Privacy Policy

Effective Date: 2 March 2026 | Last Updated: 4 March 2026

Risk Intelligence Group Australia Pty Ltd (ABN 16 152 025 486), trading as GetVizible ("we," "us," or "our"), is committed to protecting your privacy and handling your personal information in accordance with applicable privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK General Data Protection Regulation (UK GDPR), and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use the GetVizible AI Search Visibility Audit Tool at getvizible.ai (the "Service").

Our Registered Details:
Risk Intelligence Group Australia Pty Ltd
ABN: 16 152 025 486
PO Box 616, Springwood QLD 4127, Australia
Privacy Officer: compliance@riga.net.au

1. Information We Collect

1.1 Information You Provide Directly

Data	When Collected	Purpose	Required?
Domain name (URL)	When you run an audit	To perform the website audit	Yes
Email address	Tier 2 unlock (email gate)	To verify your identity, deliver detailed results, and communicate about your report	Yes (for Tier 2+)
First and last name	Tier 2 unlock (email gate)	To personalise your report and communications	Yes (for Tier 2+)
Company name	Tier 2 unlock (email gate)	To contextualise audit results for your organisation	No (optional)
Verification code	Email verification step	To verify your email address	Yes (auto-generated, expires in 10 minutes)

1.2 Information Collected Automatically

Data	How Collected	Purpose
IP address	Server access logs	Security, abuse prevention, and rate limiting
Browser type and version	HTTP headers	To ensure the Service displays correctly
Pages visited and actions taken	Server logs	To improve the Service and diagnose issues
Referring URL	HTTP headers	To understand how users find our Service
Date and time of access	Server logs	Security monitoring and analytics

1.3 Payment Information

When you purchase a Premium Report ($97 AUD), your payment is processed by Stripe, Inc. We do not collect, store, or have access to your full credit card number, CVV, or other payment card details. Stripe processes your payment in accordance with PCI DSS Level 1 standards. We receive from Stripe only: transaction confirmation, payment amount, currency, and a transaction reference ID. Please refer to Stripe's Privacy Policy for details on how Stripe handles your payment data.

1.4 Information We Do Not Collect

We do not use cookies or tracking pixels at this time.
We do not use Google Analytics or similar third-party analytics platforms at this time. If we implement analytics in the future, this Privacy Policy will be updated accordingly.
We do not collect sensitive information (as defined under the Privacy Act 1988) such as racial or ethnic origin, political opinions, religious beliefs, health information, sexual orientation, or criminal records.

1.5 Website Scanning Data

GetVizible scans publicly accessible websites to assess their AI search visibility. This scanning operates in the same manner as search engine crawlers — we only access content that is publicly available on the open web.

We store: domain name, technical visibility scores, content analysis results, and structural signals derived from our assessment methodology.
This data relates to websites and organisations, not to individual persons. Domain-level scan data (such as a domain name, its visibility score, grade, and industry classification) is not personal information.
We do not access password-protected pages, restricted areas, private intranets, or any content that is not publicly accessible.
We do not collect personal information (such as names, email addresses, or contact details) from the websites we scan.

1.6 Funnel Interaction Data

We track how users interact with our audit tool to improve the Service and understand user needs. This includes:

Which domains are submitted for scanning;
Whether the email capture step is completed;
Whether payment is initiated or completed; and
General progression through the audit workflow.

This tracking is performed through our own systems and server logs, not through third-party analytics platforms or tracking pixels.

2. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery: To perform website audits, generate reports, query AI search engines on your behalf, produce PDF reports, and deliver results to you.
Email Verification: To verify your email address via a one-time 6-digit code sent through our email provider (Resend).
Payment Processing: To process payments for Premium Reports via Stripe.
Communication: To send you your audit results, payment confirmations, and respond to inquiries sent to compliance@riga.net.au.
Service Improvement: To analyse aggregate, de-identified usage patterns to improve the audit methodology, scoring algorithms, and user experience.
Security and Abuse Prevention: To detect and prevent fraud, abuse, or unauthorised access, including rate limiting and brute-force protection on verification codes.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Market Intelligence: To create industry benchmark reports and market intelligence products using aggregated, anonymised, or company-level (non-personal) scan data derived from publicly accessible websites.
Methodology Improvement: To improve our AI search visibility methodology, scoring algorithms, and assessment techniques based on patterns observed across scanned websites.

