1. Introduction
Welcome to Mainroot ("we," "our," or "us"). We provide an AI Visibility Tracking and Generative Engine Optimization (GEO) platform that helps brands monitor and improve their presence in Large Language Models (LLMs).
We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share information about you when you use our website (mainroot.io), our dashboard, and our services (collectively, the "Services").
By using Mainroot, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
A. Information You Provide to Us
- Account Information: When you sign up, we collect your name, email address, password (hashed), and company name.
- Billing Information: If you subscribe to a paid plan (Starter, Pro, or Custom), our payment processor (Stripe) collects your credit card details and billing address. We do not store full credit card numbers on our servers.
- Targeted Domains & Brands: We collect the domain names and brand names you engage us to monitor (e.g., the "Locked Domain" associated with your subscription).
- User Content & Strategy Chat: We collect the text inputs, prompts, and questions you ask our "AI Strategy Coach" to provide you with relevant answers and history.
- Communications: If you contact support or schedule a demo, we collect the details of your request and contact info.
B. Information Collected Automatically
- Usage Data: We track how you interact with the dashboard, including which pages you visit, the missions you complete, and your usage of the AI chat (to enforce plan limits, e.g., 3 messages/month for Starter plans).
- Device & Technical Data: IP address, browser type, operating system, and device identifiers.
- Cookies: We use cookies to maintain your session (keep you logged in) and for analytics purposes to understand how users navigate our site.
3. How We Use Your Information
We use your data to operate our business and provide the GEO services:
- To Provide the Service: To perform visibility audits, generate "Missions," and track your "AI Authority Score" across engines like ChatGPT, Perplexity, and Gemini.
- To Power our AI Features: We send specific queries (prompts) related to your brand to third-party AI providers (see Section 4) to generate the analysis.
- To Manage Your Subscription: To enforce plan limits (e.g., restricting the "Starter" plan to 1 domain and limited chat access) and process payments.
- To Improve Mainroot: To analyze usage trends (e.g., which missions are most popular) and debug technical issues.
- Communication: To send you transactional emails (invoices, password resets) and, with your consent, product updates or newsletters.
4. Third-Party Processors & AI Sub-Processors
To provide our service, we share data with trusted third-party service providers. We have Data Processing Agreements (DPAs) in place with these vendors.
| Category | Provider | Purpose |
|---|---|---|
| AI & LLM Providers | OpenAI, Perplexity, Google (Gemini) | We send public brand queries to these providers to analyze your visibility. We do not use your private personal data to train their foundation models. |
| Cloud Hosting | Vercel / Supabase | Hosting our infrastructure and database. |
| Authentication | Supabase Auth | Secure user login and management. |
| Payments | Stripe | Payment processing and billing management. |
| Analytics | PostHog / Google Analytics | Understanding product usage. |
| Resend / Mailgun | Sending system emails. |
5. AI Training & Data Privacy (Important)
We understand the sensitivity of data in the AI era.
- No Training on Customer Data: We do not allow third-party LLM providers (like OpenAI) to use your private internal strategy data or your chat history to train their general public models.
- Public Data: Our tool analyzes publicly available responses from AI engines. The "content" we analyze is generated by the AI, not provided by you.
6. Data Retention
We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy.
- Account Data: Retained as long as your account is active.
- Scan History: We keep historical visibility data to show you trend lines (e.g., your visibility score evolution over 6 months).
- Deleted Accounts: If you delete your account, we will delete your personal data within 30 days, retaining only what is required by law (e.g., tax records).
7. Your Rights (GDPR & CCPA)
Depending on your location, you may have the following rights:
- Access: Request a copy of the data we hold about you.
- Correction: Update incorrect data (you can usually do this directly in your Settings).
- Deletion: Request that we delete your account and data.
- Portability: Ask for your data in a structured, machine-readable format.
- Opt-Out: Unsubscribe from marketing emails at any time.
To exercise these rights, contact us at: antoine.dj@mainroot.io.
8. Security
We use industry-standard security measures, including encryption in transit (HTTPS) and at rest (Database encryption), to protect your data. However, no method of transmission over the Internet is 100% secure.
9. International Transfers
If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the US where our servers are located. We rely on Standard Contractual Clauses (SCCs) and adequacy decisions for cross-border transfers.
10. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last Updated" date.
12. Contact Us
If you have any questions about this Privacy Policy, please contact us:
- Email: antoine.dj@mainroot.io
- Company: Mainroot