Who we are

OSPEA ("we", "us", "our") provides a marketing and SEO software platform.

Data controller: OSPEA
Contact: privacy@ospea.io

What this policy covers

This policy explains how we collect and use personal data when you:

visit our website,
sign up for an account, or
use our platform.

Personal data we collect

Website visitors

Analytics data (GA4): pages viewed, approximate location (country/city-level), device/browser information, referral source, and on-site interactions.
Technical data: IP address (processed by infrastructure providers for security and delivery), logs, and error diagnostics.

Users (accounts)

Account data: name, email address, authentication identifiers (e.g., via Clerk), workspace/team membership, and settings.
Support/enquiries: messages you send us, including via forms or email.

If you connect third-party services

If you connect services such as Google Search Console, we will access and store the minimum needed to provide the feature (e.g., connection tokens and reporting data). We will update this policy as these integrations go live.

Cookies

We use cookies for Google Analytics 4 only at present. See our Cookie Policy for details.

How we use your data (purposes)

We use personal data to:

operate and secure the website and platform,
provide and improve features,
understand how people use our site (analytics),
respond to enquiries and provide support,
prevent fraud/abuse and keep the service reliable.

Legal bases (UK GDPR / GDPR)

We rely on the following lawful bases:

Consent (Article 6(1)(a)) for analytics cookies (GA4). We only set analytics cookies if you consent (where required).
Contract (Article 6(1)(b)) to provide the service to you when you create an account and use the platform.
Legitimate interests (Article 6(1)(f)) for security, preventing abuse, and improving the service (balanced against your rights).
Legal obligation (Article 6(1)(c)) where we must comply with legal requirements.

How we share your data

We share data only with trusted service providers ("processors") to run OSPEA, such as:

Hosting/infrastructure (e.g., server/CDN providers),
Authentication (e.g., Clerk),
Analytics (Google Analytics 4 — only with your consent),
Email delivery (e.g., Resend) and error monitoring (e.g., Sentry, if enabled).

AI sub-processors

To analyse your AI visibility and generate content, we send the website URLs, brand details and prompts you provide (which may include personal data if you include it) to the following AI providers, who process it on our behalf as sub-processors:

OpenAI (USA) — content generation and AI-visibility queries.
Anthropic (USA) — content fact-checking and AI-visibility queries.
Google (USA) — Gemini AI-visibility queries and Vertex AI.
Perplexity (USA) — AI-visibility queries.
DeepSeek (China) — AI-visibility queries.
Serper.dev (USA) — search-engine results data.

These providers are located outside the UK/EEA (including the USA and, for DeepSeek, China). We rely on appropriate safeguards such as Standard Contractual Clauses, apply data minimisation, and — for transfers to countries without a UK adequacy decision — additional measures. You can avoid AI-provider processing by not running AI-visibility scans or content generation.

Competitor & prospect research: some features analyse publicly available information about competitors and prospects. We process this under our legitimate interests in providing marketing-intelligence features, balanced against the rights of the individuals concerned (a legitimate-interests assessment is available on request). You can object at any time.

We do not sell your personal data.

International transfers

Some providers may process data outside the UK/EEA. Where this happens, we rely on appropriate safeguards such as Standard Contractual Clauses and other measures required by UK/EEA law.

Data retention

We keep personal data only as long as needed:

Website analytics: typically up to 14–26 months (configurable).
Account data: for the duration of your account, then a limited period to meet legal/security obligations.
Logs/security data: short retention unless needed for incident investigation.

Your rights

If you are in the UK/EEA, you have rights to:

access your data,
correct inaccurate data,
delete your data,
restrict or object to processing,
portability (where applicable),
withdraw consent (for analytics cookies).

To exercise rights: email privacy@ospea.io

Complaints

If you are in the UK, you can complain to the ICO (Information Commissioner's Office). If you are in the EU, you can complain to your local supervisory authority.

Children

OSPEA is not intended for children and we do not knowingly collect data from children.

