Privacy Policy
Effective date: March 28, 2026
This Privacy Policy explains how Bonemeal (https://bonemeal.ai) collects, uses, and protects your information. By using the service, you agree to the practices described here.
What We Collect
Account information: Name, email address, and profile picture (if you sign in with Google OAuth).
Project data: Information you provide to configure tracking, including company names, website URLs, topics, and prompts.
Analytics data: AI search results generated on your behalf, including response text, citations, brand mentions, sentiment scores, and ranking positions.
Usage data: Pages visited, features used, timestamps, IP address, browser type, and device information, collected automatically through server logs.
Communications: Messages, feedback, or support requests you send to us.
How We Use Your Data
We use your data to:
- Provide and improve the service
- Generate analytics reports and visibility metrics
- Create aggregate, anonymized datasets for research and product development
- Authenticate your identity and secure your account
- Communicate with you about the service and updates
- Detect and prevent fraud or abuse
- Comply with legal obligations
We do not sell your personal data. We may use aggregated and anonymized data derived from service usage for business purposes such as benchmarking and product improvement.
Third-Party Services
We share data with service providers as needed to operate Bonemeal:
Google OAuth: Authentication data when you sign in with Google.
Supabase: Database hosting for your project and account data.
Cloudflare: Hosting and CDN. May collect IP addresses and request metadata.
We may also disclose your information to comply with legal obligations, respond to lawful requests, enforce our Terms of Service, or protect the rights and safety of Bonemeal and its users. In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
Google Analytics & Search Console Data
Bonemeal offers an optional integration with Google Analytics 4 (GA4) and Google Search Console (GSC). This connection is entirely opt-in — no Google analytics data is accessed unless you explicitly choose to connect your Google account through the Analytics page in the dashboard.
What we access: When you connect your Google account, we request read-only access to your Google Analytics and Search Console data. This includes website traffic metrics (sessions, users, pageviews), search performance data (queries, clicks, impressions, click-through rates, average position), traffic sources, device categories, and top pages. We do not request or obtain write access to your Google accounts.
How we use it: Google analytics data is used solely to display analytics dashboards within the Bonemeal application for the project you have connected. We do not use your Google data for advertising, profiling, or any purpose other than providing and improving the analytics features you have opted into.
Storage and security: We store an encrypted OAuth refresh token to maintain your connection without requiring repeated sign-ins. Refresh tokens are encrypted at rest using AES-256-GCM. API responses may be temporarily cached to improve performance and reduce API usage. We take reasonable steps to ensure cached data is removed after it is no longer needed.
No sharing: Your Google Analytics and Search Console data is never sold, shared with, or transferred to any third party. It is only accessible to members of the workspace that initiated the connection.
Disconnecting and deletion: You can disconnect your Google account at any time from the Analytics page. When you disconnect, we initiate revocation of the stored OAuth token and deletion of cached Google analytics data associated with that project. This process is designed to complete promptly, though timing may vary depending on system conditions.
Cookies
Bonemeal uses cookies to manage authentication sessions and remember preferences. We may also use analytics tools to understand how the service is used. You can disable cookies in your browser, but this may affect functionality.
Data Retention
We retain your data for as long as your account is active and for a reasonable period afterward for backup, legal compliance, and legitimate business purposes. Anonymized and aggregated data may be retained indefinitely. We may also retain specific data as required by law or to resolve disputes.
Your Rights
Where required by applicable law (such as GDPR or CCPA), you may have the right to access, correct, or delete your personal data. To make a request, contact us at support@bonemeal.ai. We will verify your identity and respond within the timeframes required by applicable law.
Security
We use commercially reasonable measures to protect your data, including encrypted connections (HTTPS), secure authentication, and access controls. However, no system is completely secure, and we cannot guarantee absolute security.
Children's Privacy
Bonemeal is not intended for individuals under 16. We do not knowingly collect personal information from children. If we learn that we have, we will take steps to delete it.
International Data Transfers
Your data may be stored and processed in countries other than your own. By using the service, you consent to the transfer of your data to these jurisdictions.
Changes to This Policy
We may update this Privacy Policy from time to time. We will make reasonable efforts to notify you of material changes. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.
Contact
If you have questions about this Privacy Policy, contact us at support@bonemeal.ai.