Privacy Policy - Qwairy

1. Introduction

Qwairy SAS, a French simplified joint-stock company (Société par actions simplifiée) registered under SIREN 944 639 012, with its registered office at 1 Rue de Stockholm, 75008 Paris, France ("Qwairy," "we," "us"), is committed to protecting your privacy.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Generative Engine Optimization (GEO) platform (the "Service"), including data obtained through third-party integrations such as Google Analytics.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. This policy complies with the EU General Data Protection Regulation (GDPR), the Google API Services User Data Policy, and the Google APIs Terms of Service.

2. Data Controller

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Profile picture (if using OAuth login)
• Company name and website URL (if provided)

3.2 Usage Data

We automatically collect information about how you interact with our Service, including:

• Pages visited and features used
• Timestamps and session duration
• Browser type and device information
• IP address

3.3 Brand and Content Data

To provide our GEO optimization services, we collect:

• Brand names and descriptions you configure
• Keywords and topics you monitor
• Competitor information you add
• AI-generated content and analysis results

4. Google User Data

This section specifically addresses how Qwairy handles data obtained through Google APIs, in compliance with the Google API Services User Data Policy.

4.1 Data Accessed

When you connect your Google Analytics account to Qwairy, we request read-only access (analytics.readonly scope) to the following types of Google user data:

• Analytics properties: List of Google Analytics 4 properties and accounts you have access to
• Traffic metrics: Sessions, average session duration, bounce rate, pages per session, and new users
• Traffic sources: Session source and medium data, specifically filtered to identify AI-related referral traffic from platforms like ChatGPT, Claude, Perplexity, Gemini, and others
• Landing pages: URLs of pages receiving traffic from AI platforms, along with engagement metrics

4.2 Data Usage

Qwairy uses your Google Analytics data exclusively to:

• Display your traffic metrics within the Qwairy dashboard
• Identify and track AI-related traffic sources and patterns
• Correlate your website traffic with AI visibility metrics
• Generate insights and recommendations to improve your GEO strategy
• Measure the impact of AI optimization on your website traffic

We do NOT use your Google user data for:

• Advertising or marketing purposes
• Selling or renting to third parties
• Training AI/ML models
• Any purpose unrelated to providing our GEO optimization Service

4.3 Data Sharing

Qwairy does NOT share your Google user data with any third parties.

Your Google Analytics data is:

• Only accessible to you and team members you explicitly invite to your Qwairy workspace
• Never sold, rented, or transferred to advertisers or data brokers
• Never shared with other Qwairy customers or used for cross-customer analytics
• Only processed by our secure infrastructure providers (detailed in Section 7) as necessary to operate the Service

4.4 Data Storage and Protection

Your Google user data is protected using industry-standard security measures, including encryption in transit (TLS/SSL) and access controls to limit data access to authorized personnel only.

4.5 Data Retention and Deletion

Retention: Google Analytics data is retained for as long as your account is active and you maintain the integration connection.

Deletion: You can delete your Google user data at any time by:

• Disconnecting the integration in your Qwairy workspace settings
• Requesting account deletion by emailing team@qwairy.co
• Revoking Qwairy's access through your Google Account permissions

5. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send administrative notifications and updates
• Respond to your requests and support inquiries
• Analyze usage patterns to improve user experience
• Detect and prevent fraud or security issues

6. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

• Contract performance: Processing necessary to provide the Service you requested
• Consent: For optional features like marketing communications and third-party integrations (e.g., Google Analytics)
• Legitimate interests: For analytics, security, and service improvement
• Legal obligations: When required by applicable law

7. Data Sharing and Third Parties

We may share your data with the following categories of service providers, solely for the purpose of operating our Service:

• Cloud infrastructure: Vercel (hosting), Neon (database)
• Payment processing: Stripe
• Email services: Resend, Loops
• Error monitoring: Sentry
• Analytics: Google Analytics, Mouseflow
• Customer support: Crisp

We do not sell your personal data to third parties.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you the Service. After account deletion, personal data is deleted except as required by law.

9. Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restriction: Request limitation of processing
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time for consent-based processing

To exercise these rights, contact us at team@qwairy.co. We will respond within 30 days.

You also have the right to lodge a complaint with the French Data Protection Authority (CNIL) or your local supervisory authority.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit (TLS) and access controls to limit data access.

11. Cookies

Cookies are small text files that a website places on your computer or mobile device when you visit. They are widely used to make websites work, improve efficiency, and provide reporting information.

Types of cookies we use

• Strictly Necessary: Essential for the Service to function properly (secure login, session management, page navigation).
• Performance / Analytics: Collect information about how visitors use the Service. We use Google Analytics and Mouseflow.
• Functionality: Remember your choices and provide enhanced features. We use Crisp for customer support chat.

Managing cookies

Most browsers allow you to view, delete, or block cookies. Blocking certain cookies (especially strictly necessary ones) may impair website functionality.

12. Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also notify you by email.

14. Contact Us