Last Updated: July 6, 2025

1. Introduction

Welcome to Spotlight. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our services.

2. Information We Collect

We may collect the following types of information:

Contact Information: such as your name, email address, and company details.
Website Information: when you provide your website URL for analysis.
Usage Data: information about how you interact with our services.
Technical Data: including IP address, browser type, device information, and cookies.

2.1 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us analyze website usage and improve our services.

Types of Cookies We Use:

Essential Cookies: These are necessary for the website to function properly and cannot be disabled. They store your cookie consent preferences.
Analytics Cookies: We use Google Analytics to understand how visitors use our website, including pages visited, time spent, and user interactions. These cookies collect anonymous usage statistics.

Third-Party Cookies:

Google Analytics: We use Google Analytics cookies (_ga, _ga_*, _gid) to analyze website traffic and user behavior. These cookies typically expire after 2 years for _ga and 24 hours for _gid. Google's privacy policy applies to this data: https://policies.google.com/privacy

Managing Cookies:

You can control cookies through:

Cookie Banner: Accept or decline non-essential cookies when you first visit our site
Browser Settings: Most browsers allow you to block or delete cookies through their settings
Google Analytics Opt-out: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

Note: Disabling cookies may affect website functionality and your user experience.

3. Google Analytics API Integration

Spotlight offers an optional feature that allows you to connect your Google Analytics 4 (GA4) account to analyze traffic from AI platforms. This integration is completely optional and requires your explicit consent.

3.1 OAuth Authorization and Data Access

When you choose to connect your GA4 account, we use Google's OAuth 2.0 authorization framework to securely access your Google Analytics data. We only request the minimum permissions necessary:

Google Analytics Read-Only Access: We request read-only access to your GA4 data to retrieve traffic metrics and referral information
No Data Storage: We do not store any of your Google Analytics data on our servers
Real-Time Processing: Data is fetched, processed, and displayed to you in real-time without being saved

3.2 What Google Analytics Data We Access

When you authorize the connection, we may access the following data from your GA4 account:

Traffic metrics (page views, sessions, users)
Referral source data to identify AI platform traffic
Website performance metrics
Geographic and demographic data (aggregated only)
Device and browser information

3.3 How We Use Your Google Analytics Data

Your GA4 data is used exclusively to:

Generate visualizations and metrics about your AI platform traffic
Provide insights into how users discover your website through AI conversations
Display comparative analytics and trends
Create custom reports for your review

3.4 Data Security and Transmission

Your Google Analytics data is handled with the highest security standards:

Encrypted Transmission: All data is transmitted using HTTPS/TLS encryption
No Persistent Storage: Data is processed in memory and not saved to databases
Secure API Calls: All API requests use OAuth 2.0 tokens with limited scope and expiration
No Third-Party Sharing: Your GA4 data is never shared with third parties

3.5 User Control and Consent

You maintain full control over your Google Analytics data connection:

Explicit Consent: Connection requires your explicit authorization through Google's OAuth flow
Revoke Access: You can revoke access at any time through your Google account settings
Disconnect Feature: You can disconnect your GA4 account from within our platform
Optional Service: This integration is completely optional and not required to use other Spotlight features

3.6 Compliance with Google Policies

Our Google Analytics integration complies with:

Google API Services User Data Policy
Google OAuth 2.0 Policies
Google Analytics Terms of Service
Google Cloud Platform Terms of Service

3.7 Compliance with Google's Limited Use Policy

Spotlight’s use and transfer of information received from Google APIs fully complies with Google’s Limited Use requirements. Specifically, Spotlight only accesses, uses, and transfers Google user data in accordance with the “Limited use of user data” requirement in the Workspace API User Data Developer Policy and, where applicable, the Photos API User Data Developer Policy.

We do not use Google user data for any purposes other than providing and improving the features described in this policy. We do not transfer this data to others except as necessary to provide and improve these features, comply with the law, or as part of a merger, acquisition, or sale of assets. We do not use this data for advertising or other unrelated purposes.

4. How We Use Your Information

We use your information to:

Provide and maintain our services
Create and deliver your AI visibility analysis
Communicate with you about our services
Improve and develop our platform
Analyze website usage and user behavior through cookies and analytics
Remember your cookie preferences and website settings
Protect against fraud and unauthorized access

4.1 Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data under the following legal bases:

Consent: For analytics cookies and marketing communications (you can withdraw consent at any time)
Legitimate Interest: For essential website functionality, security, and service improvement
Contract Performance: To provide our services and fulfill our obligations to you
Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your personal information with service providers and partners who help us operate our business. We do not sell your personal information to third parties.

5A. Use of Data for Research and Marketing

Spotlight may use data generated in user reports, including analysis results and insights, for research purposes, case studies, and to improve our services. Spotlight may also mention your brand name and reference your use of the service in case studies, marketing collateral, and other promotional materials, unless you explicitly request otherwise in writing.

5B. Data Accuracy and Limitations

Due to the probabilistic nature of large language models (LLMs), all data, analysis, and results provided by Spotlight are subject to inherent limitations. Users should expect a typical error margin of 5-10%, and in some cases, the error margin may be higher. Data and insights generated by Spotlight are not guaranteed to be 100% accurate or complete, and should not be solely relied upon for critical decisions.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

Account Data: Retained while your account is active and for up to 2 years after account closure
Analytics Data: Google Analytics data is retained for 26 months as per Google's default settings
Cookie Consent Records: We keep records of your consent choices for up to 1 year
Communication Records: Customer service communications retained for up to 3 years

You may request deletion of your personal data at any time, subject to our legal obligations to retain certain information.

7. Data Security

We implement appropriate security measures to protect your personal information. However, no internet transmission is completely secure. We cannot guarantee the security of information transmitted to our website.

8. Your Rights

Depending on your location, you may have rights related to your personal information, including:

Access: Request access to your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your information ("right to be forgotten")
Restriction: Request restriction of processing
Objection: Object to certain types of processing
Data Portability: Request transfer of your data to another service
Withdraw Consent: Withdraw consent for cookies and analytics at any time

8.1 Cookie-Related Rights

You have specific rights regarding cookies:

You can change your cookie preferences at any time through our cookie banner
You can clear cookies through your browser settings
You can opt out of Google Analytics tracking
Essential cookies cannot be disabled as they are necessary for website functionality

To exercise any of these rights, please contact us at [email protected].

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website.

10. EU Privacy and Data Protection

Spotlight is committed to complying with the General Data Protection Regulation (GDPR) and all applicable EU privacy laws. If you are located in the European Union, you have certain rights regarding your personal data, including the right to access, correct, delete, restrict processing, object to processing, and data portability. You also have the right to lodge a complaint with your local data protection authority. Spotlight processes personal data lawfully, fairly, and transparently, and implements appropriate security measures to protect your information.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].

For information about billing, cancellation, and refund policies, please refer to our Terms of Service.