Privacy Policy

1. Personal Data We Process

RomAIx BV processes your personal data because you use our services and/or because you provide this data to us. Below is an overview of the personal data we process:

• First and last name

• Address details

• Phone number

• Email address

• IP address

• Other personal data that you actively provide, for example, by creating a profile on this website, through correspondence, and by telephone

• Location data

• Data about your activities on our website

• List of customer contact details via an app

• Internet browser and device type

• Bank account number

• OAuth access tokens and refresh tokens for third-party platforms you connect (Google, LinkedIn, Meta, your CMS)

• Search analytics data (clicks, impressions, queries, pages) from Google Search Console properties you authorize

• Website analytics from Google Analytics 4 properties you authorize

• Content you create in RomAIx GEO (article drafts, social posts, scheduled publishes)

• Engagement metrics on your published posts (likes, comments, shares) returned by connected platforms

2. Special and/or Sensitive Personal Data We Process

Our website and/or service does not intend to collect data about website visitors who are under 16 years of age, unless they have parental or guardian consent. However, we cannot verify the age of a visitor. We encourage parents to be involved in the online activities of their children to prevent the collection of data about children without parental consent. If you believe that we have collected personal data about a minor without such consent, please contact us at privacy@romaix.ai, and we will delete that information.

3. Purpose and Legal Basis for Processing Personal Data

RomAIx BV processes your personal data for the following purposes:

• To process your payment

• To send our newsletter and/or advertising materials

• To contact you by phone or email if necessary to perform our services

• To inform you about changes to our services and products

• To offer you the possibility to create an account

• To deliver goods and services to you

• RomAIx BV analyzes your behavior on the website to improve the website and tailor the offerings of products and services to your preferences

• RomAIx BV also processes personal data if we are legally obliged to do so, such as data required for our tax filings.

• To publish content to third-party platforms (your CMS, LinkedIn, Meta) on your explicit instruction

• To fetch and display search and traffic analytics from Google Search Console and Google Analytics 4 properties you have authorized

• To use third-party AI providers (Anthropic, OpenAI, Replicate, Perplexity) to generate article drafts and analytical reports

4. Automated Decision-Making

RomAIx BV does not make decisions that have significant consequences for individuals solely based on automated processing. While we use automation to streamline certain processes, all final decisions involving your personal data are made by humans. Automation assists in processing data, but a RomAIx BV employee always reviews and makes the definitive decision.

5. Data Retention Periods

RomAIx BV will not retain your personal data longer than strictly necessary to achieve the purposes for which it was collected. We apply the following retention periods by category:

• Account data (name, email, login credentials) — for the duration of your active subscription, plus 30 days after account closure.

• Billing and invoice data — 7 years, as required by Dutch tax law (Algemene wet inzake rijksbelastingen, art. 52).

• Content you create in RomAIx GEO (articles, posts, scheduled publishes) — for the duration of your active subscription. Deleted on account closure.

• OAuth credentials for connected third-party platforms — until you disconnect the integration or close your account. Deleted immediately upon disconnect.

• Analytics data (Google Search Console snapshots, post engagement metrics) — up to 24 months rolling, then auto-pruned.

• Marketing communication data (newsletter signups, ad analytics) — until you unsubscribe or 24 months of inactivity, whichever is sooner.

• Support correspondence — 2 years after the last interaction.

6. Sharing Personal Data with Third Parties

RomAIx BV only provides data to third parties if this is necessary for the execution of our agreement with you or to comply with a legal obligation.

7. Third-Party Platform Integrations

RomAIx GEO, operated by RomAIx BV (KvK 94705771, VAT NL866865676B01), integrates with the following third-party platforms when you explicitly connect them. We act as data controller for the data you provide directly to us; the third parties below act as data controllers for data you provide to them, and as data processors when handling data on your behalf via API calls we make on your instruction.

Search analytics and publishing:

• Google Search Console — to read your search performance data

• Google Analytics 4 — to read your website analytics

• WordPress (.org and .com) — to publish blog articles you author

• Webflow — to publish blog articles you author

• Shopify — to publish blog articles you author

• Wix — to publish blog articles you author

• Framer — to publish blog articles you author

Social publishing and engagement:

• LinkedIn — to publish posts to your personal profile and (with separate authorization) to LinkedIn Company Pages

• Meta (Facebook, Instagram, Threads) — to publish posts to your connected Facebook Pages, Instagram Business accounts, and Threads accounts

Content generation and analysis:

• Anthropic (Claude) — to generate article drafts and analytical reports

• OpenAI — for selected text and image generation tasks

• Replicate — for image generation tasks

• Perplexity — for AI search citation tracking
  
  Payments:

• Stripe — for subscription billing and payment processing

We do not sell your data. We do not share your data with third parties beyond what is necessary to deliver the service you have explicitly connected. You can disconnect any integration at any time from your RomAIx GEO settings; doing so revokes our access immediately.

