Privacy Policy.

1. Who we are

Busca is operated by Dan Parker as a sole trader, based in the United Kingdom. In this Policy, "Busca", "we", and "us" refer to that operation. We are the data controller for the personal information described below. For all data protection enquiries, contact us at hello@busca.agency.

Busca is an agency that delivers AI search visibility services. Some of those services are self-serve digital products (the free and paid AI Search Audits). Others involve us doing implementation work on or for your business (Content optimization, Website optimization, Brand trust building, and Full Stack). The data we hold and how we use it depends on which services you have ordered.

2. What we collect

Information you give us

• Your name and email address when you sign up or order a service.
• A password (stored hashed, never in plain text).
• Your business or brand name, target geography, and competitors you list.
• The domain or URLs you ask us to audit or work on.
• Any access you grant us to your own third-party platforms (such as Google Search Console, Google Analytics, your CMS, or your hosting dashboard) when needed for the service you have ordered.
• Messages you send us via email or contact forms.

Information we collect automatically

• Standard log data such as IP address, browser type, device, pages viewed, and timestamps.
• Cookies and similar technologies for sign-in sessions and analytics. See "Cookies and analytics" below.

Information we collect about your domain

When you ask us to run an audit or deliver a service, we crawl the domain you provide and query third-party AI engines and search data services about your brand. We store the results, scores, and any extracted page content needed to produce your report or deliver your service.

Engagement working materials

When you order an implementation service, we may produce working materials (drafts of optimised page content, internal scoring spreadsheets, schema markup, technical change lists) as part of the engagement. These are kept for the duration of the engagement plus a short cooling-off period for revisions, then deleted.

Payment information

Card payments are handled by Stripe directly on the checkout page. We never see or store your full card number. We retain a transaction reference, the amount, the product purchased, and the date.

3. How we use your information

• To run your audit and deliver your report or service.
• To create and manage your account and let you sign in.
• To take payment, send receipts, and meet our tax and accounting obligations.
• To send you transactional emails (audit ready, report delivered, service updates, billing) and, if you opt in, occasional product updates.
• To respond to your questions and provide support.
• To monitor, secure, and improve our own service, in line with the rest of this Policy.

We do not sell or rent your personal information. We do not share it for behavioural advertising.

4. AI models and your data

We do not train AI on your data. We do not use your audit data, your reports, the working materials we produce for you, or any content scraped from your domain to train AI models. Where the AI service providers we work with offer enterprise zero-retention or no-training configurations, we use them.

What gets sent to AI service providers. When you run an audit or order a service that involves AI, we send queries about your brand and excerpts of your scraped page content to third-party AI service providers in order to generate the report or deliverable. Those providers process that data under their own privacy terms and our contractual no-training requirements.

AI outputs change over time. The mentions, citations, rankings, and answers we show in your report reflect what the AI engines returned at the time of the audit. The same query a week later may return different results. That volatility is inherent to how generative AI works and is not a defect.

We may change AI service providers. The AI market is moving quickly, and we may change which providers we use over time. The categories described in this Policy and the protections we commit to continue to apply.

5. Who we share data with

We work with categories of third-party service providers to run Busca. Each handles only the data needed for the job described. We name specific providers below where the visitor encounters them directly (the payment processor at checkout and the analytics tools that run on the site).

Named sub-processor list available on request. A current list of the specific vendors we use within each category is available to business customers and during procurement reviews under a non-disclosure agreement. Email hello@busca.agency.

We may also share information when required by law, to enforce our terms, or to protect Busca, our users, or the public.

6. Cookies and analytics

We use a small set of essential cookies for sign-in and session management. We use the following analytics tools to understand how the site is used and improve it:

• Google Analytics 4, for visit and event analytics. You can opt out at the browser level using Google's Analytics opt-out add-on.
• Google Search Console, which reports on how the site appears in Google Search. This is used in aggregate and does not track individual visitors across sessions.
• Zoho PageSense, for product analytics and heatmaps to understand which parts of the site are useful and which are not.

We do not use cookies for cross-site advertising and we do not build a profile of you across other sites.

7. Data retention

• Account data: kept while your account is active. If you ask us to delete your account, we will remove your personal information within 30 days, except where we need to keep it for legal, tax, or fraud-prevention reasons.
• Audit data and reports: kept for as long as your account is active so you can re-download them. Free-audit results are kept for up to 12 months.
• Engagement working materials: kept for the duration of the engagement plus 30 days for revisions, then deleted.
• Billing records: kept for at least 6 years to meet UK tax law.
• Logs: kept for up to 90 days for security and debugging.

8. International data transfers

Some of the third-party service providers we use are based outside the UK and the European Economic Area, mainly in the United States. When we transfer your personal information outside the UK or EEA, we rely on appropriate safeguards (such as the UK International Data Transfer Addendum and the EU Standard Contractual Clauses) to protect it.

9. Your rights

Depending on where you live, you have rights over your personal information. These usually include the right to:

• Ask for a copy of what we hold on you.
• Correct anything that is wrong.
• Ask us to delete your information.
• Object to or restrict how we use it.
• Take your information to another provider (data portability).
• Withdraw consent where we relied on consent to process it.

UK and EEA users have these rights under the UK GDPR and EU GDPR. California residents have rights under the CCPA / CPRA, including the right to know what we collect, the right to delete, and the right to opt out of any "sale" or "sharing" of personal information (we do not sell or share for advertising).

To exercise any right, email hello@busca.agency. We will respond within 30 days. If you are unhappy with how we handle your data, you can complain to your local supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).

10. Free audit specifics

The free AI Search Audit collects your email and the domain you provide, runs a small set of test queries, and emails you a short report. We follow up once after delivery. After that, you only hear from us if you opt in. You can ask us to delete your free-audit data at any time by emailing hello@busca.agency.

11. Service engagements and access to your systems

When you order an implementation service, the work may require temporary access to systems you control: Google Search Console, Google Analytics, your CMS, your hosting or DNS dashboard, your schema setup, or similar.

• We use any access you grant us only for the engagement you ordered.
• We do not store credentials in plain text. Where possible we use OAuth or limited-scope service accounts rather than shared passwords.
• Access is revoked at the end of the engagement (or earlier if you ask). For repeating engagements (re-audits, ongoing retainers) access continues for the life of the engagement.
• We will tell you what access we need and why before requesting it.

12. Security

We use industry-standard measures to protect your data, including encryption in transit (HTTPS), hashed passwords, role-restricted database access, and audited third-party providers. No system is 100% secure, but we work hard to keep yours safe and we will notify you of any breach in line with the law.

13. Children

Busca is a tool for businesses. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has given us personal data, contact us and we will delete it.

14. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top will reflect the latest version. If we make a material change, we will notify you by email or with a clear notice on the site.

15. Contact us

Email hello@busca.agency for any privacy question, request, or complaint.

Questions? Get in touch.