AEO Content, Inc. ("we", "us", "our") operates aeocontent.ai and related services. This policy explains what data we collect, why we collect it, and how we protect it. We aim to be straightforward - no legalese walls.
What We Collect
When you request an audit
We collect your email address and the website URL you submit. We send a one-time verification code to your email to confirm it is yours. We use Cloudflare Turnstile to verify you are a human - this runs invisibly and does not track you across sites.
When you create a portal account
You log in with a one-time code sent to your email or phone number. We store your email, phone (if provided), and a session cookie (aeo_customer_session) that expires after 30 days. No passwords are stored.
When you use the API
API keys are created with SMS verification (a fresh code each time). We store a SHA-256 hash of your key - never the raw key itself. We log each API request: endpoint called, response time, status code, and your IP address. These logs are automatically deleted after 90 days.
When you make a purchase
Payments are processed by Stripe. We never see or store your full credit card number. Stripe provides us with a customer ID and basic transaction details (amount, date, plan). See Stripe's privacy policy for how they handle card data.
Emails we send
We use Resend to deliver verification codes, audit results, and welcome emails. Resend may collect basic delivery data (open/delivery status). We do not use email tracking pixels. See Resend's privacy policy.
What We Don't Collect
- No third-party analytics or advertising trackers (no Google Analytics, no Facebook Pixel)
- No cross-site tracking cookies
- No sale of your data to third parties - ever
- No browsing history or behavioral profiling
Cookies
We use a minimal number of cookies:
| Cookie | Purpose | Duration |
|---|---|---|
aeo_customer_session | Portal login session | 30 days |
cf_clearance | Cloudflare bot protection | Session |
We do not use advertising, analytics, or preference cookies.
How We Use Your Data
- Run your audit - we need your URL to audit it and your email to send results
- Authenticate you - email/phone OTP for portal access and API key creation
- Process payments - Stripe handles billing; we track which plan you are on
- Monitor API usage - rate limiting and usage reporting for API customers
- Send transactional emails - verification codes, audit results, account notifications
- Improve the product - aggregate, anonymized statistics (e.g., average audit scores by sector)
We do not send marketing emails unless you explicitly opt in (we currently have no marketing email program).
Data Retention
- Audit data - published audit reports remain available indefinitely as public content
- API usage logs - automatically deleted after 90 days
- Verification codes - expire after 10 minutes, deleted on use
- Rate limit logs - cleaned up automatically by scheduled maintenance
- Account data - retained while your account is active; deleted on request
Third-Party Services
We share data only with services needed to operate the platform:
- Supabase - database hosting (US region)
- Vercel - application hosting
- Stripe - payment processing
- Resend - transactional email delivery
- Twilio - SMS verification codes
- Cloudflare - bot protection (Turnstile) and CDN
Each provider processes data according to their own privacy policies. We do not sell, rent, or share your personal information with advertisers or data brokers.
Your Rights
You can:
- Access your data - email us and we will provide what we have on file
- Delete your data - request account deletion and we will remove your personal information
- Revoke API keys - instantly through the portal
- Correct inaccuracies - let us know and we will fix it
For any privacy request, email hello@aeocontent.ai. We respond within 30 days.
Security
- All data transmitted over HTTPS
- API keys stored as SHA-256 hashes (raw key never persisted)
- No passwords - we use one-time codes for all authentication
- Database access restricted by Row Level Security policies
- Cloudflare Turnstile + progressive rate limiting to prevent abuse
Children's Privacy
Our services are not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
Changes to This Policy
We may update this policy as we add features. Material changes will be noted with a new "Last updated" date at the top. Continued use of the service after changes constitutes acceptance.
Contact
Questions about this policy? Email hello@aeocontent.ai.
AEO Content, Inc.
436 North Main Street, 1088
Doylestown, PA 18901