Privacy Policy
Last updated: 17 June 2026
This Privacy Policy explains how Baseline Labs ("Baseline Labs", "we", "us", or "our") collects, uses, shares, and protects personal data when you visit baselinelabs.ai and markupschema.com (the "Sites") or use our products and APIs (the "Services"). It also describes the rights you have over your personal data and how to exercise them.
This document is provided for transparency and is pending final legal review. If anything here conflicts with a signed agreement between us, that agreement prevails.
1. Who we are
Baseline Labs provides generative-engine-optimisation (GEO) and structured-data tools that help businesses understand and improve how AI models and search engines represent them. For the purposes of the General Data Protection Regulation (GDPR) and the UK GDPR, Baseline Labs is the data controller for personal data processed through the Services. You can reach us at hello@baselinelabs.co.
2. The data we collect
Information you provide
- Account data — your name, email address, and password (stored only as a salted hash) when you register.
- Billing data — your subscription tier and the payment metadata returned by our payment processor. We never see or store full card numbers; card details are handled directly by Stripe.
- Content you submit — the domains, URLs, keywords, brand names, and project configurations you enter to run audits and reports.
- Support communications — the contents of messages you send us by email or through contact forms.
Information we collect automatically
- Usage and device data — pages viewed, actions taken, approximate location derived from IP address, browser and device type, and referring URLs.
- Analytics — we use self-hosted, cookieless Umami analytics and Google Analytics 4 to understand aggregate usage. See "Cookies and analytics" below.
- Logs — request logs and error logs that help us operate the Services securely and diagnose problems.
3. How we use your data
- To provide, maintain, and improve the Services and run the audits you request.
- To create and administer your account and process your subscription.
- To communicate with you about your account, security, service changes, and (where you have opted in) product updates.
- To monitor, secure, and troubleshoot the Services and prevent abuse.
- To comply with our legal obligations.
4. Legal bases for processing
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Providing the Services and your account | Performance of a contract |
| Billing and fraud prevention | Performance of a contract; legitimate interests |
| Security, logging, and service improvement | Legitimate interests |
| Non-essential analytics and marketing | Consent (where required) |
| Meeting legal and tax obligations | Legal obligation |
5. Cookies and analytics
Umami is privacy-first and cookieless: it does not track you across sites and collects only aggregate, anonymised usage data. Google Analytics 4 may set cookies on your device. You can control cookies through your browser settings, and where consent is legally required we will only set non-essential cookies on that basis. Essential cookies (for example, your login session) are necessary for the Services to function.
6. Sharing and sub-processors
We do not sell your personal data. We share it only with service providers who process it on our behalf under contract, including:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing |
| Mailgun | Transactional and account email |
| Google Analytics | Aggregate usage analytics |
| Cloudflare | DNS, CDN, TLS, and object storage (R2) |
| DataForSEO & OpenRouter | Search and AI-model queries used to run audits |
We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety, and property of Baseline Labs, our users, or others.
7. International transfers
Our infrastructure is hosted in the European Union. Where data is transferred to a provider outside your jurisdiction, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
8. Data retention
We keep personal data for as long as your account is active and as needed to provide the Services. Audit results and project data are retained until you delete them or close your account. We may retain certain records longer where required for legal, tax, security, or dispute-resolution purposes, after which the data is deleted or anonymised.
9. Your rights
Subject to applicable law, you have the right to access, correct, delete, or port your personal data; to restrict or object to certain processing; and to withdraw consent at any time. To exercise any of these rights, email hello@baselinelabs.co. You also have the right to lodge a complaint with your local data-protection authority.
10. Security
We use technical and organisational measures to protect personal data, including encryption in transit (HTTPS/TLS), hashed passwords, access controls, and network isolation between services. No method of transmission or storage is completely secure, but we work continuously to protect your data.
11. Children
The Services are not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by notifying you directly.
13. Contact us
Questions about this policy or your personal data? Email us at hello@baselinelabs.co.