacy@geotally.ai.

7. Security

All traffic to the Service is encrypted in transit (TLS 1.2+). Account passwords, where set, are stored only as salted one-way hashes; we cannot read them. You can also authenticate with your license key, which is validated against a separate license server. Database backups are encrypted at rest. Access to production systems is restricted to BestDid staff via multi-factor authentication.

8. Children

The Service is intended for businesses and adults. We do not knowingly collect data from anyone under 16. If you believe a minor has provided us with data, contact us and we will delete it.

9. International transfers

Our infrastructure is hosted in the United States. When personal data leaves the European Economic Area or the United Kingdom we rely on:

A copy of the SCCs and Addendum is annexed to our Data Processing Agreement. Where the relevant sub-processor maintains valid Data Privacy Framework certification (for example, Cloudflare, Vercel, and Sentry), we additionally rely on the EU–US, UK Extension, and Swiss–US Data Privacy Framework.

10. Changes to this policy

Material changes to this Privacy Policy will be announced via email and posted here with a new effective date.

11. Contact

Questions about this Privacy Policy or your data: contact privacy@geotally.ai.