We will not use your personal information for automated decision-making or profiling that produces legal effects or similarly significant effects on you.

We will not send you marketing or promotional emails unless you have expressly opted in. If you do opt in, you may withdraw consent at any time by contacting compliance@riga.net.au or clicking the unsubscribe link in any marketing email, in accordance with the Spam Act 2003 (Cth) and the CAN-SPAM Act (US).

3. Lawful Basis for Processing (GDPR & UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following lawful bases:

Processing Activity	Lawful Basis	Details
Performing a free audit	Legitimate Interest (Art. 6(1)(f))	To provide the requested audit service. Domain scanned is publicly available information.
Collecting email/name for Tier 2	Consent (Art. 6(1)(a))	You voluntarily provide your details to unlock additional audit information.
Processing payment for Premium Report	Performance of Contract (Art. 6(1)(b))	Necessary to fulfil your purchase of a Premium Report.
Email verification	Performance of Contract (Art. 6(1)(b))	Necessary to verify your identity before delivering detailed results.
Security/rate limiting	Legitimate Interest (Art. 6(1)(f))	To protect the Service and users from abuse.
Marketing emails (if opted in)	Consent (Art. 6(1)(a))	Only with your express opt-in consent. Withdrawable at any time.
Legal compliance	Legal Obligation (Art. 6(1)(c))	To comply with tax, accounting, and regulatory obligations.

4. Who We Share Your Data With

We do NOT sell, rent, or trade your personal information (such as your email address, name, or contact details) to any third party for their marketing purposes.

4.1 Company-Level Scan Data

We may share or sell company-level scan data — including domain names, AI visibility scores, grades, and industry classifications — with third-party marketing agencies, research firms, and business partners. This data is derived from scanning publicly accessible websites and does not include any personal information of individual users (such as names, email addresses, or contact details).

4.2 Aggregated Benchmark Reports

We may publish and sell aggregated benchmark reports and industry analyses derived from our scanning data. These reports contain statistical summaries (for example, "78% of cybersecurity SaaS websites score below a C grade") and do not identify individual users. They may reference company-level data (domain names and scores) where that data is derived from publicly accessible websites.

4.3 Service Providers

We share your personal data with the following categories of third-party service providers who process data on our behalf:

Provider	Purpose	Data Shared	Location	Privacy Policy
Stripe, Inc.	Payment processing	Payment details (collected by Stripe directly), transaction reference	United States	stripe.com/privacy
Resend, Inc.	Transactional email delivery (verification codes)	Email address, verification code	United States	resend.com/legal/privacy-policy
OpenRouter / AI Model Providers	AI engine queries (Perplexity, ChatGPT, Claude, Gemini) for brand visibility analysis	Domain name and company name (no personal user data sent)	United States	openrouter.ai/privacy
Cloudflare, Inc.	CDN, DDoS protection, SSL termination	IP address, request metadata	Global	cloudflare.com/privacypolicy

4.4 Legal Requirements

We may also disclose your personal information if required by law, court order, subpoena, or government regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. International Data Transfers

Our Service is operated from Australia. However, some of our third-party service providers (Stripe, Resend, OpenRouter, Cloudflare) are located in the United States and other jurisdictions outside Australia and the EEA.

When your personal data is transferred outside Australia, we take reasonable steps to ensure that the overseas recipient handles your data in accordance with the APPs, as required by APP 8.

For transfers outside the EEA/UK, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission;
The recipient being in a jurisdiction with an adequacy decision; or
Your explicit consent where applicable.

6. Data Retention

Data Type	Retention Period	Reason
Lead data (email, name, company, domain)	2 years from collection, or until you request deletion (whichever is earlier)	To provide follow-up services and maintain audit history
Payment/transaction records	7 years from transaction date	Required by Australian tax law (Income Tax Assessment Act 1997) and the Corporations Act 2001
Email verification codes	10 minutes (auto-deleted)	One-time use for verification only
Server access logs (IP, browser)	90 days	Security monitoring and abuse prevention
Audit results and reports	12 months from generation	To allow you to re-download your report

After the retention period expires, your data will be securely deleted or de-identified so that it can no longer be associated with you.

