Privacy Policy

Last updated: 2026-05-03

This Privacy Policy describes how AEO Audit ("we", "us") collects, uses and shares information when you use our service to audit how Large Language Models reference your brand.

1. Data we collect

  • Account email — submitted when you request a free audit, register for a paid account, or subscribe to weekly tracking. Required to deliver the requested report.
  • Brand domains and prompts — the domain you submit and any prompts generated for the audit run. Stored to render the report and to compute week-over-week deltas for tracking subscriptions.
  • Source IP address — collected for free-audit and authentication rate limiting (1 free audit per IP per day, login/register throttling). Stored only in transient counters and masked in logs.
  • Billing information — payment processing is handled by Stripe; we never store full card numbers. We retain Stripe customer and subscription identifiers only.
  • LLM responses — raw and analysed responses returned by Anthropic, OpenAI and Perplexity for your audits. Stored to render reports and PDF exports.

2. How we use the data

  • To run audits and deliver visibility / sentiment / gap reports to you.
  • To send weekly tracking reports by email if you have an active subscription.
  • To enforce abuse limits on the free tier and authentication endpoints.
  • To bill recurring or one-time charges via Stripe.

3. Third-party processors

  • Anthropic, OpenAI, Perplexity — receive the audit prompts to generate model responses. They do not receive your email.
  • Stripe — processes payments and stores card data on our behalf.
  • Resend — delivers transactional emails (free-audit results, deep audit ready, weekly reports).
  • Supabase — managed Postgres and authentication. All user data is protected by Row Level Security.
  • Cloudflare Turnstile — anti-abuse challenge on the free-audit form.
  • Vercel — hosting and edge runtime for the application.

4. Cookies

We use a single session cookie issued by Supabase Auth to keep you signed in. We do not use marketing or third-party analytics cookies.

5. Data retention

  • Free audits and their reports are retained indefinitely under your access link.
  • Authenticated audits remain available while your account exists.
  • Rate-limit counters are pruned on a rolling 15-minute / 24-hour window basis.

6. Your rights

You may request export or deletion of your data, or correction of inaccurate data, by contacting us at the address below. We will respond within 30 days.

7. Security

Data is transmitted over TLS, stored in encrypted Supabase Postgres, and segregated per user via Row Level Security policies. Service-role access is restricted to Stripe webhook handlers and Vercel Cron jobs only.

8. Changes to this policy

We may update this Privacy Policy. The "Last updated" date at the top will reflect the revision date. Material changes will be communicated to active subscribers by email.

9. Contact

Questions or data requests: ruslan.griban@gmail.com.