Lama Grow Suite
Log in

[ Legal ]

Privacy Policy

Last updated: May 28, 2026

This Privacy Policy explains how Lama Lama (“we”, “us”, “our”) collects, uses, stores, and shares personal data when you use Lama Grow Suite (“Grow Suite”, “the Service”) at geo.lamalama.nl and related services operated by us.

Lama Grow Suite is a generative engine optimization platform used by Lama Lama and its clients to audit websites, monitor search and AI visibility, and manage WordPress integrations. If you have questions about this policy, contact us at geo@lamalama.nl.

1. Who we are

Lama Lama
Nieuwe Teertuinen 23
1013 LV Amsterdam
The Netherlands
Website: lamalama.nl

2. Data we collect

2.1 Account and profile data

  • Name and email address
  • Password (stored as a one-way hash; we never store plain-text passwords)
  • Two-factor authentication settings, if enabled
  • Team membership, role, and invitation status
  • Profile and appearance preferences

2.2 Project and client data

  • Project names, domains, brand names, and configuration settings
  • Crawled page URLs, titles, meta data, and content excerpts used for audits
  • Audit results, scores, recommendations, and improvement plans
  • Tracked search queries, competitor domains, and visibility monitoring data
  • Client report settings and shared report access logs

2.3 Third-party integration data

When you connect external services, we store the data needed to operate those integrations:

  • WordPress: site URL, API credentials (encrypted), plugin version, and synced page data
  • Google Search Console & Google Business Profile: OAuth tokens (encrypted), connected Google account email, selected property or location identifiers, and synced performance or listing metadata
  • MCP (Model Context Protocol): OAuth tokens and authorization records when agency users connect AI development tools

2.4 Technical and usage data

  • IP address, browser type, device information, and request logs
  • Session identifiers and authentication events
  • Job queue activity, error reports, and performance diagnostics
  • API usage and cost tracking related to platform operations

3. How we use your data

We process personal data to:

  • Provide, maintain, and improve the Service
  • Run site crawls, GEO/SEO audits, and visibility monitoring
  • Sync data with connected WordPress sites and Google accounts at your direction
  • Generate reports, alerts, and improvement recommendations
  • Authenticate users, enforce team permissions, and prevent abuse
  • Send service-related communications (invitations, security notices, report delivery where enabled)
  • Comply with legal obligations and resolve disputes

We do not sell your personal data. We do not use project content to train public AI models.

4. Legal bases (EEA/UK users)

Where GDPR applies, we rely on:

  • Contract: to deliver the Service you or your organization requested
  • Legitimate interests: to secure the platform, prevent fraud, and improve functionality
  • Consent: where required for optional integrations or marketing communications
  • Legal obligation: where we must retain or disclose data by law

5. Third-party processors

We use trusted subprocessors to operate the Service, including providers for:

  • Cloud hosting and infrastructure
  • Email delivery
  • SEO and search data APIs (e.g. DataForSEO)
  • AI engine query APIs (e.g. OpenAI, Google Gemini, Anthropic Claude) for visibility monitoring
  • Google APIs (Search Console, Business Profile, OAuth)
  • Error monitoring and internal notifications

These providers process data only on our instructions and under appropriate contractual safeguards. When you connect Google accounts, Google’s own privacy policy also applies to data processed through their services.

6. Data retention

We retain personal data for as long as your account or team is active and as needed to provide the Service. Project data may be deleted when a project is removed. Integration tokens are deleted when you disconnect an integration. Cached third-party data (such as Search Console performance metrics) may be removed on disconnect or after a defined retention period. We may retain limited records longer where required for legal, security, or accounting purposes.

7. Security

We apply technical and organizational measures including encryption of sensitive credentials (API keys, OAuth tokens), access controls, team-based authorization, and audit logging. No method of transmission or storage is completely secure; please use strong passwords and enable two-factor authentication where available.

8. International transfers

Your data may be processed in the European Economic Area and in other countries where our subprocessors operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses for transfers outside the EEA.

9. Your rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal data
  • Restrict or object to certain processing
  • Data portability
  • Withdraw consent where processing is consent-based
  • Lodge a complaint with your local supervisory authority

To exercise these rights, email geo@lamalama.nl. We may need to verify your identity before responding.

10. Cookies and similar technologies

Grow Suite uses essential cookies and session storage to keep you signed in and to protect against cross-site request forgery. We do not use third-party advertising cookies on the platform. Marketing pages may use minimal analytics consistent with our website practices.

11. Children

Grow Suite is a business service not directed at children under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may be communicated through the Service or by email where appropriate.

13. Contact

Questions about this Privacy Policy or our data practices:
geo@lamalama.nl
Lama Lama, Nieuwe Teertuinen 23, 1013 LV Amsterdam, The Netherlands