7. Your Rights

7.1 Rights Under Australian Privacy Principles (APPs)

Under the Privacy Act 1988 (Cth) and the APPs, you have the right to:

Access the personal information we hold about you (APP 12);
Request correction of any inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information (APP 13);
Complain about a breach of the APPs, and to have your complaint investigated and responded to within 30 days;
Request deletion of your personal information (where we are not required by law to retain it);
Opt out of receiving direct marketing communications at any time.

To exercise any of these rights, contact our Privacy Officer at compliance@riga.net.au. We will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001

7.2 Rights Under GDPR and UK GDPR

If you are located in the EEA or the United Kingdom, you have the following additional rights under the GDPR / UK GDPR:

Right of Access (Art. 15) — to obtain a copy of your personal data and information about how it is processed;
Right to Rectification (Art. 16) — to have inaccurate personal data corrected;
Right to Erasure ('Right to be Forgotten') (Art. 17) — to request deletion of your personal data where there is no compelling reason for continued processing;
Right to Restriction of Processing (Art. 18) — to request that we restrict processing of your data in certain circumstances;
Right to Data Portability (Art. 20) — to receive your personal data in a structured, commonly used, and machine-readable format;
Right to Object (Art. 21) — to object to processing based on legitimate interests or for direct marketing purposes;
Right to Withdraw Consent (Art. 7(3)) — where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal;
Right to Lodge a Complaint — with your local Data Protection Authority (supervisory authority). A list of EEA supervisory authorities is available at edpb.europa.eu. For the UK, contact the Information Commissioner's Office (ICO).

We will respond to all GDPR/UK GDPR requests within one month of receipt. In complex cases, we may extend this by a further two months, and we will inform you of any such extension.

7.3 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right to Know — to know what personal information we collect, use, disclose, and sell (we do not sell personal information);
Right to Delete — to request deletion of your personal information, subject to certain exceptions;
Right to Correct — to request correction of inaccurate personal information;
Right to Opt-Out of Sale/Sharing — we do not sell or share your personal information for cross-context behavioural advertising;
Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise your CCPA/CPRA rights, contact us at compliance@riga.net.au. We will verify your identity before processing your request and respond within 45 days.

Categories of personal information collected in the preceding 12 months: Identifiers (name, email), Internet activity (IP address, browsing data), and Commercial information (purchase history). We have not sold any personal information in the preceding 12 months.

8. Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it, including:

HTTPS/TLS encryption for all data in transit;
Verification codes expire after 10 minutes and are rate-limited to prevent brute-force attacks;
Payment processing handled by PCI DSS Level 1-compliant Stripe — we never see or store your card details;
Access controls and authentication for administrative systems;
Regular review of data handling practices.

While we take reasonable steps to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8A. Public Website Data

This section explains how we handle data derived from scanning publicly accessible websites. This data is distinct from the personal information described elsewhere in this Privacy Policy.

Not Personal Information: Scan data — including domain names, AI visibility scores, grades, and industry classifications — relates to publicly accessible websites and organisations. It is not personal information as defined under the Privacy Act 1988 (Cth), GDPR, or CCPA/CPRA.
Domain Removal Requests: Website owners may request removal of their domain from our scanning database by contacting compliance@riga.net.au with the subject line "Domain Removal Request." We will process valid requests within 30 days.
Responsible Scanning: We take reasonable steps to ensure our scanning activities do not disrupt the normal operation of the websites we assess. Our scanning mimics standard web browser behaviour and respects robots.txt directives where applicable.
Data Accuracy: Scan results represent a point-in-time assessment. We do not guarantee the accuracy or completeness of scan data and encourage website owners to contact us if they believe their data is materially inaccurate.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at compliance@riga.net.au.

10. Third-Party Links

Our Service may contain links to third-party websites (e.g., Stripe checkout). We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page;
Post a notice on the Service where appropriate;
Where required by law, notify you by email.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

12. How to Contact Us

Privacy Officer / Data Protection Contact
Risk Intelligence Group Australia Pty Ltd
ABN: 16 152 025 486
PO Box 616, Springwood QLD 4127, Australia
Email: compliance@riga.net.au

For privacy-related inquiries, complaints, or data access/deletion requests, please email compliance@riga.net.au with the subject line "Privacy Request" and include sufficient information to verify your identity and describe your request.