01Who We Are
The AEO Collective ("Aeo," "we," "us") is an answer engine optimization studio. We provide visibility, citation, and content services for businesses appearing in AI-driven search engines. This policy applies to aeo-collective.com, our client dashboards, and any service we operate under the AEO Collective brand.
We collect what we need to run the business and nothing else. We don't sell your data. We don't feed it to third-party AI models. If you want a copy or want it deleted, write us and we'll do it.
02What We Collect
We collect information in three categories:
2.1 Information you give us
- Account data โ name, business name, email, billing address, password hash.
- Service inputs โ domains, target prompts, competitor lists, brand guidelines, briefs or assets you upload.
- Communications โ emails, support tickets, call notes, anything you send us via Slack or contact forms.
- Payment data โ handled by Stripe; we store only the last four digits, brand, and expiry of cards on file.
2.2 Information we collect automatically
- Device, browser, IP address, approximate location (country/region only).
- Pages viewed, referrers, session duration, basic interaction events.
- Performance and error telemetry from our dashboards.
2.3 Information we collect about your visibility
To deliver our services we run prompts against public AI search engines and parse public web pages, forums, and review sites that mention you or your competitors. This data is collected from public sources only โ we do not scrape behind logins or paywalls.
03How We Use It
- Deliver the services you signed up for.
- Generate visibility reports, dashboards, and recommendations.
- Send you transactional email (invoices, report deliveries, security alerts).
- Improve our internal tooling and detection of AI-engine ranking signals.
- Comply with legal obligations and prevent fraud.
We will only send you marketing email if you've opted in, and you can opt out from any such email in one click.
04Sharing & Vendors
We share the minimum necessary information with the following categories of vendors:
| Stripe | Payment processing. PCI-DSS Level 1. |
| AWS (us-east-1) | Application hosting and encrypted storage of client data. |
| Postmark | Transactional email delivery. |
| Plausible | Cookieless, aggregate-only analytics. |
| Notion | Internal content briefs and project tracking. No financial data. |
| OpenRouter | API access to AI engines for visibility tracking only. |
We do not sell, rent, or trade personal information. We may disclose information when legally compelled (subpoena, court order) and will notify you unless prohibited from doing so.
06AI & Model Training
Your data is not used to train any third-party AI model. We use AI engines for read-only visibility tracking; the prompts we send do not include client data.
When we use language models internally (drafting briefs, classifying citations, summarizing reports), we use API endpoints that have training-disabled by contract with the model provider. Inputs and outputs are retained only for the operational period required to deliver your service.
07Retention
- Active accounts: retained for the life of your engagement.
- Closed accounts: personal data deleted within 90 days of closure, except where retention is required for tax or legal reasons (typically 7 years for invoices).
- Visibility tracking history: retained for 24 months by default to support trend analysis. Configurable by you.
- Backups: retained for 30 days, encrypted at rest.
08Your Rights
Depending on where you live, you may have the right to:
- Access โ request a copy of the personal data we hold about you.
- Correct โ fix anything that's wrong.
- Delete โ ask us to remove your data, subject to legal retention rules.
- Port โ receive your data in a machine-readable format.
- Object โ refuse certain processing, including any direct marketing.
- Withdraw consent โ at any time, without affecting prior lawful processing.
To exercise any right, email privacy@aeo-collective.com. We respond within 30 days. We will not retaliate against anyone for exercising a privacy right.
California residents have additional rights under the CCPA/CPRA. EU/UK residents have rights under the GDPR/UK-GDPR. Contact us using the details above and we'll route accordingly.
09Security
We protect data with TLS 1.3 in transit, AES-256 at rest, role-based access control, mandatory MFA for all employees, and quarterly access reviews. We run external penetration tests annually and publish a redacted summary on request.
If we detect a breach affecting your data, we will notify you within 72 hours of confirmation, including what was affected and what we're doing about it.
10Children
Our services are intended for businesses and the people who run them. We do not knowingly collect data from anyone under 16. If you believe we have, contact us and we will delete it.
11Changes
If we make material changes to this policy, we'll email account holders at least 14 days before they take effect and post a notice on this page. Minor edits (typos, clarifications) are logged in the version history at the top of this document.
12Contact
For privacy questions, data requests, or anything else covered above:
| Company | The AEO Collective |
| Website | aeo-collective.com |
| privacy@aeo-collective.com | |
| Response time | Within 30 days; usually within 5 business days. |
Most people don't. If anything here is unclear or seems wrong, write to us โ we mean it.