GPT Dominator — Privacy Policy

Last updated: 2026-06-05 · serp.systems is the controller for this Service

In short We collect only what we need to run your campaign — your billing details, the queries and URLs you give us, and the public AI answers we check. We don't sell your data and we don't use it to train AI models. You can ask to see, correct, or delete your data any time. Every section below has a plain-English TL;DR.

This policy explains how serp.systems (“we”, “us”) handles personal data when providing the “GPT Dominator by serp.systems” service (the “Service”). It is specific to the Service; the broader site policy at /privacy.html applies to the rest of serp.systems. Where they conflict for the Service, this policy controls.

01 Who we are

TL;DR serp.systems runs this Service and decides how your data is used. Email us with any privacy question.

serp.systems is the data controller for personal data processed under this policy. For any privacy question or to exercise your rights (Section 08), write to [email protected].

02 Data we collect

TL;DR Your name & billing info, the queries and URLs you give us, any access you grant, the AI answers we monitor, and our chats with you. Nothing more. Please don't send us sensitive personal data.

Category	Examples	Why
Account & billing	Name, business name, billing email, payment-instrument identifier (via Stripe/Paddle).	To set up the engagement and bill for it.
Engagement data	Target Queries, URLs to optimize, brand and competitor names you supply, written approvals.	To define and execute the agreed work.
Access data	Credentials or limited-scope tokens you grant for your CMS, analytics, or hosting.	To deploy changes; deleted at engagement end.
Campaign telemetry	The AI queries we run on your behalf and the public answers they return, including any cited source URLs.	To monitor your standing and progress.
Communications	Emails and messages (e.g. Signal/Telegram) with your strategist.	To run the engagement and for our records.

We do not intentionally collect special-category data (e.g. health, political opinions) and ask that you not send it to us.

03 Lawful bases

TL;DR We use your data to deliver what you hired us for, to keep the service secure, to meet tax/accounting law, and — where required — with your consent.

Performance of a contract — to deliver the Service you engaged us for;
Legitimate interests — service security, abuse prevention, and the limited telemetry needed to deliver agreed outcomes;
Legal obligation — invoicing, tax and accounting records;
Consent — where required by law (we currently set no non-essential cookies on these pages).

04 How we use your data

TL;DR To run, monitor and report on your campaign, bill you, and talk to you. We never sell it and never use it to train AI models or to power other clients' campaigns.

Diagnose, deploy and monitor the GEO work covered by your engagement;
Produce your report (up to one per month, on request);
Bill for the Service and keep statutory records;
Communicate with you about your engagement;
Improve our methodology — only in aggregated, anonymised form that does not identify you.

We do not sell your data, do not use it to train any AI model, and do not use your campaign data to power other customers' campaigns.

05 Sub-processors

TL;DR A few trusted providers help us run the Service (payments, hosting, email, and the AI engines we query). Which AI engines apply depends on your plan. We use standard legal safeguards for any data leaving the EEA.

Sub-processor	Purpose	Region
Stripe / Paddle	Payment processing	EEA / US
Cloud infrastructure provider	Application hosting, encrypted storage	EEA
AI answer engines (per plan)	Queries we run to monitor your standing — ChatGPT (Focus & Category); your preferred AIs, agreed with you (Domination)	US / per provider
Transactional email provider	Engagement and billing emails	EEA / US
Clerk	Authentication for any dashboard access	US

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or an adequacy decision in force at the time. We will update this list when sub-processors change and give notice of material changes.

06 Retention

TL;DR Access tokens are deleted within a week of the engagement ending. Campaign data is kept up to a year, then anonymised or deleted. Billing records are kept as long as tax law requires.

Access credentials/tokens: revoked and deleted within seven (7) days of engagement end;
Campaign telemetry & reports: kept for the engagement plus twelve (12) months, then anonymised or deleted;
Communications: kept for two (2) years to evidence the engagement;
Billing & tax records: kept for the period required by tax law (typically up to ten years).

07 Security

TL;DR We encrypt data, limit who can access it, and use short-lived credentials. If a breach ever affects you, we'll tell you and the authorities within the legal deadlines.

We apply industry-standard safeguards: encryption in transit (TLS 1.2+) and at rest, least-privilege access, short-lived credentials, audit logging, and periodic reviews. No system is perfectly secure; in the event of a personal-data breach affecting you, we will notify you and any required authority within statutory timeframes.

08 Your rights

TL;DR You can see, fix, delete, or get a copy of your data, object to some uses, withdraw consent, and complain to a regulator. Just email us — we reply within a month.

Subject to applicable law, you may: access your data; have inaccurate data corrected; have data erased where there is no overriding legal basis to keep it; restrict or object to certain processing; receive a portable copy of data you provided; withdraw consent where processing is based on it; and lodge a complaint with your local data-protection authority. To exercise any right, write to [email protected]. We respond within one month (extendable by two further months for complex requests).

09 Cookies on these pages

TL;DR These public pages set no tracking cookies. Any dashboard you get uses a login cookie from Clerk.

The Service's public pages set no non-essential cookies. Authentication for any Service dashboard uses session cookies operated by Clerk.

10 Children

TL;DR This Service isn't for under-18s and we don't knowingly collect their data.

The Service is not directed to individuals under 18, and we do not knowingly process the personal data of minors. If you believe we hold such data, write to us and we will delete it.

11 Changes to this policy

TL;DR If we make big changes, active customers get an email at least 15 days before they take effect.

For material changes we will email customers with an active engagement at least fifteen (15) days before the new version takes effect. The “Last updated” date above always reflects the current version.

← Back to GPT Dominator ← Service Terms