7.1 Scope of Access — what we will and will not do

When you connect a third-party platform to RomAIx GEO, we request the narrowest set of permissions (OAuth scopes) needed for the specific feature you use. We do not request, store, or use any access beyond what you explicitly authorize. Specifically:

Google Search Console and Google Analytics 4: read-only access. We cannot submit sitemaps, modify properties, change settings, or write anything back to your Google account.

RomAIx GEO's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

Your CMS (WordPress, Webflow, Shopify, Wix, Framer): permission to read your site metadata and to create, update, or unpublish blog articles you have authored inside RomAIx GEO. We never delete content we did not create, modify unrelated pages or templates, or access customer, order, payment, or admin data outside the blog feature.

Social platforms (LinkedIn, Meta): permission to publish posts you have explicitly approved in RomAIx GEO, and to read engagement metrics on those specific posts. We do not read your direct messages, your contacts list, other Pages you manage outside the ones you connected, your followers' personal data, or any content you did not create through RomAIx GEO.

No automated publishing. Every article and post that RomAIx GEO publishes has been explicitly reviewed and approved by you in our editor. We do not auto-publish, auto-comment, or auto-engage without your direct click.

Each integration is isolated. Your Google data is not shared with Meta, your Meta data is not shared with LinkedIn, and so on. We never grant a third party access to your data on another platform.

You can revoke any integration at any time from your RomAIx GEO Settings or directly via the platform's own security page (see Section 12). Revocation is immediate and stops all future API calls.

8. Cookies or Similar Technologies We Use

RomAIx GEO, operated by RomAIx BV, only uses technical and functional cookies and analytical cookies that do not infringe on your privacy.

A cookie is a small text file stored on your computer, tablet, or smartphone when you first visit this website. The cookies we use are necessary for the technical operation of the website and for your ease of use. They ensure the website functions properly and, for example, remember your preferred settings. We may also use cookies to optimize our website.

You can opt out of cookies by configuring your internet browser to stop storing them. You can also delete all previously stored cookies via your browser settings.

9. Accessing, Modifying, or Deleting Data

You have the right to access, correct, or delete your personal data. Additionally, you have the right to withdraw your consent for data processing or to object to the processing of your personal data by RomAIx BV, and you have the right to data portability. This means that you can submit a request to us to send the personal data we hold about you in a computer file to you or another organization specified by you. You can send a request for access, correction, deletion, data transfer, withdrawal of consent, or objection to the processing of your personal data to privacy@romaix.ai. To ensure that the request for access was made by you, we ask that you include a copy of your identity document with the request. Make sure to black out your photo, MRZ (machine-readable zone, the strip with numbers at the bottom of the passport), passport number, and Citizen Service Number (BSN) to protect your privacy. We will respond to your request as quickly as possible, but within four weeks. RomAIx BV also wishes to inform you that you have the right to file a complaint with the national supervisory authority, the Dutch Data Protection Authority. You can do so here.

10. How We Secure Personal Data

RomAIx BV takes the protection of your data seriously and takes appropriate measures to prevent misuse, loss, unauthorized access, unwanted disclosure, and unauthorized modification. If you believe that your data is not properly secured or there are indications of misuse, please contact our customer service or via privacy@romaix.ai.

11. Contact Information

If you have any questions or concerns regarding this Privacy Policy, please contact us at privacy@romaix.ai

Data Controller: RomAIx BV (Dutch BV, KvK 94705771, VAT NL866865676B01). Operator of the RomAIx GEO platform.

12. Data Deletion

To request deletion of your personal data, you have three options:

Self-service: disconnect any integration immediately. RomAIx GEO's Settings page lets you disconnect any connected third-party platform (LinkedIn, Google, Meta, your CMS) with a single click. This revokes our access token and stops new data being collected from that platform immediately. Historical data already stored in RomAIx GEO remains until you delete your account.

Full account deletion. Email privacy@romaix.ai with the subject line "Data Deletion Request" and include the email address you signed up with. We process deletion requests within 30 days as required by GDPR Article 17.

Platform-side revocation. If you connected via Facebook or Instagram, you can also revoke our access from Facebook: Settings > Privacy > Apps and Websites > remove RomAIx GEO. For Google: myaccount.google.com > Security > Third-party apps with account access. For LinkedIn: account Settings > Data privacy > Permitted services.

For the full process of data access, correction, transfer, and the right to object, see Section 9 above.