MyAEO
MyAEO
Back to home
Legal

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy explains how MyAEO(“MyAEO,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you visit myaeo.appor use the MyAEO web application and APIs (collectively, the “Service”). By using the Service you agree to the practices described in this policy.

If you do not agree with this policy, please do not use the Service. Capitalised terms not defined here have the meanings given in our Terms of Service.

1. Information we collect

1.1 Information you provide

  • Account information. When you create an account we collect your email address and a password. Passwords are hashed by our authentication provider; we never see your plain-text password.
  • Brand and prompt content. Information you enter about your brand (name, website, descriptions, aliases, competitors) and the prompts you create or generate.
  • Scan inputs and outputs. The prompts that are sent to AI models on your behalf and the responses returned, including mention and citation flags we extract from those responses.
  • Connections and credentials. If you connect a WordPress site, webhook, or third-party API key (such as your own OpenRouter key), we store the credentials you provide. Sensitive credentials are stored encrypted at rest.
  • Support and communications. Messages you send us through chat, in-app support, or community channels.

1.2 Information collected automatically

  • Usage data. Pages viewed, features used, requests made to our APIs, error logs, IP address, browser type, device type, referring URL, and timestamps.
  • Cookies and similar technologies. Strictly necessary cookies for authentication and session management, plus first-party analytics cookies used to understand product usage. We do not sell cookie data.

1.3 Information from third parties

  • Payment data. Payments are processed by Stripe. Stripe shares limited information with us such as the last four digits of your card, brand, expiration date, billing country, and a customer/payment-method identifier. We do not receive or store full card numbers.
  • Auth providers. If you sign in with a third-party identity provider, we receive the basic profile fields you authorise (typically email and a unique identifier).

2. How we use information

We use the information described above to:

  • Provide, operate, and maintain the Service;
  • Run scans on your behalf — sending your prompts to third-party AI providers and storing their responses against your account;
  • Authenticate you and protect the security of your account;
  • Process payments, manage subscriptions, send invoices and receipts;
  • Provide customer support, respond to enquiries, and notify you of material changes to the Service;
  • Monitor usage, debug errors, and improve product performance and reliability;
  • Detect, investigate, and prevent fraudulent or abusive activity and violations of our Terms;
  • Comply with applicable law and enforce our agreements.

3. Legal bases for processing (EEA / UK users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases: (a) performance of a contract with you; (b) our legitimate interests in operating, securing, and improving the Service, where those interests are not overridden by your rights; (c) your consent, where we ask for it; and (d) compliance with legal obligations.

4. How we share information

We do not sell your personal information. We share information only as described below.

4.1 Sub-processors and infrastructure providers

We use trusted third-party service providers to run the Service. These providers process information on our behalf under written agreements and only as necessary to provide their services. Current categories and key sub-processors include:

  • Hosting and database: Supabase (auth, Postgres database, edge functions), Vercel and/or Netlify (web hosting and serverless functions).
  • Payments: Stripe (payment processing, billing, fraud prevention).
  • AI model access: OpenRouter, OpenAI, Anthropic, Google, Perplexity, xAI, DeepSeek, Moonshot, and similar AI model providers. The prompts you submit and your brand context are sent to these providers to generate responses.
  • Web extraction: Firecrawl and similar services used to fetch publicly available competitor pages when you initiate a scan or rewrite.
  • Analytics: first-party product analytics used to understand feature usage and diagnose errors.

4.2 Compliance, safety, and legal

We may disclose information if we reasonably believe it is required by law, legal process, or government request; to protect the rights, property, or safety of MyAEO, our users, or the public; or to enforce our Terms.

4.3 Business transfers

If MyAEO is involved in a merger, acquisition, financing, or sale of all or part of its assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information.

4.4 With your direction

If you connect a WordPress site, webhook, or other integration, we share information with that destination at your direction.

5. AI providers and your prompts

To produce scan results, we send your prompts and brand context to third-party AI model providers. Each provider applies its own data practices. We choose providers that, by default, do not train their public models on API traffic, but we cannot guarantee a specific provider's practices. Do not include sensitive personal, financial, health, or confidential information in prompts.

6. Data retention

We retain account information, brand data, prompts, scan results, and rewritten posts for as long as your account is active or as needed to provide the Service. You can delete individual scans, prompts, or posts at any time, and you can permanently delete your entire account and associated data from Settings. After account deletion we may retain limited information as required by law (for example tax and payment records) or to resolve disputes and enforce our agreements.

7. Security

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS), encryption at rest for sensitive credentials, role-based access controls, and database row-level security so that one user cannot read another user's data. No method of transmission or storage is fully secure; we cannot guarantee absolute security.

8. International data transfers

Information may be processed in countries other than the country in which you reside. Where required, we rely on appropriate transfer mechanisms (such as the European Commission's standard contractual clauses) to safeguard your information when it leaves your region.

9. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Delete your information (right to be forgotten);
  • Receive your information in a portable format;
  • Restrict or object to certain processing;
  • Withdraw consent where processing is based on consent.

Most of these rights can be exercised directly from Settings (export and delete). For other requests, contact us using the methods in Section 13. We will respond within the period required by applicable law.

If you are a California resident, you also have rights under the CCPA / CPRA, including the right to know, delete, and limit the use of sensitive personal information, and to not be discriminated against for exercising those rights. We do not sell or “share” personal information for cross-context behavioural advertising.

10. Children's privacy

The Service is not directed to children under 16 and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Third-party links

The Service may link to websites or services we do not operate. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with information.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If changes are material, we will provide additional notice (such as an in-product banner or email). Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact us

If you have questions about this Privacy Policy or our data practices, you can reach us through the MyAEO Telegram group.

© 2026 MyAEO. All rights reserved.