Sapian Metrics

Privacy Policy

Last updated: 10 April 2026

1. Who we are

Sapian Metrics is a product of Nomad Inno Ltd, a company registered in Malta (VAT MT28864335). Our registered office is at Northlink Business Centre, Level 2, Burmarrad Road, Naxxar NXR6345, Malta.

For all privacy-related enquiries you can reach us at hello-bongu@nomadinno.com.

2. Data we collect

We collect only the data strictly necessary to provide and improve the Service:

  • Account information: name, email address, company name, and billing details when you register or subscribe.
  • Audit request data: website URL, brand name, business type, and email address submitted through the Free GEO Audit form.
  • Usage data: pages visited, features used, timestamps, and device/browser type, collected via analytics cookies (with your consent).
  • AI engine query data: the prompts, URLs, and brand names you configure inside the platform to track visibility.
  • Payment data: processed by our third-party payment provider. We never store your full credit card number on our servers.

3. How we use your data

We use the data we collect to:

  • Provide, operate, and maintain the Sapian Metrics platform and its features.
  • Generate audit reports and visibility tracking dashboards.
  • Process payments and manage your subscription.
  • Communicate with you about your account, product updates, or support requests.
  • Improve the Service through aggregated, anonymised usage analysis.

4. Legal basis for processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contract performance: processing is necessary to deliver the service you signed up for.
  • Legitimate interest: we may process data for product improvement, fraud prevention, and security, provided these interests do not override your fundamental rights.
  • Consent: where required (e.g. marketing emails, analytics cookies), we obtain your explicit consent and you may withdraw it at any time.

5. Data sharing and third parties

We do not sell, rent, or trade your personal data. We do not use your data to train AI models. Your prompts and brand data are sent to third-party AI providers solely for the purpose of generating the requested analysis or content. We may share data only with:

  • Infrastructure and hosting providers: Supabase (database, auth, storage, EU-hosted) and Vercel (hosting, serverless functions).
  • Payment processor: Stripe, to handle billing securely. We never store your full card number.
  • AI providers: Mistral AI (EU-based, Paris) and Anthropic Claude (US, covered by SCCs), to process prompts and generate analysis.

All third-party sub-processors are bound by Data Processing Agreements (DPAs) compliant with GDPR. We do not share data with any analytics or advertising platforms. We do not collect personal data of your website visitors, we do not profile individuals, and all monitoring is about brands and companies, not people.

6. Data retention

We retain your personal data only as long as necessary for the purposes described in this policy. Account data is kept for the duration of your subscription and deleted within 90 days of account closure, unless we are required by law to retain it longer (e.g. for tax or accounting purposes).

7. Your rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data ("right to be forgotten").
  • Restrict or object to certain data processing.
  • Request data portability in a machine-readable format.
  • Lodge a complaint with the Malta Information and Data Protection Commissioner (IDPC) or your local supervisory authority.

To exercise any of these rights, email us at hello-bongu@nomadinno.com.

8. Cookies

We use only strictly necessary cookies: authentication session cookies (Supabase, sb-access-token and sb-refresh-token) and a functional locale preference cookie (sm_locale_seen, 1-year duration). We currently do not use any analytics, advertising, or third-party tracking cookies. If we introduce non-essential cookies in the future, we will obtain your explicit consent before setting them.

9. EU AI Act compliance

Sapian Metrics uses AI technologies provided by third parties (Mistral AI, Anthropic Claude, and others) to query publicly available AI engines and analyse responses for brand visibility metrics. Under the EU AI Act (Regulation 2024/1689), we are classified as an AI deployer (Article 3(4)), not a provider: we do not train, fine-tune, or distribute AI models. Our use case is classified as minimal-risk (not in Annex III high-risk categories). We do not perform profiling, biometric identification, social scoring, or any high-risk AI processing. AI-generated outputs (markdown, analysis, prompt suggestions) are clearly labelled in the platform interface and should always be reviewed by a qualified human before publication or business use.

10. International data transfers

Your data is primarily stored and processed within the European Economic Area (EEA) via Supabase (AWS eu-central-1, Frankfurt) and Mistral AI (Paris). Where data is transferred outside the EEA (e.g. to Anthropic in the US, or Vercel for serverless compute), we ensure appropriate safeguards are in place via Standard Contractual Clauses (SCCs) approved by the European Commission, as included in each provider's DPA. Israel (Bright Data) benefits from an EU adequacy decision.

11. Children's privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice on our website. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact us

If you have any questions about this Privacy Policy, your data, or our privacy practices, please contact us at: hello-bongu@nomadinno.com — Nomad Inno Ltd, Northlink Business Centre, Level 2, Burmarrad Road, Naxxar NXR6345, Malta.