Changes to this policy

We may update this policy. If changes are significant, we will provide a notice on the website or in the app.

Who we are

OSPEA ("we", "us", "our") provides a marketing and SEO software platform.

Data controller: OSPEA
Contact: privacy@ospea.io

What this policy covers

This policy explains how we collect and use personal data when you:

visit our website,
sign up for an account, or
use our platform.

Personal data we collect

Website visitors

Analytics data (GA4): pages viewed, approximate location (country/city-level), device/browser information, referral source, and on-site interactions.
Technical data: IP address (processed by infrastructure providers for security and delivery), logs, and error diagnostics.

Users (accounts)

Account data: name, email address, authentication identifiers (e.g., via Clerk), workspace/team membership, and settings.
Support/enquiries: messages you send us, including via forms or email.

If you connect third-party services

Cookies

We use cookies for Google Analytics 4 only at present. See our Cookie Policy for details.

How we use your data (purposes)

We use personal data to:

operate and secure the website and platform,
provide and improve features,
understand how people use our site (analytics),
respond to enquiries and provide support,
prevent fraud/abuse and keep the service reliable.

Legal bases (UK GDPR / GDPR)

We rely on the following lawful bases:

Consent (Article 6(1)(a)) for analytics cookies (GA4). We only set analytics cookies if you consent (where required).
Contract (Article 6(1)(b)) to provide the service to you when you create an account and use the platform.
Legitimate interests (Article 6(1)(f)) for security, preventing abuse, and improving the service (balanced against your rights).
Legal obligation (Article 6(1)(c)) where we must comply with legal requirements.

How we share your data

We share data only with trusted service providers ("processors") to run OSPEA, such as:

Hosting/infrastructure (e.g., server/CDN providers),
Authentication (e.g., Clerk),
Analytics (Google Analytics 4 — only with your consent),
Email delivery (e.g., Resend) and error monitoring (e.g., Sentry, if enabled).

AI sub-processors

OpenAI (USA) — content generation and AI-visibility queries.
Anthropic (USA) — content fact-checking and AI-visibility queries.
Google (USA) — Gemini AI-visibility queries and Vertex AI.
Perplexity (USA) — AI-visibility queries.
DeepSeek (China) — AI-visibility queries.
Serper.dev (USA) — search-engine results data.

We do not sell your personal data.

International transfers

Some providers may process data outside the UK/EEA. Where this happens, we rely on appropriate safeguards such as Standard Contractual Clauses and other measures required by UK/EEA law.

Data retention

We keep personal data only as long as needed:

Website analytics: typically up to 14–26 months (configurable).
Account data: for the duration of your account, then a limited period to meet legal/security obligations.
Logs/security data: short retention unless needed for incident investigation.

Your rights

If you are in the UK/EEA, you have rights to:

access your data,
correct inaccurate data,
delete your data,
restrict or object to processing,
portability (where applicable),
withdraw consent (for analytics cookies).

To exercise rights: email privacy@ospea.io

Complaints

If you are in the UK, you can complain to the ICO (Information Commissioner's Office). If you are in the EU, you can complain to your local supervisory authority.

Children

OSPEA is not intended for children and we do not knowingly collect data from children.

Changes to this policy

We may update this policy. If changes are significant, we will provide a notice on the website or in the app.

Privacy Policy

Who we are

What this policy covers

Personal data we collect

Website visitors

Users (accounts)

If you connect third-party services

Cookies

How we use your data (purposes)

Legal bases (UK GDPR / GDPR)

How we share your data

AI sub-processors

International transfers

Data retention

Your rights

Complaints

Children

Changes to this policy

Privacy Policy

Who we are

What this policy covers

Personal data we collect

Website visitors

Users (accounts)

If you connect third-party services

Cookies

How we use your data (purposes)

Legal bases (UK GDPR / GDPR)

How we share your data

AI sub-processors

International transfers

Data retention

Your rights

Complaints

Children

Changes to this policy